CVE-2011-1498

Published: 7 July 2011

Apache HttpClient 4.x before 4.1.1 in Apache HttpComponents, when used with an authenticating proxy server, sends the Proxy-Authorization header to the origin server, which allows remote web servers to obtain sensitive information by logging this header.

Priority

Status

Package	Release	Status
httpcomponents-client Launchpad, Ubuntu, Debian	hardy	Does not exist
	lucid	Does not exist
	maverick	Ignored (end of life)
	natty	Ignored (end of life)
	oneiric	Not vulnerable (4.1.1-1)
	precise	Not vulnerable (4.1.1-1)
	quantal	Not vulnerable (4.1.1-1)
	upstream	Released (4.1.1)

References

http://seclists.org/oss-sec/2011/q2/188
https://www.cve.org/CVERecord?id=CVE-2011-1498
NVD
Launchpad
Debian

Bugs

https://bugzilla.redhat.com/show_bug.cgi?id=709531
https://issues.apache.org/jira/browse/HTTPCLIENT-1061
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=628727

Join the discussion

Ubuntu security updates mailing list
Security announcements mailing list

Canonical is offering Expanded Security Maintenance

Canonical is offering Ubuntu Expanded Security Maintenance (ESM) for security fixes and essential packages.

Find out more about ESM ›