{
  "modified": "2025-08-09T19:01:27Z",
  "published": "2011-07-07T21:55:01Z",
  "id": "CVE-2011-1498",
  "details": "Apache HttpClient 4.x before 4.1.1 in Apache HttpComponents, when used with an authenticating proxy server, sends the Proxy-Authorization header to the origin server, which allows remote web servers to obtain sensitive information by logging this header.",
  "references": [
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=709531"
    },
    {
      "type": "WEB",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-June/061440.html"
    },
    {
      "type": "WEB",
      "url": "http://marc.info/?l=httpclient-users\u0026m=129853896315461\u0026w=2"
    },
    {
      "type": "WEB",
      "url": "http://marc.info/?l=httpclient-users\u0026m=129856318011586\u0026w=2"
    },
    {
      "type": "WEB",
      "url": "http://marc.info/?l=httpclient-users\u0026m=129857589129183\u0026w=2"
    },
    {
      "type": "WEB",
      "url": "http://marc.info/?l=httpclient-users\u0026m=129858274406594\u0026w=2"
    },
    {
      "type": "WEB",
      "url": "http://marc.info/?l=httpclient-users\u0026m=129858299106950\u0026w=2"
    },
    {
      "type": "WEB",
      "url": "http://openwall.com/lists/oss-security/2011/04/07/7"
    },
    {
      "type": "WEB",
      "url": "http://openwall.com/lists/oss-security/2011/04/08/1"
    },
    {
      "type": "WEB",
      "url": "http://securityreason.com/securityalert/8298"
    },
    {
      "type": "WEB",
      "url": "http://www.apache.org/dist/httpcomponents/httpclient/RELEASE_NOTES-4.1.x.txt"
    },
    {
      "type": "WEB",
      "url": "http://www.kb.cert.org/vuls/id/153049"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/46974"
    },
    {
      "type": "WEB",
      "url": "https://issues.apache.org/jira/browse/HTTPCLIENT-1061"
    }
  ]
}