Information disclosure in Apache Httpclient
CVE-2011-1498
Apache HttpClient 4.x before 4.1.1 in Apache HttpComponents, when used with an authenticating proxy server, sends the Proxy-Authorization header to the origin server, which allows remote web servers to obtain sensitive information by loggi…
Vulnerability class: Information Disclosure
EPSS: 0.044 (89.2th percentile) — read the EPSS interpretation.
Affected products
- Apache Httpclient — versions 4.0, 4.0.1, 4.1
- N/a — versions n/a
Weakness classification (CWE)
References
- [httpclient-users] 20110224 Proxy-Authorization header received on server side (mailing-list, x_refsource_MLIST)
- [oss-security] 20110408 Re: Apache HttpClient CVE request [VU#153049] (mailing-list, x_refsource_MLIST)
- secalert@redhat.com (x_refsource_CONFIRM)
- [httpclient-users] 20110224 Re: Proxy-Authorization header received on server side (mailing-list, x_refsource_MLIST)
- [httpclient-users] 20110224 RE: Proxy-Authorization header received on server side (mailing-list, x_refsource_MLIST)
- [oss-security] 20110407 Apache HttpClient CVE request [VU#153049] (mailing-list, x_refsource_MLIST)
- secalert@redhat.com (x_refsource_CONFIRM)
- VU#153049 (x_refsource_CERT-VN, US Government Resource, third-party-advisory)
- 46974 (vdb-entry, x_refsource_BID)
- [httpclient-users] 20110224 Re: Proxy-Authorization header received on server side (mailing-list, x_refsource_MLIST)