Vulnerability-Lookup

CVE-2011-1498 (GCVE-0-2011-1498)

Vulnerability from cvelistv5 – Published: 2011-07-07 21:00 – Updated: 2024-08-06 22:28

Summary

Apache HttpClient 4.x before 4.1.1 in Apache HttpComponents, when used with an authenticating proxy server, sends the Proxy-Authorization header to the origin server, which allows remote web servers to obtain sensitive information by logging this header.

Severity ?

No CVSS data available.

CWE

Assigner

redhat

References

URL

Tags

	http://marc.info/?l=httpclient-users&m=1298538963…	mailing-listx_refsource_MLIST
	http://openwall.com/lists/oss-security/2011/04/08/1	mailing-listx_refsource_MLIST
	https://bugzilla.redhat.com/show_bug.cgi?id=709531	x_refsource_CONFIRM
	http://marc.info/?l=httpclient-users&m=1298563180…	mailing-listx_refsource_MLIST
	http://marc.info/?l=httpclient-users&m=1298575891…	mailing-listx_refsource_MLIST
	http://openwall.com/lists/oss-security/2011/04/07/7	mailing-listx_refsource_MLIST
	https://issues.apache.org/jira/browse/HTTPCLIENT-1061	x_refsource_CONFIRM
	http://www.kb.cert.org/vuls/id/153049	third-party-advisoryx_refsource_CERT-VN
	http://www.securityfocus.com/bid/46974	vdb-entryx_refsource_BID
	http://marc.info/?l=httpclient-users&m=1298582744…	mailing-listx_refsource_MLIST
	http://securityreason.com/securityalert/8298	third-party-advisoryx_refsource_SREASON
	http://lists.fedoraproject.org/pipermail/package-…	vendor-advisoryx_refsource_FEDORA
	http://marc.info/?l=httpclient-users&m=1298582991…	mailing-listx_refsource_MLIST
	http://www.apache.org/dist/httpcomponents/httpcli…	x_refsource_CONFIRM

