Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cve[email protected]CVE-2011-1498
HistoryJul 07, 2011 - 9:55 p.m.

CVE-2011-1498

2011-07-0721:55:01
CWE-200
[email protected]
web.nvd.nist.gov
68
2
apache httpclient
cve-2011-1498
proxy-authorization
information security

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

AI Score

8.2

Confidence

High

EPSS

0.002

Percentile

60.1%

JSON

Apache HttpClient 4.x before 4.1.1 in Apache HttpComponents, when used with an authenticating proxy server, sends the Proxy-Authorization header to the origin server, which allows remote web servers to obtain sensitive information by logging this header.

Affected configurations

NVD
Node
apachehttpclientMatch4.0
OR
apachehttpclientMatch4.0alpha1
OR
apachehttpclientMatch4.0alpha2
OR
apachehttpclientMatch4.0alpha3
OR
apachehttpclientMatch4.0alpha4
OR
apachehttpclientMatch4.0beta1
OR
apachehttpclientMatch4.0beta2
OR
apachehttpclientMatch4.0.1
OR
apachehttpclientMatch4.1
OR
apachehttpclientMatch4.1alpha1
OR
apachehttpclientMatch4.1alpha2
OR
apachehttpclientMatch4.1beta1
VendorProductVersionCPE
apachehttpclient4.1cpe:/a:apache:httpclient:4.1:::
apachehttpclient4.1cpe:/a:apache:httpclient:4.1:alpha1::
apachehttpclient4.0cpe:/a:apache:httpclient:4.0:alpha3::
apachehttpclient4.1cpe:/a:apache:httpclient:4.1:alpha2::
apachehttpclient4.1cpe:/a:apache:httpclient:4.1:beta1::
apachehttpclient4.0cpe:/a:apache:httpclient:4.0:alpha4::
apachehttpclient4.0cpe:/a:apache:httpclient:4.0:alpha2::
apachehttpclient4.0cpe:/a:apache:httpclient:4.0:alpha1::
apachehttpclient4.0cpe:/a:apache:httpclient:4.0:::
apachehttpclient4.0cpe:/a:apache:httpclient:4.0:beta1::
Rows per page:
1-10 of 121

Social References

More

Related

openvas 2
debiancve 1
ibm 32
github 1
fedora 1
cvelist 1
ubuntucve 1
osv 1
prion 1
nvd 1
nessus 3
openvas
openvas
Fedora Update for httpcomponents-client FEDORA-2011-7747
2011-07-12 00:00:00
Fedora Update for httpcomponents-client FEDORA-2011-7747
2011-07-12 00:00:00
debiancve
debiancve
CVE-2011-1498
2011-07-07 21:55:01
ibm
ibm
Security Bulletin: Public disclosed vulnerability from Apache HttpComponents affects IBM Spectrum LSF
2019-03-01 14:05:01
Security Bulletin: Vulnerability from Apache HttpComponents affects IBM Cloud Pak System (CVE-2011-1498, CVE-2015-5262)
2020-05-06 11:57:04
Security Bulletin: IBM QRadar SIEM contains vulnerable components and libraries. (CVE-2011-1498, CVE-2014-3577, CVE-2015-5262)
2018-06-16 22:06:30
github
github
Exposure of Sensitive Information to an Unauthorized Actor in Apache HttpClient
2022-05-17 05:39:03
fedora
fedora
[SECURITY] Fedora 15 Update: httpcomponents-client-4.1.1-2.fc15
2011-06-15 05:35:09
cvelist
cvelist
CVE-2011-1498
2011-07-07 21:00:00
ubuntucve
ubuntucve
CVE-2011-1498
2011-07-07 00:00:00
osv
osv
Exposure of Sensitive Information to an Unauthorized Actor in Apache HttpClient
2022-05-17 05:39:03
prion
prion
Authorization
2011-07-07 21:55:00
nvd
nvd
CVE-2011-1498
2011-07-07 21:55:01
nessus
nessus
Fedora 15 : httpcomponents-client-4.1.1-2.fc15 (2011-7747)
2011-06-16 00:00:00
IBM WebSphere Portal 8.x < 8.0.0.1 CF13 Multiple Vulnerabilities
2014-09-05 00:00:00
IBM WebSphere Application Server 8.0.x <= 8.0.0.15 / 8.5.x < 8.5.5.20 / 9.0.x < 9.0.5.8 Multiple Vulnerabilities
2021-05-20 00:00:00

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

AI Score

8.2

Confidence

High

EPSS

0.002

Percentile

60.1%

JSON
Related for CVE-2011-1498
openvas2debiancve1ibm32github1fedora1cvelist1ubuntucve1osv1prion1nvd1nessus3