Information Exposure Affecting org.apache.httpcomponents:httpclient package, versions [4.0.alpha1,4.1)


0.0
medium
  • Attack Complexity

    Low

  • User Interaction

    Required

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications
  • snyk-id

    SNYK-JAVA-ORGAPACHEHTTPCOMPONENTS-30644

  • published

    8 Sep 2014

  • disclosed

    7 Jul 2011

  • credit

    Unknown

Overview

org.apache.httpcomponents:httpclient Apache HttpClient 4.x before 4.1.1 in Apache HttpComponents, when used with an authenticating proxy server, sends the Proxy-Authorization header to the origin server, which allows remote web servers to obtain sensitive information by logging this header.

References