CVE-2011-1498
Published: 7 July 2011
Apache HttpClient 4.x before 4.1.1 in Apache HttpComponents, when used with an authenticating proxy server, sends the Proxy-Authorization header to the origin server, which allows remote web servers to obtain sensitive information by logging this header.
Priority
Status
Package | Release | Status |
---|---|---|
httpcomponents-client Launchpad, Ubuntu, Debian |
hardy |
Does not exist
|
lucid |
Does not exist
|
|
maverick |
Ignored
(end of life)
|
|
natty |
Ignored
(end of life)
|
|
oneiric |
Not vulnerable
(4.1.1-1)
|
|
precise |
Not vulnerable
(4.1.1-1)
|
|
quantal |
Not vulnerable
(4.1.1-1)
|
|
upstream |
Released
(4.1.1)
|