Vulnerability DatabaseCVE-2011-1498
Mend.io Vulnerability Database
The largest open source vulnerability database
What is a Vulnerability ID?
New vulnerability? Tell us about it!
CVE-2011-1498
July 07, 2011
Apache HttpClient 4.x before 4.1.1 in Apache HttpComponents, when used with an authenticating proxy server, sends the Proxy-Authorization header to the origin server, which allows remote web servers to obtain sensitive information by logging this header.
Affected Packages
org.apache.httpcomponents:httpclient (JAVA):
Affected version(s) >=4.0 <4.1.1
Fix Suggestion:
Update to version 4.1.1
Related ResourcesĀ (17)
http://www.apache.org/dist/httpcomponents/httpclient/RELEASE_NOTES-4.1.x.txt
http://marc.info/?l=httpclient-users&m=129856318011586&w=2
http://www.securityfocus.com/bid/46974
http://marc.info/?l=httpclient-users&m=129858299106950&w=2
http://securityreason.com/securityalert/8298
http://marc.info/?l=httpclient-users&m=129858274406594&w=2
https://bugzilla.redhat.com/show_bug.cgi?id=709531
http://marc.info/?l=httpclient-users&m=129857589129183&w=2
https://nvd.nist.gov/vuln/detail/CVE-2011-1498
http://www.kb.cert.org/vuls/id/153049
https://issues.apache.org/jira/browse/HTTPCLIENT-1061
http://openwall.com/lists/oss-security/2011/04/08/1
http://lists.fedoraproject.org/pipermail/package-announce/2011-June/061440.html
http://marc.info/?l=httpclient-users&m=129853896315461&w=2
https://github.com/apache/httpcomponents-client/commit/a572756592c969affd0ce87885724e74839176fb
https://github.com/apache/httpcomponents-client
http://openwall.com/lists/oss-security/2011/04/07/7
Do you need more information?
Contact Us
CVSS v4
Base Score:
6.3
Attack Vector
NETWORK
Attack Complexity
HIGH
Attack Requirements
NONE
Privileges Required
NONE
User Interaction
NONE
Vulnerable System Confidentiality
LOW
Vulnerable System Integrity
NONE
Vulnerable System Availability
NONE
Subsequent System Confidentiality
NONE
Subsequent System Integrity
NONE
Subsequent System Availability
NONE
CVSS v3
Base Score:
3.7
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
LOW
Integrity
NONE
Availability
NONE
CVSS v2
Base Score:
4.3
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
Weakness Type (CWE)
Exposure of Sensitive Information to an Unauthorized Actor
CWE-200
EPSS
Base Score:
3.63