Path Traversal in Gnome Libsoup

CVE-2011-2524

Directory traversal vulnerability in soup-uri.c in SoupServer in libsoup before 2.35.4 allows remote attackers to read arbitrary files via a %2e%2e (encoded dot dot) in a URI.

Vulnerability class: Path Traversal (Directory Traversal)

EPSS: 0.009 (75.3th percentile) — read the EPSS interpretation.

Affected products

Gnome Libsoup — versions 2.0, 2.2, 2.2.0
N/a — versions n/a

Weakness classification (CWE)

CWE-22 — Path Traversal

References

47299 (x_refsource_SECUNIA, third-party-advisory)
secalert@redhat.com (x_refsource_CONFIRM)
FEDORA-2011-9763 (x_refsource_FEDORA, vendor-advisory)
RHSA-2011:1102 (x_refsource_REDHAT, vendor-advisory, Vendor Advisory)
1025864 (vdb-entry, x_refsource_SECTRACK)
DSA-2369 (vendor-advisory, x_refsource_DEBIAN)
secalert@redhat.com (Patch, x_refsource_MISC)
USN-1181-1 (x_refsource_UBUNTU, vendor-advisory)