Proxy-Authorization header received on server side

2011.07.09
Credit: onofer dusan
Risk: Low
Local: No
Remote: Yes
CVE: CVE-2011-1498
CWE: CWE-200


CVSS Base Score: 4.3/10
Impact Subscore: 2.9/10
Exploitability Subscore: 8.6/10
Exploit range: Remote
Attack complexity: Medium
Authentication: No required
Confidentiality impact: Partial
Integrity impact: None
Availability impact: None

I'm following example http://hc.apache.org/httpcomponents-client-ga/examples.html Proxy authentication but it seems that not only proxy is receiving credentials for proxy. In log, which is generated at target.host I can see header Proxy-Authorization: Basic .... httpclient.getCredentialsProvider().setCredentials( new AuthScope("proxy.host", 80), new UsernamePasswordCredentials("proxy_user", "proxy_pass")); List<String> authpref = new ArrayList<String>(); authpref.add(AuthPolicy.BASIC); httpclient.getParams().setParameter(AuthPNames.PROXY_AUTH_PREF, authpref); HttpHost targetHost = new HttpHost("target.host", 443, "https"); HttpHost proxy = new HttpHost("proxy.host", 80); httpclient.getParams().setParameter(ConnRoutePNames.DEFAULT_PROXY, proxy); HttpGet httpget = new HttpGet("/path/logrequest.php"); HttpResponse response = httpclient.execute(targetHost, httpget); I'm using httpclient-4.1. --d. -- Dusan Onofer

References:

http://www.kb.cert.org/vuls/id/153049
https://issues.apache.org/jira/browse/HTTPCLIENT-1061
https://bugzilla.redhat.com/show_bug.cgi?id=709531
http://www.securityfocus.com/bid/46974
http://www.apache.org/dist/httpcomponents/httpclient/RELEASE_NOTES-4.1.x.txt
http://openwall.com/lists/oss-security/2011/04/08/1
http://openwall.com/lists/oss-security/2011/04/07/7
http://marc.info/?l=httpclient-users&m=129858299106950&w=2
http://marc.info/?l=httpclient-users&m=129858274406594&w=2
http://marc.info/?l=httpclient-users&m=129857589129183&w=2
http://marc.info/?l=httpclient-users&m=129856318011586&w=2
http://marc.info/?l=httpclient-users&m=129853896315461&w=2
http://lists.fedoraproject.org/pipermail/package-announce/2011-June/061440.html


See this note in RAW Version
Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}
Copyright 2024, cxsecurity.com

 

Back to Top