Описание
Exposure of Sensitive Information to an Unauthorized Actor in Apache HttpClient
Apache HttpClient 4.x before 4.1.1 in Apache HttpComponents, when used with an authenticating proxy server, sends the Proxy-Authorization header to the origin server, which allows remote web servers to obtain sensitive information by logging this header.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2011-1498
- https://github.com/apache/httpcomponents-client/commit/a572756592c969affd0ce87885724e74839176fb
- https://bugzilla.redhat.com/show_bug.cgi?id=709531
- https://issues.apache.org/jira/browse/HTTPCLIENT-1061
- http://lists.fedoraproject.org/pipermail/package-announce/2011-June/061440.html
- http://marc.info/?l=httpclient-users&m=129853896315461&w=2
- http://marc.info/?l=httpclient-users&m=129856318011586&w=2
- http://marc.info/?l=httpclient-users&m=129857589129183&w=2
- http://marc.info/?l=httpclient-users&m=129858274406594&w=2
- http://marc.info/?l=httpclient-users&m=129858299106950&w=2
- http://openwall.com/lists/oss-security/2011/04/07/7
- http://openwall.com/lists/oss-security/2011/04/08/1
- http://securityreason.com/securityalert/8298
Пакеты
org.apache.httpcomponents:httpclient
>= 4.0.0, < 4.1.1
4.1.1
Связанные уязвимости
Apache HttpClient 4.x before 4.1.1 in Apache HttpComponents, when used with an authenticating proxy server, sends the Proxy-Authorization header to the origin server, which allows remote web servers to obtain sensitive information by logging this header.
Apache HttpClient 4.x before 4.1.1 in Apache HttpComponents, when used with an authenticating proxy server, sends the Proxy-Authorization header to the origin server, which allows remote web servers to obtain sensitive information by logging this header.
Apache HttpClient 4.x before 4.1.1 in Apache HttpComponents, when used ...