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T22:28:41.803Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "[httpclient-users] 20110224 Proxy-Authorization header received on server side",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=httpclient-users\u0026m=129853896315461\u0026w=2"
          },
          {
            "name": "[oss-security] 20110408 Re: Apache HttpClient CVE request  [VU#153049]",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://openwall.com/lists/oss-security/2011/04/08/1"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=709531"
          },
          {
            "name": "[httpclient-users] 20110224 Re: Proxy-Authorization header received on server side",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=httpclient-users\u0026m=129856318011586\u0026w=2"
          },
          {
            "name": "[httpclient-users] 20110224 RE: Proxy-Authorization header received on server side",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=httpclient-users\u0026m=129857589129183\u0026w=2"
          },
          {
            "name": "[oss-security] 20110407 Apache HttpClient CVE request  [VU#153049]",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://openwall.com/lists/oss-security/2011/04/07/7"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://issues.apache.org/jira/browse/HTTPCLIENT-1061"
          },
          {
            "name": "VU#153049",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT-VN",
              "x_transferred"
            ],
            "url": "http://www.kb.cert.org/vuls/id/153049"
          },
          {
            "name": "46974",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/46974"
          },
          {
            "name": "[httpclient-users] 20110224 Re: Proxy-Authorization header received on server side",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=httpclient-users\u0026m=129858274406594\u0026w=2"
          },
          {
            "name": "8298",
            "tags": [
              "third-party-advisory",
              "x_refsource_SREASON",
              "x_transferred"
            ],
            "url": "http://securityreason.com/securityalert/8298"
          },
          {
            "name": "FEDORA-2011-7747",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-June/061440.html"
          },
          {
            "name": "[httpclient-users] 20110224 RE: Proxy-Authorization header received on server side",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=httpclient-users\u0026m=129858299106950\u0026w=2"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.apache.org/dist/httpcomponents/httpclient/RELEASE_NOTES-4.1.x.txt"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2011-02-24T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Apache HttpClient 4.x before 4.1.1 in Apache HttpComponents, when used with an authenticating proxy server, sends the Proxy-Authorization header to the origin server, which allows remote web servers to obtain sensitive information by logging this header."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2011-09-22T09:00:00.000Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "[httpclient-users] 20110224 Proxy-Authorization header received on server side",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://marc.info/?l=httpclient-users\u0026m=129853896315461\u0026w=2"
        },
        {
          "name": "[oss-security] 20110408 Re: Apache HttpClient CVE request  [VU#153049]",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://openwall.com/lists/oss-security/2011/04/08/1"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=709531"
        },
        {
          "name": "[httpclient-users] 20110224 Re: Proxy-Authorization header received on server side",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://marc.info/?l=httpclient-users\u0026m=129856318011586\u0026w=2"
        },
        {
          "name": "[httpclient-users] 20110224 RE: Proxy-Authorization header received on server side",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://marc.info/?l=httpclient-users\u0026m=129857589129183\u0026w=2"
        },
        {
          "name": "[oss-security] 20110407 Apache HttpClient CVE request  [VU#153049]",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://openwall.com/lists/oss-security/2011/04/07/7"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://issues.apache.org/jira/browse/HTTPCLIENT-1061"
        },
        {
          "name": "VU#153049",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT-VN"
          ],
          "url": "http://www.kb.cert.org/vuls/id/153049"
        },
        {
          "name": "46974",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/46974"
