Apache HttpClient 4.x prior to 4.1.1 in Apache HttpComponents, when used with an authenticating proxy server, sends the Proxy-Authorization header to the origin server, which allows remote web servers to obtain sensitive information by logging this header.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
apache httpclient 4.0 |
||
apache httpclient 4.1 |
||
apache httpclient 4.0.1 |