Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS1ndzg1LTRnbWYtbTdyaM4AAf6t
Exposure of Sensitive Information to an Unauthorized Actor in Apache HttpClient
Apache HttpClient 4.x before 4.1.1 in Apache HttpComponents, when used with an authenticating proxy server, sends the Proxy-Authorization header to the origin server, which allows remote web servers to obtain sensitive information by logging this header.
Permalink: https://github.com/advisories/GHSA-gw85-4gmf-m7rhJSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1ndzg1LTRnbWYtbTdyaM4AAf6t
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: over 2 years ago
Updated: 7 months ago
Identifiers: GHSA-gw85-4gmf-m7rh, CVE-2011-1498
References:
- https://nvd.nist.gov/vuln/detail/CVE-2011-1498
- https://bugzilla.redhat.com/show_bug.cgi?id=709531
- https://issues.apache.org/jira/browse/HTTPCLIENT-1061
- http://lists.fedoraproject.org/pipermail/package-announce/2011-June/061440.html
- http://marc.info/?l=httpclient-users&m=129853896315461&w=2
- http://marc.info/?l=httpclient-users&m=129856318011586&w=2
- http://marc.info/?l=httpclient-users&m=129857589129183&w=2
- http://marc.info/?l=httpclient-users&m=129858274406594&w=2
- http://marc.info/?l=httpclient-users&m=129858299106950&w=2
- http://openwall.com/lists/oss-security/2011/04/07/7
- http://openwall.com/lists/oss-security/2011/04/08/1
- http://securityreason.com/securityalert/8298
- https://github.com/apache/httpcomponents-client/commit/a572756592c969affd0ce87885724e74839176fb
- https://github.com/advisories/GHSA-gw85-4gmf-m7rh
Blast Radius: 0.0
Affected Packages
maven:org.apache.httpcomponents:httpclient
Dependent packages: 11,971Dependent repositories: 142,784
Downloads:
Affected Version Ranges: >= 4.0.0, < 4.1.1
Fixed in: 4.1.1
All affected versions: 4.0.1, 4.0.2, 4.0.3
All unaffected versions: 4.1.1, 4.1.2, 4.1.3, 4.2.1, 4.2.2, 4.2.3, 4.2.4, 4.2.5, 4.2.6, 4.3.1, 4.3.2, 4.3.3, 4.3.4, 4.3.5, 4.3.6, 4.4.1, 4.5.1, 4.5.2, 4.5.3, 4.5.4, 4.5.5, 4.5.6, 4.5.7, 4.5.8, 4.5.9, 4.5.10, 4.5.11, 4.5.12, 4.5.13, 4.5.14