        },
        {
          "name": "[httpclient-users] 20110224 Re: Proxy-Authorization header received on server side",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://marc.info/?l=httpclient-users\u0026m=129858274406594\u0026w=2"
        },
        {
          "name": "8298",
          "tags": [
            "third-party-advisory",
            "x_refsource_SREASON"
          ],
          "url": "http://securityreason.com/securityalert/8298"
        },
        {
          "name": "FEDORA-2011-7747",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-June/061440.html"
        },
        {
          "name": "[httpclient-users] 20110224 RE: Proxy-Authorization header received on server side",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://marc.info/?l=httpclient-users\u0026m=129858299106950\u0026w=2"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.apache.org/dist/httpcomponents/httpclient/RELEASE_NOTES-4.1.x.txt"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert@redhat.com",
          "ID": "CVE-2011-1498",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Apache HttpClient 4.x before 4.1.1 in Apache HttpComponents, when used with an authenticating proxy server, sends the Proxy-Authorization header to the origin server, which allows remote web servers to obtain sensitive information by logging this header."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "[httpclient-users] 20110224 Proxy-Authorization header received on server side",
              "refsource": "MLIST",
              "url": "http://marc.info/?l=httpclient-users\u0026m=129853896315461\u0026w=2"
            },
            {
              "name": "[oss-security] 20110408 Re: Apache HttpClient CVE request  [VU#153049]",
              "refsource": "MLIST",
              "url": "http://openwall.com/lists/oss-security/2011/04/08/1"
            },
            {
              "name": "https://bugzilla.redhat.com/show_bug.cgi?id=709531",
              "refsource": "CONFIRM",
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=709531"
            },
            {
              "name": "[httpclient-users] 20110224 Re: Proxy-Authorization header received on server side",
              "refsource": "MLIST",
              "url": "http://marc.info/?l=httpclient-users\u0026m=129856318011586\u0026w=2"
            },
            {
              "name": "[httpclient-users] 20110224 RE: Proxy-Authorization header received on server side",
              "refsource": "MLIST",
              "url": "http://marc.info/?l=httpclient-users\u0026m=129857589129183\u0026w=2"
            },
            {
              "name": "[oss-security] 20110407 Apache HttpClient CVE request  [VU#153049]",
              "refsource": "MLIST",
              "url": "http://openwall.com/lists/oss-security/2011/04/07/7"
            },
            {
              "name": "https://issues.apache.org/jira/browse/HTTPCLIENT-1061",
              "refsource": "CONFIRM",
              "url": "https://issues.apache.org/jira/browse/HTTPCLIENT-1061"
            },
            {
              "name": "VU#153049",
              "refsource": "CERT-VN",
              "url": "http://www.kb.cert.org/vuls/id/153049"
            },
            {
              "name": "46974",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/46974"
            },
            {
              "name": "[httpclient-users] 20110224 Re: Proxy-Authorization header received on server side",
              "refsource": "MLIST",
              "url": "http://marc.info/?l=httpclient-users\u0026m=129858274406594\u0026w=2"
            },
            {
              "name": "8298",
              "refsource": "SREASON",
              "url": "http://securityreason.com/securityalert/8298"
            },
            {
              "name": "FEDORA-2011-7747",
              "refsource": "FEDORA",
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-June/061440.html"
            },
            {
              "name": "[httpclient-users] 20110224 RE: Proxy-Authorization header received on server side",
              "refsource": "MLIST",
              "url": "http://marc.info/?l=httpclient-users\u0026m=129858299106950\u0026w=2"
            },
            {
              "name": "http://www.apache.org/dist/httpcomponents/httpclient/RELEASE_NOTES-4.1.x.txt",
              "refsource": "CONFIRM",
              "url": "http://www.apache.org/dist/httpcomponents/httpclient/RELEASE_NOTES-4.1.x.txt"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2011-1498",
    "datePublished": "2011-07-07T21:00:00.000Z",
    "dateReserved": "2011-03-21T00:00:00.000Z",
    "dateUpdated": "2024-08-06T22:28:41.803Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

