Apache HttpClient Vulnerability Exposes Sensitive Information via Proxy-Authorization Header
CVE-2011-1498

Currently unrated

Key Information:

Vendor: Apache
Status: Httpclient
Vendor: CVE Published:; 7 July 2011

What is CVE-2011-1498?

The Apache HttpClient prior to version 4.1.1 contains a vulnerability that reveals sensitive information to remote web servers. When used in conjunction with an authenticating proxy server, the HttpClient incorrectly sends the Proxy-Authorization header to the origin server. This behavior could allow attackers on the web server to log and capture the Proxy-Authorization header, leading to potential exposure of credentials or other sensitive data. It is crucial for users of affected versions to update to the latest release to mitigate this issue.

References

http://marc.info/?l=httpclient-users&m=129853896315461&w=2

mailing-listx_refsource_MLIST

http://openwall.com/lists/oss-security/2011/04/08/1

mailing-listx_refsource_MLIST

https://bugzilla.redhat.com/show_bug.cgi?id=709531

x_refsource_CONFIRM

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 7, 2011
Vulnerability Reserved
Mar 21, 2011