Apache · Apache Httpclient · CVE-2011-1498
**Name of the Vulnerable Software and Affected Versions**
Apache HttpClient versions 4.0 through 4.1.0
**Description**
The issue allows remote web servers to obtain sensitive information by logging the Proxy-Authorization header, which is sent to the origin server when Apache HttpClient is used with an authenticating proxy server.
**Recommendations**
For Apache HttpClient versions 4.0 through 4.1.0, update to version 4.1.1 or later to resolve the issue.