GSD-2011-1498

Vulnerability from gsd - Updated: 2023-12-13 01:19

Details

Aliases

CVE-2011-1498

Aliases

CVE-2011-1498

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2011-1498",
    "description": "Apache HttpClient 4.x before 4.1.1 in Apache HttpComponents, when used with an authenticating proxy server, sends the Proxy-Authorization header to the origin server, which allows remote web servers to obtain sensitive information by logging this header.",
    "id": "GSD-2011-1498",
    "references": [
      "https://www.suse.com/security/cve/CVE-2011-1498.html"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2011-1498"
      ],
      "details": "Apache HttpClient 4.x before 4.1.1 in Apache HttpComponents, when used with an authenticating proxy server, sends the Proxy-Authorization header to the origin server, which allows remote web servers to obtain sensitive information by logging this header.",
      "id": "GSD-2011-1498",
      "modified": "2023-12-13T01:19:07.610955Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "secalert@redhat.com",
        "ID": "CVE-2011-1498",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Apache HttpClient 4.x before 4.1.1 in Apache HttpComponents, when used with an authenticating proxy server, sends the Proxy-Authorization header to the origin server, which allows remote web servers to obtain sensitive information by logging this header."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "[httpclient-users] 20110224 Proxy-Authorization header received on server side",
            "refsource": "MLIST",
            "url": "http://marc.info/?l=httpclient-users\u0026m=129853896315461\u0026w=2"
          },
          {
            "name": "[oss-security] 20110408 Re: Apache HttpClient CVE request  [VU#153049]",
            "refsource": "MLIST",
            "url": "http://openwall.com/lists/oss-security/2011/04/08/1"
          },
          {
            "name": "https://bugzilla.redhat.com/show_bug.cgi?id=709531",
            "refsource": "CONFIRM",
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=709531"
          },
          {
            "name": "[httpclient-users] 20110224 Re: Proxy-Authorization header received on server side",
            "refsource": "MLIST",
            "url": "http://marc.info/?l=httpclient-users\u0026m=129856318011586\u0026w=2"
          },
          {
            "name": "[httpclient-users] 20110224 RE: Proxy-Authorization header received on server side",
            "refsource": "MLIST",
            "url": "http://marc.info/?l=httpclient-users\u0026m=129857589129183\u0026w=2"
          },
          {
            "name": "[oss-security] 20110407 Apache HttpClient CVE request  [VU#153049]",
            "refsource": "MLIST",
            "url": "http://openwall.com/lists/oss-security/2011/04/07/7"
          },
          {
            "name": "https://issues.apache.org/jira/browse/HTTPCLIENT-1061",
            "refsource": "CONFIRM",
            "url": "https://issues.apache.org/jira/browse/HTTPCLIENT-1061"
          },
          {
            "name": "VU#153049",
            "refsource": "CERT-VN",
            "url": "http://www.kb.cert.org/vuls/id/153049"
          },
          {
            "name": "46974",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/46974"
          },
          {
            "name": "[httpclient-users] 20110224 Re: Proxy-Authorization header received on server side",
            "refsource": "MLIST",
            "url": "http://marc.info/?l=httpclient-users\u0026m=129858274406594\u0026w=2"
          },
          {
            "name": "8298",
            "refsource": "SREASON",
            "url": "http://securityreason.com/securityalert/8298"
          },
          {
            "name": "FEDORA-2011-7747",
            "refsource": "FEDORA",
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-June/061440.html"
          },
          {
            "name": "[httpclient-users] 20110224 RE: Proxy-Authorization header received on server side",
            "refsource": "MLIST",
            "url": "http://marc.info/?l=httpclient-users\u0026m=129858299106950\u0026w=2"
          },
          {
            "name": "http://www.apache.org/dist/httpcomponents/httpclient/RELEASE_NOTES-4.1.x.txt",
            "refsource": "CONFIRM",
            "url": "http://www.apache.org/dist/httpcomponents/httpclient/RELEASE_NOTES-4.1.x.txt"
          }
        ]
      }
    },
    "gitlab.com": {
      "advisories": [
        {
          "affected_range": "[4.0.0,4.1.1)",
          "affected_versions": "All versions starting from 4.0.0 before 4.1.1",
          "cvss_v2": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
          "cwe_ids": [
            "CWE-1035",
            "CWE-200",
            "CWE-937"
          ],
          "date": "2022-07-13",
          "description": "Apache HttpClient 4.x before 4.1.1 in Apache HttpComponents, when used with an authenticating proxy server, sends the Proxy-Authorization header to the origin server, which allows remote web servers to obtain sensitive information by logging this header.",
          "fixed_versions": [
            "4.1.1"
          ],
          "identifier": "CVE-2011-1498",
          "identifiers": [
            "GHSA-gw85-4gmf-m7rh",
            "CVE-2011-1498"
          ],
          "not_impacted": "All versions before 4.0.0, all versions starting from 4.1.1",
          "package_slug": "maven/org.apache.httpcomponents/httpclient",
          "pubdate": "2022-05-17",
          "solution": "Upgrade to version 4.1.1 or above.",
          "title": "Exposure of Sensitive Information to an Unauthorized Actor",
          "urls": [
            "https://nvd.nist.gov/vuln/detail/CVE-2011-1498",
            "https://bugzilla.redhat.com/show_bug.cgi?id=709531",
            "https://issues.apache.org/jira/browse/HTTPCLIENT-1061",
