CVE-2011-1498

Exposure of Sensitive Information to an Unauthorized Actor in maven/org.apache.httpcomponents/httpclient

Identifiers

GHSA-gw85-4gmf-m7rh, CVE-2011-1498

Package Slug

maven/org.apache.httpcomponents/httpclient

Vulnerability

Exposure of Sensitive Information to an Unauthorized Actor

Description

Apache HttpClient 4.x before 4.1.1 in Apache HttpComponents, when used with an authenticating proxy server, sends the Proxy-Authorization header to the origin server, which allows remote web servers to obtain sensitive information by logging this header.

Affected Versions

All versions starting from 4.0.0 before 4.1.1

Solution

Upgrade to version 4.1.1 or above.

Last Modified

2022-07-25

source