CVE-2011-1498

NameCVE-2011-1498
DescriptionApache HttpClient 4.x before 4.1.1 in Apache HttpComponents, when used with an authenticating proxy server, sends the Proxy-Authorization header to the origin server, which allows remote web servers to obtain sensitive information by logging this header.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
Debian Bugs628727

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
httpcomponents-client (PTS)buster, buster (security)4.5.7-1+deb10u1fixed
bullseye4.5.13-2fixed
sid, trixie, bookworm4.5.14-1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
httpcomponents-clientsourcesqueeze4.0.1-1squeeze1
httpcomponents-clientsource(unstable)4.1.1-1628727

Notes

http://seclists.org/oss-sec/2011/q2/188
http://web.archive.org/web/20130102213624/http://www.apache.org/dist/httpcomponents/httpclient/RELEASE_NOTES-4.1.x.txt

Search for package or bug name: Reporting problems