Back to search
CVE-2011-1498
Published: Jul 7, 2011
Modified: Aug 6, 2024
PUBLISHED
Description
Apache HttpClient 4.x before 4.1.1 in Apache HttpComponents, when used with an authenticating proxy server, sends the Proxy-Authorization header to the origin server, which allows remote web servers to obtain sensitive information by logging this header.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
[httpclient-users] 20110224 Proxy-Authorization header received on server side
mailing-list
x_refsource_MLIST
[oss-security] 20110408 Re: Apache HttpClient CVE request [VU#153049]
mailing-list
x_refsource_MLIST
https://bugzilla.redhat.com/show_bug.cgi?id=709531
x_refsource_CONFIRM
[httpclient-users] 20110224 Re: Proxy-Authorization header received on server side
mailing-list
x_refsource_MLIST
[httpclient-users] 20110224 RE: Proxy-Authorization header received on server side
mailing-list
x_refsource_MLIST
[oss-security] 20110407 Apache HttpClient CVE request [VU#153049]
mailing-list
x_refsource_MLIST
https://issues.apache.org/jira/browse/HTTPCLIENT-1061
x_refsource_CONFIRM
VU#153049
third-party-advisory
x_refsource_CERT-VN
46974
vdb-entry
x_refsource_BID
[httpclient-users] 20110224 Re: Proxy-Authorization header received on server side
mailing-list
x_refsource_MLIST
8298
third-party-advisory
x_refsource_SREASON
FEDORA-2011-7747
vendor-advisory
x_refsource_FEDORA
[httpclient-users] 20110224 RE: Proxy-Authorization header received on server side
mailing-list
x_refsource_MLIST
http://www.apache.org/dist/httpcomponents/httpclient/RELEASE_NOTES-4.1.x.txt
x_refsource_CONFIRM
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now