CVE - CVE-2011-1498

CVE-ID
CVE-2011-1498	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
Apache HttpClient 4.x before 4.1.1 in Apache HttpComponents, when used with an authenticating proxy server, sends the Proxy-Authorization header to the origin server, which allows remote web servers to obtain sensitive information by logging this header.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
BID:46974 URL:http://www.securityfocus.com/bid/46974 CERT-VN:VU#153049 URL:http://www.kb.cert.org/vuls/id/153049 CONFIRM:http://www.apache.org/dist/httpcomponents/httpclient/RELEASE_NOTES-4.1.x.txt CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=709531 CONFIRM:https://issues.apache.org/jira/browse/HTTPCLIENT-1061 FEDORA:FEDORA-2011-7747 URL:http://lists.fedoraproject.org/pipermail/package-announce/2011-June/061440.html MLIST:[httpclient-users] 20110224 Proxy-Authorization header received on server side URL:http://marc.info/?l=httpclient-users&m=129853896315461&w=2 MLIST:[httpclient-users] 20110224 RE: Proxy-Authorization header received on server side URL:http://marc.info/?l=httpclient-users&m=129857589129183&w=2 MLIST:[httpclient-users] 20110224 RE: Proxy-Authorization header received on server side URL:http://marc.info/?l=httpclient-users&m=129858299106950&w=2 MLIST:[httpclient-users] 20110224 Re: Proxy-Authorization header received on server side URL:http://marc.info/?l=httpclient-users&m=129856318011586&w=2 MLIST:[httpclient-users] 20110224 Re: Proxy-Authorization header received on server side URL:http://marc.info/?l=httpclient-users&m=129858274406594&w=2 MLIST:[oss-security] 20110407 Apache HttpClient CVE request [VU#153049] URL:http://openwall.com/lists/oss-security/2011/04/07/7 MLIST:[oss-security] 20110408 Re: Apache HttpClient CVE request [VU#153049] URL:http://openwall.com/lists/oss-security/2011/04/08/1 SREASON:8298 URL:http://securityreason.com/securityalert/8298
Assigning CNA
Red Hat, Inc.
Date Record Created
20110321	Disclaimer: The record creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20110321)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is a record on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: CVE Request Web Form (select "Other" from dropdown)