Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nvd[email protected]NVD:CVE-2011-1498
HistoryJul 07, 2011 - 9:55 p.m.

CVE-2011-1498

2011-07-0721:55:01
CWE-200
[email protected]
web.nvd.nist.gov

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

8.7 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

60.2%

JSON

Apache HttpClient 4.x before 4.1.1 in Apache HttpComponents, when used with an authenticating proxy server, sends the Proxy-Authorization header to the origin server, which allows remote web servers to obtain sensitive information by logging this header.

Affected configurations

NVD
Node
apachehttpclientMatch4.0
OR
apachehttpclientMatch4.0alpha1
OR
apachehttpclientMatch4.0alpha2
OR
apachehttpclientMatch4.0alpha3
OR
apachehttpclientMatch4.0alpha4
OR
apachehttpclientMatch4.0beta1
OR
apachehttpclientMatch4.0beta2
OR
apachehttpclientMatch4.0.1
OR
apachehttpclientMatch4.1
OR
apachehttpclientMatch4.1alpha1
OR
apachehttpclientMatch4.1alpha2
OR
apachehttpclientMatch4.1beta1

Related

openvas 2
debiancve 1
fedora 1
ubuntucve 1
osv 1
prion 1
cvelist 1
cve 1
ibm 32
github 1
nessus 3
openvas
openvas
Fedora Update for httpcomponents-client FEDORA-2011-7747
2011-07-12 00:00:00
Fedora Update for httpcomponents-client FEDORA-2011-7747
2011-07-12 00:00:00
debiancve
debiancve
CVE-2011-1498
2011-07-07 21:55:01
fedora
fedora
[SECURITY] Fedora 15 Update: httpcomponents-client-4.1.1-2.fc15
2011-06-15 05:35:09
ubuntucve
ubuntucve
CVE-2011-1498
2011-07-07 00:00:00
osv
osv
Exposure of Sensitive Information to an Unauthorized Actor in Apache HttpClient
2022-05-17 05:39:03
prion
prion
Authorization
2011-07-07 21:55:00
cvelist
cvelist
CVE-2011-1498
2011-07-07 21:00:00
cve
cve
CVE-2011-1498
2011-07-07 21:55:01
ibm
ibm
Security Bulletin: Public disclosed vulnerability from Apache HttpComponents affects IBM Spectrum LSF
2019-03-01 14:05:01
Security Bulletin: Vulnerability from Apache HttpComponents affects IBM Cloud Pak System (CVE-2011-1498, CVE-2015-5262)
2020-05-06 11:57:04
Security Bulletin: IBM QRadar SIEM contains vulnerable components and libraries. (CVE-2011-1498, CVE-2014-3577, CVE-2015-5262)
2018-06-16 22:06:30
github
github
Exposure of Sensitive Information to an Unauthorized Actor in Apache HttpClient
2022-05-17 05:39:03
nessus
nessus
Fedora 15 : httpcomponents-client-4.1.1-2.fc15 (2011-7747)
2011-06-16 00:00:00
IBM WebSphere Portal 8.x < 8.0.0.1 CF13 Multiple Vulnerabilities
2014-09-05 00:00:00
IBM WebSphere Application Server 8.0.x <= 8.0.0.15 / 8.5.x < 8.5.5.20 / 9.0.x < 9.0.5.8 Multiple Vulnerabilities
2021-05-20 00:00:00

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

8.7 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

60.2%

JSON
Related for NVD:CVE-2011-1498
openvas2debiancve1fedora1ubuntucve1osv1prion1cvelist1cve1ibm32github1nessus3