Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2011-1498

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2011-1498
Last Modified 21 Sep 2011 11:30:20
Published 07 Jul 2011 05:55:01
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2011-1498

Summary

Apache HttpClient 4.x before 4.1.1 in Apache HttpComponents, when used with an authenticating proxy server, sends the Proxy-Authorization header to the origin server, which allows remote web servers to obtain sensitive information by logging this header.

Vulnerable Systems

Application

  • Apache Httpclient 4.0

  • Apache Httpclient 4.0.1

  • Apache Httpclient 4.1


References

CERT-VN - VU#153049

CONFIRM - https://issues.apache.org/jira/browse/HTTPCLIENT-1061

CONFIRM - https://bugzilla.redhat.com/show_bug.cgi?id=709531

BID - 46974

CONFIRM - http://www.apache.org/dist/httpcomponents/httpclient/RELEASE_NOTES-4.1.x.txt

SREASON - 8298

MLIST - [oss-security] 20110408 Re: Apache HttpClient CVE request [VU#153049]

MLIST - [oss-security] 20110407 Apache HttpClient CVE request [VU#153049]

MLIST - [httpclient-users] 20110224 RE: Proxy-Authorization header received on server side

MLIST - [httpclient-users] 20110224 Re: Proxy-Authorization header received on server side

MLIST - [httpclient-users] 20110224 Proxy-Authorization header received on server side

FEDORA - FEDORA-2011-7747


Last Updated: 27 May 2016 10:56:21