CVE-2011-1498

Currently unrated

Key Information:

Vendor: Apache
Status: Httpclient
Vendor: CVE Published:; 7 July 2011

Summary

Apache HttpClient 4.x before 4.1.1 in Apache HttpComponents, when used with an authenticating proxy server, sends the Proxy-Authorization header to the origin server, which allows remote web servers to obtain sensitive information by logging this header.

References

http://marc.info/?l=httpclient-users&m=129853896315461&w=2

mailing-listx_refsource_MLIST

http://openwall.com/lists/oss-security/2011/04/08/1

mailing-listx_refsource_MLIST

https://bugzilla.redhat.com/show_bug.cgi?id=709531

x_refsource_CONFIRM

Timeline

Vulnerability published
Jul 7, 2011
Vulnerability Reserved
Mar 21, 2011