            "http://lists.fedoraproject.org/pipermail/package-announce/2011-June/061440.html",
            "http://marc.info/?l=httpclient-users\u0026m=129853896315461\u0026w=2",
            "http://marc.info/?l=httpclient-users\u0026m=129856318011586\u0026w=2",
            "http://marc.info/?l=httpclient-users\u0026m=129857589129183\u0026w=2",
            "http://marc.info/?l=httpclient-users\u0026m=129858274406594\u0026w=2",
            "http://marc.info/?l=httpclient-users\u0026m=129858299106950\u0026w=2",
            "http://openwall.com/lists/oss-security/2011/04/07/7",
            "http://openwall.com/lists/oss-security/2011/04/08/1",
            "http://securityreason.com/securityalert/8298",
            "https://github.com/advisories/GHSA-gw85-4gmf-m7rh"
          ],
          "uuid": "b851d5d2-02a6-4023-829f-e2e6af3112ae"
        }
      ]
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:apache:httpclient:4.0:alpha3:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:httpclient:4.0:alpha4:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:httpclient:4.0:beta1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:httpclient:4.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:httpclient:4.0:alpha1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:httpclient:4.0:alpha2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:httpclient:4.1:alpha2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:httpclient:4.1:beta1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:httpclient:4.0.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:httpclient:4.1:alpha1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:httpclient:4.0:beta2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:httpclient:4.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert@redhat.com",
          "ID": "CVE-2011-1498"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Apache HttpClient 4.x before 4.1.1 in Apache HttpComponents, when used with an authenticating proxy server, sends the Proxy-Authorization header to the origin server, which allows remote web servers to obtain sensitive information by logging this header."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-200"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "[httpclient-users] 20110224 RE: Proxy-Authorization header received on server side",
              "refsource": "MLIST",
              "tags": [],
              "url": "http://marc.info/?l=httpclient-users\u0026m=129857589129183\u0026w=2"
            },
            {
              "name": "[httpclient-users] 20110224 Re: Proxy-Authorization header received on server side",
              "refsource": "MLIST",
              "tags": [],
              "url": "http://marc.info/?l=httpclient-users\u0026m=129856318011586\u0026w=2"
            },
            {
              "name": "https://issues.apache.org/jira/browse/HTTPCLIENT-1061",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "https://issues.apache.org/jira/browse/HTTPCLIENT-1061"
            },
            {
              "name": "[oss-security] 20110407 Apache HttpClient CVE request  [VU#153049]",
              "refsource": "MLIST",
              "tags": [],
              "url": "http://openwall.com/lists/oss-security/2011/04/07/7"
            },
            {
              "name": "https://bugzilla.redhat.com/show_bug.cgi?id=709531",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=709531"
            },
            {
              "name": "[httpclient-users] 20110224 Re: Proxy-Authorization header received on server side",
              "refsource": "MLIST",
              "tags": [],
              "url": "http://marc.info/?l=httpclient-users\u0026m=129858274406594\u0026w=2"
            },
            {
              "name": "FEDORA-2011-7747",
              "refsource": "FEDORA",
              "tags": [],
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-June/061440.html"
            },
            {
              "name": "46974",
              "refsource": "BID",
              "tags": [],
              "url": "http://www.securityfocus.com/bid/46974"
            },
            {
              "name": "[httpclient-users] 20110224 RE: Proxy-Authorization header received on server side",
              "refsource": "MLIST",
              "tags": [],
              "url": "http://marc.info/?l=httpclient-users\u0026m=129858299106950\u0026w=2"
            },
            {
              "name": "[httpclient-users] 20110224 Proxy-Authorization header received on server side",
              "refsource": "MLIST",
              "tags": [],
              "url": "http://marc.info/?l=httpclient-users\u0026m=129853896315461\u0026w=2"
            },
            {
              "name": "[oss-security] 20110408 Re: Apache HttpClient CVE request  [VU#153049]",
              "refsource": "MLIST",
              "tags": [],
              "url": "http://openwall.com/lists/oss-security/2011/04/08/1"
            },
            {
              "name": "VU#153049",
              "refsource": "CERT-VN",
              "tags": [
                "US Government Resource"
              ],
              "url": "http://www.kb.cert.org/vuls/id/153049"
            },
            {
              "name": "http://www.apache.org/dist/httpcomponents/httpclient/RELEASE_NOTES-4.1.x.txt",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "http://www.apache.org/dist/httpcomponents/httpclient/RELEASE_NOTES-4.1.x.txt"
            },
            {
              "name": "8298",
              "refsource": "SREASON",
              "tags": [],
              "url": "http://securityreason.com/securityalert/8298"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 8.6,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        }
      },
      "lastModifiedDate": "2011-09-22T03:30Z",
      "publishedDate": "2011-07-07T21:55Z"
    }
  }
}

