Candidate: CVE-2011-1498
PublicDate: 2011-07-07 21:55:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1498
 http://seclists.org/oss-sec/2011/q2/188
Description:
 Apache HttpClient 4.x before 4.1.1 in Apache HttpComponents, when used with
 an authenticating proxy server, sends the Proxy-Authorization header to the
 origin server, which allows remote web servers to obtain sensitive
 information by logging this header.
Ubuntu-Description:
Notes:
Bugs:
 https://bugzilla.redhat.com/show_bug.cgi?id=709531
 https://issues.apache.org/jira/browse/HTTPCLIENT-1061
 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=628727
Priority: medium
Discovered-by:
Assigned-to:
CVSS: 

Patches_httpcomponents-client:
upstream_httpcomponents-client: released (4.1.1)
hardy_httpcomponents-client: DNE
lucid_httpcomponents-client: DNE
maverick_httpcomponents-client: ignored (reached end-of-life)
natty_httpcomponents-client: ignored (reached end-of-life)
oneiric_httpcomponents-client: not-affected (4.1.1-1)
precise_httpcomponents-client: not-affected (4.1.1-1)
quantal_httpcomponents-client: not-affected (4.1.1-1)
devel_httpcomponents-client: not-affected (4.1.1-1)