CVE-2011-1498

Published

Last updated

NVD

https://nvd.nist.gov/vuln/detail/CVE-2011-1498

Severity

Unknown

Description

Apache HttpClient 4.x before 4.1.1 in Apache HttpComponents, when used with an authenticating proxy server, sends the Proxy-Authorization header to the origin server, which allows remote web servers to obtain sensitive information by logging this header.

References

https://images.chainguard.dev/security/CGA-24xq-4h7w-5qjg
https://github.com/advisories/GHSA-gw85-4gmf-m7rh
https://bugzilla.redhat.com/show_bug.cgi?id=709531
http://lists.fedoraproject.org/pipermail/package-announce/2011-June/061440.html
http://marc.info/?l=httpclient-users&m=129853896315461&w=2
http://marc.info/?l=httpclient-users&m=129856318011586&w=2
http://marc.info/?l=httpclient-users&m=129857589129183&w=2
http://marc.info/?l=httpclient-users&m=129858274406594&w=2
http://marc.info/?l=httpclient-users&m=129858299106950&w=2
http://openwall.com/lists/oss-security/2011/04/07/7
http://openwall.com/lists/oss-security/2011/04/08/1
http://securityreason.com/securityalert/8298
http://www.apache.org/dist/httpcomponents/httpclient/RELEASE_NOTES-4.1.x.txt
http://www.kb.cert.org/vuls/id/153049
http://www.securityfocus.com/bid/46974
https://issues.apache.org/jira/browse/HTTPCLIENT-1061

Affected packages

Advisories are based on vulnerability information provided by Grype from Anchore. Learn how Chainguard creates security advisories.

The trusted source for open source

Talk to an expert

Privacy

Terms

CVE-2011-1498

Severity

Description

References

Affected packages

The trusted source for open source

Product

Solutions

Customers

Resources

Company