Описание
Apache HttpClient 4.x before 4.1.1 in Apache HttpComponents, when used with an authenticating proxy server, sends the Proxy-Authorization header to the origin server, which allows remote web servers to obtain sensitive information by logging this header.
Ссылки
- US Government Resource
Уязвимые конфигурации
Конфигурация 1
Одно из
cpe:2.3:a:apache:httpclient:4.0:*:*:*:*:*:*:*
cpe:2.3:a:apache:httpclient:4.0:alpha1:*:*:*:*:*:*
cpe:2.3:a:apache:httpclient:4.0:alpha2:*:*:*:*:*:*
cpe:2.3:a:apache:httpclient:4.0:alpha3:*:*:*:*:*:*
cpe:2.3:a:apache:httpclient:4.0:alpha4:*:*:*:*:*:*
cpe:2.3:a:apache:httpclient:4.0:beta1:*:*:*:*:*:*
cpe:2.3:a:apache:httpclient:4.0:beta2:*:*:*:*:*:*
cpe:2.3:a:apache:httpclient:4.0.1:*:*:*:*:*:*:*
cpe:2.3:a:apache:httpclient:4.1:*:*:*:*:*:*:*
cpe:2.3:a:apache:httpclient:4.1:alpha1:*:*:*:*:*:*
cpe:2.3:a:apache:httpclient:4.1:alpha2:*:*:*:*:*:*
cpe:2.3:a:apache:httpclient:4.1:beta1:*:*:*:*:*:*
EPSS
Процентиль: 87%
0.03634
Низкий
4.3 Medium
CVSS2
Дефекты
CWE-200
Связанные уязвимости
ubuntu
больше 14 лет назад
Apache HttpClient 4.x before 4.1.1 in Apache HttpComponents, when used with an authenticating proxy server, sends the Proxy-Authorization header to the origin server, which allows remote web servers to obtain sensitive information by logging this header.
debian
больше 14 лет назад
Apache HttpClient 4.x before 4.1.1 in Apache HttpComponents, when used ...
github
больше 3 лет назад
Exposure of Sensitive Information to an Unauthorized Actor in Apache HttpClient
EPSS
Процентиль: 87%
0.03634
Низкий
4.3 Medium
CVSS2
Дефекты
CWE-200