Homepage
About Snyk

Information Exposure Affecting org.apache.httpcomponents:httpclient package, versions [4.0.alpha1,4.1)

Severity

 Recommended
0.0
medium
0
10

CVSS assessment made by Snyk's Security Team

    Threat Intelligence

    EPSS
    0.22% (61st percentile)

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications
  • Snyk ID SNYK-JAVA-ORGAPACHEHTTPCOMPONENTS-30644
  • published 8 Sep 2014
  • disclosed 7 Jul 2011
  • credit Unknown
Report a new vulnerability Found a mistake?

Introduced: 7 Jul 2011

CVE-2011-1498 Open this link in a new tab
CWE-200 Open this link in a new tab

Overview

org.apache.httpcomponents:httpclient Apache HttpClient 4.x before 4.1.1 in Apache HttpComponents, when used with an authenticating proxy server, sends the Proxy-Authorization header to the origin server, which allows remote web servers to obtain sensitive information by logging this header.

References

CVSS Scores

version 3.1
Expand this section

Snyk

Recommended
4.3 medium
  • Attack Vector (AV)
    Network
  • Attack Complexity (AC)
    Low
  • Privileges Required (PR)
    None
  • User Interaction (UI)
    Required
  • Scope (S)
    Unchanged
  • Confidentiality (C)
    Low
  • Integrity (I)
    None
  • Availability (A)
    None
Expand this section

NVD

4.3 medium