GHSA-GW85-4GMF-M7RH

Vulnerability from github – Published: 2022-05-17 05:39 – Updated: 2024-03-05 19:07

Summary

Exposure of Sensitive Information to an Unauthorized Actor in Apache HttpClient

Details

Show details on source website

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "Maven",
        "name": "org.apache.httpcomponents:httpclient"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "4.0.0"
            },
            {
              "fixed": "4.1.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2011-1498"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-200"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2022-07-13T17:20:15Z",
    "nvd_published_at": "2011-07-07T21:55:00Z",
    "severity": "MODERATE"
  },
  "details": "Apache HttpClient 4.x before 4.1.1 in Apache HttpComponents, when used with an authenticating proxy server, sends the Proxy-Authorization header to the origin server, which allows remote web servers to obtain sensitive information by logging this header.",
  "id": "GHSA-gw85-4gmf-m7rh",
  "modified": "2024-03-05T19:07:38Z",
  "published": "2022-05-17T05:39:03Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2011-1498"
    },
    {
      "type": "WEB",
      "url": "https://github.com/apache/httpcomponents-client/commit/a572756592c969affd0ce87885724e74839176fb"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=709531"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/apache/httpcomponents-client"
    },
    {
      "type": "WEB",
      "url": "https://issues.apache.org/jira/browse/HTTPCLIENT-1061"
    },
    {
      "type": "WEB",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-June/061440.html"
    },
    {
      "type": "WEB",
      "url": "http://marc.info/?l=httpclient-users\u0026m=129853896315461\u0026w=2"
    },
    {
      "type": "WEB",
      "url": "http://marc.info/?l=httpclient-users\u0026m=129856318011586\u0026w=2"
    },
    {
      "type": "WEB",
      "url": "http://marc.info/?l=httpclient-users\u0026m=129857589129183\u0026w=2"
    },
    {
      "type": "WEB",
      "url": "http://marc.info/?l=httpclient-users\u0026m=129858274406594\u0026w=2"
    },
    {
      "type": "WEB",
      "url": "http://marc.info/?l=httpclient-users\u0026m=129858299106950\u0026w=2"
    },
    {
      "type": "WEB",
      "url": "http://openwall.com/lists/oss-security/2011/04/07/7"
    },
    {
      "type": "WEB",
      "url": "http://openwall.com/lists/oss-security/2011/04/08/1"
    },
    {
      "type": "WEB",
      "url": "http://securityreason.com/securityalert/8298"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [],
  "summary": "Exposure of Sensitive Information to an Unauthorized Actor in Apache HttpClient"
}

CERTFR-2021-AVI-539

Vulnerability from certfr_avis - Published: 2021-07-19 - Updated: 2021-07-19

De multiples vulnérabilités ont été découvertes dans les produits IBM. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une atteinte à l'intégrité des données.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

	Vendor	Product	Description
	IBM	N/A	IBM Tivoli Monitoring (installé sur WebSphere Application Server) versions 6.3.0 Fix Pack 7 Service Pack 5
	IBM	N/A	IBM Resilient versions antérieures à 41.0

References

Title

Publication Time

FKIE_CVE-2011-1498

Vulnerability from fkie_nvd - Published: 2011-07-07 21:55 - Updated: 2025-04-11 00:51

Severity ?

