CVE-2011-1498
published 2011-07-07CVE-2011-1498: Apache HttpClient 4.x before 4.1.1 in Apache HttpComponents, when used with an authenticating proxy server, sends the Proxy-Authorization header to the origin…
medium4.3CVSS 3.1
AVNACMAuNCPINAN
Apache HttpClient 4.x before 4.1.1 in Apache HttpComponents, when used with an authenticating proxy server, sends the Proxy-Authorization header to the origin server, which allows remote web servers to obtain sensitive information by logging this header.
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| apache | httpclient | — | — |
| apache | httpclient | — | — |
| apache | httpclient | — | — |
| debian | httpcomponents-client | < httpcomponents-client 4.1.1-1 (bookworm) | httpcomponents-client 4.1.1-1 (bookworm) |
CVSS provenance
nvd4.3MEDIUMAV:N/AC:M/Au:N/C:P/I:N/A:N
osv4.3MEDIUM