CVE-2011-2524

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2011-2524
Directory traversal vulnerability in soup-uri.c in SoupServer in libsoup before 2.35.4 allows remote attackers to read arbitrary files via a %2e%2e (encoded dot dot) in a URI.

5.0 /10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:L/Au:N/C:P/I:N/A:N

Exploitability : 10.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References
Link Resource
http://git.gnome.org/browse/libsoup/tree/NEWS
http://lists.fedoraproject.org/pipermail/package-announce/2011-August/063431.html
http://secunia.com/advisories/47299
http://www.debian.org/security/2011/dsa-2369
http://www.redhat.com/support/errata/RHSA-2011-1102.html Vendor Advisory
http://www.securitytracker.com/id?1025864
http://www.ubuntu.com/usn/USN-1181-1
https://bugzilla.gnome.org/show_bug.cgi?id=653258 Patch
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:gnome:libsoup:*:*:*:*:*:*:*:*
cpe:2.3:a:gnome:libsoup:2.0:*:*:*:*:*:*:*
cpe:2.3:a:gnome:libsoup:2.2:*:*:*:*:*:*:*
cpe:2.3:a:gnome:libsoup:2.2.0:*:*:*:*:*:*:*
cpe:2.3:a:gnome:libsoup:2.2.1:*:*:*:*:*:*:*
cpe:2.3:a:gnome:libsoup:2.2.2:*:*:*:*:*:*:*
cpe:2.3:a:gnome:libsoup:2.2.3:*:*:*:*:*:*:*
cpe:2.3:a:gnome:libsoup:2.2.4:*:*:*:*:*:*:*
cpe:2.3:a:gnome:libsoup:2.2.5:*:*:*:*:*:*:*
cpe:2.3:a:gnome:libsoup:2.2.6:*:*:*:*:*:*:*
cpe:2.3:a:gnome:libsoup:2.2.6.1:*:*:*:*:*:*:*
cpe:2.3:a:gnome:libsoup:2.2.7:*:*:*:*:*:*:*
cpe:2.3:a:gnome:libsoup:2.2.91:*:*:*:*:*:*:*
cpe:2.3:a:gnome:libsoup:2.2.92:*:*:*:*:*:*:*
cpe:2.3:a:gnome:libsoup:2.2.93:*:*:*:*:*:*:*
cpe:2.3:a:gnome:libsoup:2.2.94:*:*:*:*:*:*:*
cpe:2.3:a:gnome:libsoup:2.2.95.1:*:*:*:*:*:*:*
cpe:2.3:a:gnome:libsoup:2.2.96:*:*:*:*:*:*:*
cpe:2.3:a:gnome:libsoup:2.2.97:*:*:*:*:*:*:*
cpe:2.3:a:gnome:libsoup:2.2.98:*:*:*:*:*:*:*
cpe:2.3:a:gnome:libsoup:2.2.99:*:*:*:*:*:*:*
cpe:2.3:a:gnome:libsoup:2.2.100:*:*:*:*:*:*:*
cpe:2.3:a:gnome:libsoup:2.2.101:*:*:*:*:*:*:*
cpe:2.3:a:gnome:libsoup:2.2.102:*:*:*:*:*:*:*
cpe:2.3:a:gnome:libsoup:2.2.103:*:*:*:*:*:*:*
cpe:2.3:a:gnome:libsoup:2.2.104:*:*:*:*:*:*:*
cpe:2.3:a:gnome:libsoup:2.3.0.1:*:*:*:*:*:*:*
cpe:2.3:a:gnome:libsoup:2.3.2:*:*:*:*:*:*:*
cpe:2.3:a:gnome:libsoup:2.3.4:*:*:*:*:*:*:*
cpe:2.3:a:gnome:libsoup:2.4.0:*:*:*:*:*:*:*
cpe:2.3:a:gnome:libsoup:2.4.1:*:*:*:*:*:*:*
