VYPR
Moderate severityNVD Advisory· Published Jul 7, 2011· Updated Jun 16, 2026

CVE-2011-1498

CVE-2011-1498

Description

Apache HttpClient 4.x before 4.1.1 in Apache HttpComponents, when used with an authenticating proxy server, sends the Proxy-Authorization header to the origin server, which allows remote web servers to obtain sensitive information by logging this header.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
org.apache.httpcomponents:httpclientMaven
>= 4.0.0, < 4.1.14.1.1

Affected products

13
  • Apache/Httpclient12 versions
    cpe:2.3:a:apache:httpclient:4.0:*:*:*:*:*:*:*+ 11 more
    • cpe:2.3:a:apache:httpclient:4.0:*:*:*:*:*:*:*
    • cpe:2.3:a:apache:httpclient:4.0.1:*:*:*:*:*:*:*
    • cpe:2.3:a:apache:httpclient:4.0:alpha1:*:*:*:*:*:*
    • cpe:2.3:a:apache:httpclient:4.0:alpha2:*:*:*:*:*:*
    • cpe:2.3:a:apache:httpclient:4.0:alpha3:*:*:*:*:*:*
    • cpe:2.3:a:apache:httpclient:4.0:alpha4:*:*:*:*:*:*
    • cpe:2.3:a:apache:httpclient:4.0:beta1:*:*:*:*:*:*
    • cpe:2.3:a:apache:httpclient:4.0:beta2:*:*:*:*:*:*
    • cpe:2.3:a:apache:httpclient:4.1:*:*:*:*:*:*:*
    • cpe:2.3:a:apache:httpclient:4.1:alpha1:*:*:*:*:*:*
    • cpe:2.3:a:apache:httpclient:4.1:alpha2:*:*:*:*:*:*
    • cpe:2.3:a:apache:httpclient:4.1:beta1:*:*:*:*:*:*
  • ghsa-coords
    Range: >= 4.0.0, < 4.1.1

Patches

Vulnerability mechanics

References

17

News mentions

0

No linked articles in our index yet.