Missing critical step in authentication in Apache HttpClient 5.6 allows an attacker to cause the client to accept SCRAM-SHA-256 authentication without proper mutual authentication verification. Users are recommended to upgrade to version 5.6.1, which fixes this issue.
4.5.13-24.5.13-34.5.14-14.5.14-14.5.14-1build14.2.5-24.3.2-14.3.3-14.3.3-1ubuntu0.14.3.3-1ubuntu0.1+esm14.3.3-1ubuntu0.1+esm24.4.1-14.5.1-14.5.1-1ubuntu0.1~esm14.5.3-14.5.4-14.5.5-14.5.5-1ubuntu0.1~esm14.5.10-24.5.11-14.5.11-1ubuntu0.1~esm14.5.9-1Exploitability
AV:NAC:LPR:NUI:NScope
S:UImpact
C:LI:LA:LCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L