51 matches found
PT-2026-26956
Name of the Vulnerable Software and Affected Versions libsoup affected versions not specified Description A use-after-free issue exists in libsoup's SoupServer. Specifically, the soup server disconnect function can free connection objects before a TLS handshake is finished. If the handshake...
PT-2026-7987
Name of the Vulnerable Software and Affected Versions libsoup affected versions not specified Description A flaw exists in libsoup, an HTTP library used in GNOME-based systems. Improper validation of HTTP Range headers when processing specially crafted requests can lead to out-of-bounds read acce...
PT-2026-5660
Name of the Vulnerable Software and Affected Versions SoupServer affected versions not specified Description A flaw exists in SoupServer related to improper handling of HTTP requests that combine Transfer-Encoding: chunked and Connection: keep-alive headers. This can lead to an HTTP request...
SUSE CVE-2011-2524
Directory traversal vulnerability in soup-uri.c in SoupServer in libsoup before 2.35.4 allows remote attackers to read arbitrary files via a %2e%2e encoded dot dot in a URI...
Scientific Linux Security Update : libsoup on SL6.x i386/x86_64
libsoup is an HTTP client/library implementation for GNOME. A directory traversal flaw was found in libsoup's SoupServer. If an application used SoupServer to implement an HTTP service, a remote attacker who is able to connect to that service could use this flaw to access any local files accessib...
CVE-2011-2524
Directory traversal vulnerability in soup-uri.c in SoupServer in libsoup before 2.35.4 allows remote attackers to read arbitrary files via a %2e%2e encoded dot dot in a URI...
DEBIAN-CVE-2011-2524
Directory traversal vulnerability in soup-uri.c in SoupServer in libsoup before 2.35.4 allows remote attackers to read arbitrary files via a %2e%2e encoded dot dot in a URI...
CVE-2011-2524
Directory traversal vulnerability in soup-uri.c in SoupServer in libsoup before 2.35.4 allows remote attackers to read arbitrary files via a %2e%2e encoded dot dot in a URI...
CVE-2011-2524
Directory traversal vulnerability in soup-uri.c in SoupServer in libsoup before 2.35.4 allows remote attackers to read arbitrary files via a %2e%2e encoded dot dot in a URI...
libsoup: SoupServer directory traversal flaw
Directory traversal vulnerability in soup-uri.c in SoupServer in libsoup before 2.35.4 allows remote attackers to read arbitrary files via a %2e%2e encoded dot dot in a URI...
libsoup -- unintentionally allow access to entire local filesystem
Dan Winship reports: Fixed a security hole that caused some SoupServer users to unintentionally allow accessing the entire local filesystem when they thought they were only providing access to a single directory...