CVE-2011-1498 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	4.3 UNKNOWN	NETWORK	MEDIUM		AV:N/AC:M/Au:N/C:P/I:N/A:N
redhat	CNA	---				---
CVE	ADP	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: 85%

Vendor	Product	Version
apache	httpclient	4.0
apache	httpclient	4.0:alpha1
apache	httpclient	4.0:alpha2
apache	httpclient	4.0:alpha3
apache	httpclient	4.0:alpha4
apache	httpclient	4.0:beta1
apache	httpclient	4.0:beta2
apache	httpclient	4.0.1
apache	httpclient	4.1
apache	httpclient	4.1:alpha1
apache	httpclient	4.1:alpha2
apache	httpclient	4.1:beta1

𝑥

= Vulnerable software versions

Debian Releases

Debian Product

Codename

httpcomponents-client

bullseye	4.5.13-2 fixed
bookworm	4.5.14-1 fixed
sid	4.5.14-1 fixed
trixie	4.5.14-1 fixed

Ubuntu Releases

Ubuntu Product

Codename

httpcomponents-client

quantal	not-affected
precise	not-affected
oneiric	not-affected
natty	ignored
maverick	ignored
lucid	dne
hardy	dne

Common Weakness Enumeration

CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

References

http://lists.fedoraproject.org/pipermail/package-announce/2011-June/061440.html

http://marc.info/?l=httpclient-users&m=129853896315461&w=2

http://marc.info/?l=httpclient-users&m=129856318011586&w=2

http://marc.info/?l=httpclient-users&m=129857589129183&w=2

http://marc.info/?l=httpclient-users&m=129858274406594&w=2

http://marc.info/?l=httpclient-users&m=129858299106950&w=2

http://openwall.com/lists/oss-security/2011/04/07/7

http://openwall.com/lists/oss-security/2011/04/08/1

http://securityreason.com/securityalert/8298

http://www.apache.org/dist/httpcomponents/httpclient/RELEASE_NOTES-4.1.x.txt

http://www.kb.cert.org/vuls/id/153049

http://www.securityfocus.com/bid/46974

https://bugzilla.redhat.com/show_bug.cgi?id=709531

https://issues.apache.org/jira/browse/HTTPCLIENT-1061

http://lists.fedoraproject.org/pipermail/package-announce/2011-June/061440.html

http://marc.info/?l=httpclient-users&m=129853896315461&w=2

http://marc.info/?l=httpclient-users&m=129856318011586&w=2

http://marc.info/?l=httpclient-users&m=129857589129183&w=2

http://marc.info/?l=httpclient-users&m=129858274406594&w=2

http://marc.info/?l=httpclient-users&m=129858299106950&w=2

http://openwall.com/lists/oss-security/2011/04/07/7

http://openwall.com/lists/oss-security/2011/04/08/1

http://securityreason.com/securityalert/8298

http://www.apache.org/dist/httpcomponents/httpclient/RELEASE_NOTES-4.1.x.txt

http://www.kb.cert.org/vuls/id/153049

http://www.securityfocus.com/bid/46974

https://bugzilla.redhat.com/show_bug.cgi?id=709531

https://issues.apache.org/jira/browse/HTTPCLIENT-1061