Date: Thu, 07 Apr 2011 14:43:42 -0400 From: Chad Dougherty <crd@...t.org> To: oss-security@...ts.openwall.com CC: CERT Coordination Center <cert@...t.org> Subject: Apache HttpClient CVE request [VU#153049] Hello all, Per the Apache HttpClient 4.1.1 release notes: <http://www.apache.org/dist/httpcomponents/httpclient/RELEASE_NOTES-4.1.x.txt> "The HttpClient 4.1.1 is a bug fix release that addresses a number of issues reported since release 4.1, including one critical security issue (HTTPCLIENT-1061). All users of HttpClient 4.0.x and 4.1 are strongly encouraged to upgrade. [...] * [HTTPCLIENT-1061] Fixed critical bug causing Proxy-Authorization header to be sent to the target host when tunneling requests through a proxy server that requires authentication. Contributed by Oleg Kalnichevski <olegk at apache.org>" It doesn't look like this has received a CVE identifier and I didn't want to duplicate anyone by assigning one from our pool. Could someone please assign one? Thanks... -Chad
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.