VulnerableCode Vulnerability Details - VCID-318s-st8t-wke2

Staging Environment: Content and features may be unstable or change without notice.

Search for vulnerabilities

Vulnerability details: VCID-318s-st8t-wke2

Essentials
Severities (17)
References (18)
Severity details (14)
Exploits (0)
EPSS
History (1)

Vulnerability ID	VCID-318s-st8t-wke2
Aliases	CVE-2011-1498 GHSA-gw85-4gmf-m7rh
Summary	Apache HttpClient 4.x before 4.1.1 in Apache HttpComponents, when used with an authenticating proxy server, sends the Proxy-Authorization header to the origin server, which allows remote web servers to obtain sensitive information by logging this header.
Status	Published
Exploitability	0.5
Weighted Severity	6.2
Risk	3.1
Affected and Fixed Packages	Package Details

Weaknesses (3)

CWE-200	Exposure of Sensitive Information to an Unauthorized Actor
CWE-1035	OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-937	OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities

System	Score	Found at
generic_textual	MODERATE	http://lists.fedoraproject.org/pipermail/package-announce/2011-June/061440.html
generic_textual	MODERATE	http://marc.info/?l=httpclient-users&m=129853896315461&w=2
generic_textual	MODERATE	http://marc.info/?l=httpclient-users&m=129856318011586&w=2
generic_textual	MODERATE	http://marc.info/?l=httpclient-users&m=129857589129183&w=2
generic_textual	MODERATE	http://marc.info/?l=httpclient-users&m=129858274406594&w=2
generic_textual	MODERATE	http://marc.info/?l=httpclient-users&m=129858299106950&w=2
generic_textual	MODERATE	http://openwall.com/lists/oss-security/2011/04/07/7
generic_textual	MODERATE	http://openwall.com/lists/oss-security/2011/04/08/1
epss	0.04395	https://api.first.org/data/v1/epss?cve=CVE-2011-1498
epss	0.04395	https://api.first.org/data/v1/epss?cve=CVE-2011-1498
epss	0.04395	https://api.first.org/data/v1/epss?cve=CVE-2011-1498
generic_textual	MODERATE	https://bugzilla.redhat.com/show_bug.cgi?id=709531
generic_textual	MODERATE	http://securityreason.com/securityalert/8298
generic_textual	MODERATE	https://github.com/apache/httpcomponents-client
generic_textual	MODERATE	https://github.com/apache/httpcomponents-client/commit/a572756592c969affd0ce87885724e74839176fb
generic_textual	MODERATE	https://issues.apache.org/jira/browse/HTTPCLIENT-1061
generic_textual	MODERATE	https://nvd.nist.gov/vuln/detail/CVE-2011-1498

Reference id	Reference type	URL
		http://lists.fedoraproject.org/pipermail/package-announce/2011-June/061440.html
		http://marc.info/?l=httpclient-users&m=129853896315461&w=2
		http://marc.info/?l=httpclient-users&m=129856318011586&w=2
		http://marc.info/?l=httpclient-users&m=129857589129183&w=2
		http://marc.info/?l=httpclient-users&m=129858274406594&w=2
		http://marc.info/?l=httpclient-users&m=129858299106950&w=2
		http://openwall.com/lists/oss-security/2011/04/07/7
		http://openwall.com/lists/oss-security/2011/04/08/1
		https://api.first.org/data/v1/epss?cve=CVE-2011-1498
		https://bugzilla.redhat.com/show_bug.cgi?id=709531
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1498
		http://securityreason.com/securityalert/8298
		https://github.com/apache/httpcomponents-client
		https://github.com/apache/httpcomponents-client/commit/a572756592c969affd0ce87885724e74839176fb
		https://issues.apache.org/jira/browse/HTTPCLIENT-1061
		https://nvd.nist.gov/vuln/detail/CVE-2011-1498
628727		https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=628727
GHSA-gw85-4gmf-m7rh		https://github.com/advisories/GHSA-gw85-4gmf-m7rh

No exploits are available.

Exploit Prediction Scoring System (EPSS)

Percentile	0.8918
EPSS Score	0.04395
Published At	June 4, 2026, 12:55 p.m.

Date	Actor	Action	Source	VulnerableCode Version
2026-06-04T16:38:49.688066+00:00	Debian Importer	Import	https://security-tracker.debian.org/tracker/data/json	38.6.0