Moderate severityNVD Advisory· Published Jul 7, 2011· Updated Jun 16, 2026
CVE-2011-1498
CVE-2011-1498
Description
Apache HttpClient 4.x before 4.1.1 in Apache HttpComponents, when used with an authenticating proxy server, sends the Proxy-Authorization header to the origin server, which allows remote web servers to obtain sensitive information by logging this header.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
org.apache.httpcomponents:httpclientMaven | >= 4.0.0, < 4.1.1 | 4.1.1 |
Affected products
13cpe:2.3:a:apache:httpclient:4.0:*:*:*:*:*:*:*+ 11 more
- cpe:2.3:a:apache:httpclient:4.0:*:*:*:*:*:*:*
- cpe:2.3:a:apache:httpclient:4.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:apache:httpclient:4.0:alpha1:*:*:*:*:*:*
- cpe:2.3:a:apache:httpclient:4.0:alpha2:*:*:*:*:*:*
- cpe:2.3:a:apache:httpclient:4.0:alpha3:*:*:*:*:*:*
- cpe:2.3:a:apache:httpclient:4.0:alpha4:*:*:*:*:*:*
- cpe:2.3:a:apache:httpclient:4.0:beta1:*:*:*:*:*:*
- cpe:2.3:a:apache:httpclient:4.0:beta2:*:*:*:*:*:*
- cpe:2.3:a:apache:httpclient:4.1:*:*:*:*:*:*:*
- cpe:2.3:a:apache:httpclient:4.1:alpha1:*:*:*:*:*:*
- cpe:2.3:a:apache:httpclient:4.1:alpha2:*:*:*:*:*:*
- cpe:2.3:a:apache:httpclient:4.1:beta1:*:*:*:*:*:*
Patches
Vulnerability mechanics
References
17- github.com/advisories/GHSA-gw85-4gmf-m7rhghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2011-1498ghsaADVISORY
- lists.fedoraproject.org/pipermail/package-announce/2011-June/061440.htmlnvdWEB
- marc.infonvdWEB
- marc.infonvdWEB
- marc.infonvdWEB
- marc.infonvdWEB
- marc.infonvdWEB
- openwall.com/lists/oss-security/2011/04/07/7nvdWEB
- openwall.com/lists/oss-security/2011/04/08/1nvdWEB
- securityreason.com/securityalert/8298nvdWEB
- www.kb.cert.org/vuls/id/153049nvdUS Government Resource
- bugzilla.redhat.com/show_bug.cginvdWEB
- github.com/apache/httpcomponents-client/commit/a572756592c969affd0ce87885724e74839176fbghsaWEB
- issues.apache.org/jira/browse/HTTPCLIENT-1061nvdWEB
- www.apache.org/dist/httpcomponents/httpclient/RELEASE_NOTES-4.1.x.txtnvd
- www.securityfocus.com/bid/46974nvd
News mentions
0No linked articles in our index yet.