Summary

References

URL	Tags
secalert@redhat.com	http://lists.fedoraproject.org/pipermail/package-announce/2011-June/061440.html
secalert@redhat.com	http://marc.info/?l=httpclient-users&m=129853896315461&w=2
secalert@redhat.com	http://marc.info/?l=httpclient-users&m=129856318011586&w=2
secalert@redhat.com	http://marc.info/?l=httpclient-users&m=129857589129183&w=2
secalert@redhat.com	http://marc.info/?l=httpclient-users&m=129858274406594&w=2
secalert@redhat.com	http://marc.info/?l=httpclient-users&m=129858299106950&w=2
secalert@redhat.com	http://openwall.com/lists/oss-security/2011/04/07/7
secalert@redhat.com	http://openwall.com/lists/oss-security/2011/04/08/1
secalert@redhat.com	http://securityreason.com/securityalert/8298
secalert@redhat.com	http://www.apache.org/dist/httpcomponents/httpclient/RELEASE_NOTES-4.1.x.txt
secalert@redhat.com	http://www.kb.cert.org/vuls/id/153049	US Government Resource
secalert@redhat.com	http://www.securityfocus.com/bid/46974
secalert@redhat.com	https://bugzilla.redhat.com/show_bug.cgi?id=709531
secalert@redhat.com	https://issues.apache.org/jira/browse/HTTPCLIENT-1061
af854a3a-2127-422b-91ae-364da2661108	http://lists.fedoraproject.org/pipermail/package-announce/2011-June/061440.html
af854a3a-2127-422b-91ae-364da2661108	http://marc.info/?l=httpclient-users&m=129853896315461&w=2
af854a3a-2127-422b-91ae-364da2661108	http://marc.info/?l=httpclient-users&m=129856318011586&w=2
af854a3a-2127-422b-91ae-364da2661108	http://marc.info/?l=httpclient-users&m=129857589129183&w=2
af854a3a-2127-422b-91ae-364da2661108	http://marc.info/?l=httpclient-users&m=129858274406594&w=2
af854a3a-2127-422b-91ae-364da2661108	http://marc.info/?l=httpclient-users&m=129858299106950&w=2
af854a3a-2127-422b-91ae-364da2661108	http://openwall.com/lists/oss-security/2011/04/07/7
af854a3a-2127-422b-91ae-364da2661108	http://openwall.com/lists/oss-security/2011/04/08/1
af854a3a-2127-422b-91ae-364da2661108	http://securityreason.com/securityalert/8298
af854a3a-2127-422b-91ae-364da2661108	http://www.apache.org/dist/httpcomponents/httpclient/RELEASE_NOTES-4.1.x.txt
af854a3a-2127-422b-91ae-364da2661108	http://www.kb.cert.org/vuls/id/153049	US Government Resource
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/46974
af854a3a-2127-422b-91ae-364da2661108	https://bugzilla.redhat.com/show_bug.cgi?id=709531
af854a3a-2127-422b-91ae-364da2661108	https://issues.apache.org/jira/browse/HTTPCLIENT-1061

Impacted products

Vendor	Product	Version
apache	httpclient	4.0
apache	httpclient	4.0
apache	httpclient	4.0
apache	httpclient	4.0
apache	httpclient	4.0
apache	httpclient	4.0
apache	httpclient	4.0
apache	httpclient	4.0.1
apache	httpclient	4.1
apache	httpclient	4.1
apache	httpclient	4.1
apache	httpclient	4.1

