Directory Traversal Vulnerability in Libsoup Affects Multiple Products
CVE-2011-2524

Currently unrated

Key Information:

Vendor: Gnome
Status: Libsoup
Vendor: CVE Published:; 31 August 2011

Summary

A directory traversal vulnerability in libsoup allows remote attackers to access arbitrary files on the server. By manipulating the URI with encoded parameters, specifically using %2e%2e (encoded dot dot), attackers can circumvent security restrictions and potentially read sensitive files from the affected system. This issue affects all versions of libsoup before 2.35.4, warranting immediate attention from system administrators and developers to mitigate potential exploitation.

References

http://secunia.com/advisories/47299

third-party-advisoryx_refsource_SECUNIA

http://git.gnome.org/browse/libsoup/tree/NEWS

x_refsource_CONFIRM

http://lists.fedoraproject.org/pipermail/package-announce...

vendor-advisoryx_refsource_FEDORA

Timeline

Vulnerability published
Aug 31, 2011
Vulnerability Reserved
Jun 15, 2011