cpe:2.3:a:gnome:libsoup:2.23.1:*:*:*:*:*:*:*
cpe:2.3:a:gnome:libsoup:2.23.6:*:*:*:*:*:*:*
cpe:2.3:a:gnome:libsoup:2.23.91:*:*:*:*:*:*:*
cpe:2.3:a:gnome:libsoup:2.23.92:*:*:*:*:*:*:*
cpe:2.3:a:gnome:libsoup:2.24.0.1:*:*:*:*:*:*:*
cpe:2.3:a:gnome:libsoup:2.24.1:*:*:*:*:*:*:*
cpe:2.3:a:gnome:libsoup:2.25.2:*:*:*:*:*:*:*
cpe:2.3:a:gnome:libsoup:2.25.3:*:*:*:*:*:*:*
cpe:2.3:a:gnome:libsoup:2.25.4:*:*:*:*:*:*:*
cpe:2.3:a:gnome:libsoup:2.25.5:*:*:*:*:*:*:*
cpe:2.3:a:gnome:libsoup:2.25.91:*:*:*:*:*:*:*
cpe:2.3:a:gnome:libsoup:2.26.0:*:*:*:*:*:*:*
cpe:2.3:a:gnome:libsoup:2.26.1:*:*:*:*:*:*:*
cpe:2.3:a:gnome:libsoup:2.27.1:*:*:*:*:*:*:*
cpe:2.3:a:gnome:libsoup:2.27.2:*:*:*:*:*:*:*
cpe:2.3:a:gnome:libsoup:2.27.4:*:*:*:*:*:*:*
cpe:2.3:a:gnome:libsoup:2.27.5:*:*:*:*:*:*:*
cpe:2.3:a:gnome:libsoup:2.27.90:*:*:*:*:*:*:*
cpe:2.3:a:gnome:libsoup:2.27.91:*:*:*:*:*:*:*
cpe:2.3:a:gnome:libsoup:2.27.92:*:*:*:*:*:*:*
cpe:2.3:a:gnome:libsoup:2.28.0:*:*:*:*:*:*:*
cpe:2.3:a:gnome:libsoup:2.28.1:*:*:*:*:*:*:*
cpe:2.3:a:gnome:libsoup:2.29.3:*:*:*:*:*:*:*
cpe:2.3:a:gnome:libsoup:2.29.5:*:*:*:*:*:*:*
cpe:2.3:a:gnome:libsoup:2.29.6:*:*:*:*:*:*:*
cpe:2.3:a:gnome:libsoup:2.29.90:*:*:*:*:*:*:*
cpe:2.3:a:gnome:libsoup:2.29.91:*:*:*:*:*:*:*
cpe:2.3:a:gnome:libsoup:2.30.0:*:*:*:*:*:*:*
cpe:2.3:a:gnome:libsoup:2.30.1:*:*:*:*:*:*:*
cpe:2.3:a:gnome:libsoup:2.31.2:*:*:*:*:*:*:*
cpe:2.3:a:gnome:libsoup:2.31.6:*:*:*:*:*:*:*
cpe:2.3:a:gnome:libsoup:2.31.90:*:*:*:*:*:*:*
cpe:2.3:a:gnome:libsoup:2.31.92:*:*:*:*:*:*:*
cpe:2.3:a:gnome:libsoup:2.32.0:*:*:*:*:*:*:*
cpe:2.3:a:gnome:libsoup:2.32.1:*:*:*:*:*:*:*
cpe:2.3:a:gnome:libsoup:2.32.2:*:*:*:*:*:*:*
cpe:2.3:a:gnome:libsoup:2.33.4:*:*:*:*:*:*:*
cpe:2.3:a:gnome:libsoup:2.33.5:*:*:*:*:*:*:*
cpe:2.3:a:gnome:libsoup:2.33.6:*:*:*:*:*:*:*
cpe:2.3:a:gnome:libsoup:2.33.90:*:*:*:*:*:*:*
cpe:2.3:a:gnome:libsoup:2.33.92:*:*:*:*:*:*:*
cpe:2.3:a:gnome:libsoup:2.34.0:*:*:*:*:*:*:*
cpe:2.3:a:gnome:libsoup:2.34.1:*:*:*:*:*:*:*
History

No history.

Information

Published : 2011-08-31 23:55

Updated : 2012-02-02 04:06

NVD link : CVE-2011-2524

Mitre link : CVE-2011-2524

CVE.ORG link : CVE-2011-2524

JSON object : View

Products Affected

gnome

  • libsoup
CWE
CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')