Sign In

CVE-2011-1498

SOURCE - github

Summary

Apache HttpClient 4.x before 4.1.1 in Apache HttpComponents, when used with an authenticating proxy server, sends the Proxy-Authorization header to the origin server, which allows remote web servers to obtain sensitive information by logging this header.

EPSS Score: 0.00219 (0.602)

Common Weakness Enumeration (CWE)

SOURCE - nist

CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

SOURCE - github

CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

SOURCE - gitlab

CWE-1035

OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities

CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

CWE-937

OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities

Sources (5)

Impacted images

NIST

CREATED

UPDATED

SOURCE IDCVE-2011-1498
EXPLOITABILITY SCORE

8.6

EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)
CWE-200

CVSS SCORE

4.3medium

GitHub

CREATED

UPDATED

SOURCE IDGHSA-gw85-4gmf-m7rh
EXPLOITABILITY SCORE

-

EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)
CWE-200

CVSS SCORE

N/Amedium

Debian

CREATED

UPDATED

SOURCE IDCVE-2011-1498
EXPLOITABILITY SCORE

-

EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-
RATING UNAVAILABLE FROM SOURCE

Ubuntu

CREATED

UPDATED

SOURCE IDCVE-2011-1498
EXPLOITABILITY SCORE

-

EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Amedium

GitLab

CREATED

UPDATED

SOURCE ID

CVE-2011-1498

EXPLOITABILITY SCORE

8.6

EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)
CWE-1035CWE-200CWE-937

CVSS SCORE

4.3medium