5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
0.006 Low
EPSS
Percentile
76.6%
libsoup is an HTTP client/library implementation for GNOME.
A directory traversal flaw was found in libsoup’s SoupServer. If an
application used SoupServer to implement an HTTP service, a remote attacker
who is able to connect to that service could use this flaw to access any
local files accessible to that application via a specially-crafted request.
(CVE-2011-2524)
All users of libsoup should upgrade to these updated packages, which
contain a backported patch to resolve this issue. All running applications
using libsoup’s SoupServer must be restarted for the update to take effect.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
RedHat | 6 | ppc | libsoup-devel | < 2.28.2-1.el6_1.1 | libsoup-devel-2.28.2-1.el6_1.1.ppc.rpm |
RedHat | 6 | x86_64 | libsoup | < 2.28.2-1.el6_1.1 | libsoup-2.28.2-1.el6_1.1.x86_64.rpm |
RedHat | 6 | ppc | libsoup-debuginfo | < 2.28.2-1.el6_1.1 | libsoup-debuginfo-2.28.2-1.el6_1.1.ppc.rpm |
RedHat | 6 | s390 | libsoup | < 2.28.2-1.el6_1.1 | libsoup-2.28.2-1.el6_1.1.s390.rpm |
RedHat | 6 | i686 | libsoup | < 2.28.2-1.el6_1.1 | libsoup-2.28.2-1.el6_1.1.i686.rpm |
RedHat | 6 | ppc | libsoup | < 2.28.2-1.el6_1.1 | libsoup-2.28.2-1.el6_1.1.ppc.rpm |
RedHat | 6 | s390 | libsoup-devel | < 2.28.2-1.el6_1.1 | libsoup-devel-2.28.2-1.el6_1.1.s390.rpm |
RedHat | 6 | s390 | libsoup-debuginfo | < 2.28.2-1.el6_1.1 | libsoup-debuginfo-2.28.2-1.el6_1.1.s390.rpm |
RedHat | 6 | s390x | libsoup-debuginfo | < 2.28.2-1.el6_1.1 | libsoup-debuginfo-2.28.2-1.el6_1.1.s390x.rpm |
RedHat | 6 | src | libsoup | < 2.28.2-1.el6_1.1 | libsoup-2.28.2-1.el6_1.1.src.rpm |