PT-2011-3165 · Apache · Apache Httpclient

Dusan Onofer

Published

2011-07-07

Updated

2022-05-17

CVE-2011-1498

CVSS v2.0

4.3

Medium

Vector

AV:N/AC:M/Au:N/C:P/I:N/A:N

Name of the Vulnerable Software and Affected Versions Apache HttpClient versions 4.0 through 4.1.0

Description The issue allows remote web servers to obtain sensitive information by logging the Proxy-Authorization header, which is sent to the origin server when Apache HttpClient is used with an authenticating proxy server.

Recommendations For Apache HttpClient versions 4.0 through 4.1.0, update to version 4.1.1 or later to resolve the issue.

Fix

Information Disclosure

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-200

Related Identifiers

CVE-2011-1498

GHSA-GW85-4GMF-M7RH

Affected Products

Apache Httpclient

PT-2011-3165 · Apache · Apache Httpclient

CVE-2011-1498

Weakness Enumeration

Related Identifiers

Affected Products

References · 21