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:apache:httpclient:4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "D4C91BDB-E3D5-4891-9F29-6B8B5D32A54D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:httpclient:4.0:alpha1:*:*:*:*:*:*",
              "matchCriteriaId": "AA42463A-DFD4-4609-9871-98348B3E98B8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:httpclient:4.0:alpha2:*:*:*:*:*:*",
              "matchCriteriaId": "D07113CF-6A5D-4619-B7C8-20FFC3D9D1E7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:httpclient:4.0:alpha3:*:*:*:*:*:*",
              "matchCriteriaId": "4AE2C617-BF81-437B-BC04-7620EE6FA6AE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:httpclient:4.0:alpha4:*:*:*:*:*:*",
              "matchCriteriaId": "FE97A012-0D85-4EF1-ABFB-BE619F3289E1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:httpclient:4.0:beta1:*:*:*:*:*:*",
              "matchCriteriaId": "82584BFB-BC70-4B3F-BC90-A9416E62EF35",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:httpclient:4.0:beta2:*:*:*:*:*:*",
              "matchCriteriaId": "C83F8D40-F7C5-4543-81E1-40085A2E7341",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:httpclient:4.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "4922F122-1D31-4D76-9D43-F4F95720939B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:httpclient:4.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "D95BD2A2-0765-42F4-A3CA-22DB96E195B0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:httpclient:4.1:alpha1:*:*:*:*:*:*",
              "matchCriteriaId": "246968EA-BEEF-4046-B535-629C03643852",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:httpclient:4.1:alpha2:*:*:*:*:*:*",
              "matchCriteriaId": "C5FE210D-BB5E-4305-A846-4A18BCEC7807",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:httpclient:4.1:beta1:*:*:*:*:*:*",
              "matchCriteriaId": "956E366E-8E89-43B7-82EB-1757F4F519C5",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Apache HttpClient 4.x before 4.1.1 in Apache HttpComponents, when used with an authenticating proxy server, sends the Proxy-Authorization header to the origin server, which allows remote web servers to obtain sensitive information by logging this header."
    },
    {
      "lang": "es",
      "value": "Apache HttpClient v4.x antes de v4.1.1 en Apache HttpComponents, cuando se utiliza con un servidor proxy de autenticaci\u00f3n, env\u00eda el encabezado Proxy-Authorization al servidor de origen, lo que permite obtener informaci\u00f3n sensible a los servidores Web remotos mediante la comprobaci\u00f3n de esta cabecera."
    }
  ],
  "id": "CVE-2011-1498",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2011-07-07T21:55:01.663",
  "references": [
    {
      "source": "secalert@redhat.com",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-June/061440.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://marc.info/?l=httpclient-users\u0026m=129853896315461\u0026w=2"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://marc.info/?l=httpclient-users\u0026m=129856318011586\u0026w=2"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://marc.info/?l=httpclient-users\u0026m=129857589129183\u0026w=2"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://marc.info/?l=httpclient-users\u0026m=129858274406594\u0026w=2"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://marc.info/?l=httpclient-users\u0026m=129858299106950\u0026w=2"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://openwall.com/lists/oss-security/2011/04/07/7"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://openwall.com/lists/oss-security/2011/04/08/1"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://securityreason.com/securityalert/8298"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.apache.org/dist/httpcomponents/httpclient/RELEASE_NOTES-4.1.x.txt"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.kb.cert.org/vuls/id/153049"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.securityfocus.com/bid/46974"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=709531"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://issues.apache.org/jira/browse/HTTPCLIENT-1061"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-June/061440.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://marc.info/?l=httpclient-users\u0026m=129853896315461\u0026w=2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://marc.info/?l=httpclient-users\u0026m=129856318011586\u0026w=2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://marc.info/?l=httpclient-users\u0026m=129857589129183\u0026w=2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://marc.info/?l=httpclient-users\u0026m=129858274406594\u0026w=2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://marc.info/?l=httpclient-users\u0026m=129858299106950\u0026w=2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://openwall.com/lists/oss-security/2011/04/07/7"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://openwall.com/lists/oss-security/2011/04/08/1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://securityreason.com/securityalert/8298"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.apache.org/dist/httpcomponents/httpclient/RELEASE_NOTES-4.1.x.txt"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.kb.cert.org/vuls/id/153049"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/46974"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=709531"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://issues.apache.org/jira/browse/HTTPCLIENT-1061"
    }
  ],
  "sourceIdentifier": "secalert@redhat.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-200"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2011-1498 (GCVE-0-2011-1498)

GSD-2011-1498

GHSA-GW85-4GMF-M7RH

CERTFR-2021-AVI-539

Solution

FKIE_CVE-2011-1498

Tags

Sightings

Nomenclature