oss-sec mailing list archives

Re: Apache HttpClient CVE request [VU#153049]

From: Mark J Cox <mjc () redhat com>
Date: Fri, 8 Apr 2011 08:08:31 +0100 (BST)

* [HTTPCLIENT-1061] Fixed critical bug causing Proxy-Authorization header tobe sent to the target host when tunneling requests through a proxy serverthat requires authentication.


Use CVE-2011-1498 for this issue

Thanks, Mark

Current thread:

Apache HttpClient CVE request [VU#153049] Chad Dougherty (Apr 07)
- Re: Apache HttpClient CVE request [VU#153049] Mark J Cox (Apr 08)