CVE-2011-1498 – org.apache.httpcomponents:httpclient

Package

Manager: maven
Name: org.apache.httpcomponents:httpclient
Vulnerable Version: >=4.0.0 <4.1.1

Severity

Level: Medium

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

EPSS: 0.03674 pctl0.87444

Details

Exposure of Sensitive Information to an Unauthorized Actor in Apache HttpClient Apache HttpClient 4.x before 4.1.1 in Apache HttpComponents, when used with an authenticating proxy server, sends the Proxy-Authorization header to the origin server, which allows remote web servers to obtain sensitive information by logging this header.

Metadata

Created: 2022-05-17T05:39:03Z
Modified: 2024-03-05T19:07:38Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-gw85-4gmf-m7rh/GHSA-gw85-4gmf-m7rh.json
CWE IDs: ["CWE-200"]
Alternative ID: GHSA-gw85-4gmf-m7rh
Finding: F017
Auto approve: 1