CVE-2011-2524

medium
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

Directory traversal vulnerability in soup-uri.c in SoupServer in libsoup before 2.35.4 allows remote attackers to read arbitrary files via a %2e%2e (encoded dot dot) in a URI.

References

http://git.gnome.org/browse/libsoup/tree/NEWS

http://lists.fedoraproject.org/pipermail/package-announce/2011-August/063431.html

http://secunia.com/advisories/47299

http://www.debian.org/security/2011/dsa-2369

http://www.redhat.com/support/errata/RHSA-2011-1102.html

http://www.securitytracker.com/id?1025864

http://www.ubuntu.com/usn/USN-1181-1

https://bugzilla.gnome.org/show_bug.cgi?id=653258

Details

Source: MITRE

Published: 2011-08-31

Updated: 2012-02-02

Type: CWE-22

Risk Information

CVSS v2

Base Score: 5

Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N

Impact Score: 2.9

Exploitability Score: 10

Severity: MEDIUM

Vulnerable Software

Configuration 1

OR

cpe:2.3:a:gnome:libsoup:2.0:*:*:*:*:*:*:*

cpe:2.3:a:gnome:libsoup:2.2:*:*:*:*:*:*:*

cpe:2.3:a:gnome:libsoup:2.2.0:*:*:*:*:*:*:*

cpe:2.3:a:gnome:libsoup:2.2.1:*:*:*:*:*:*:*

cpe:2.3:a:gnome:libsoup:2.2.2:*:*:*:*:*:*:*

cpe:2.3:a:gnome:libsoup:2.2.3:*:*:*:*:*:*:*

cpe:2.3:a:gnome:libsoup:2.2.4:*:*:*:*:*:*:*

cpe:2.3:a:gnome:libsoup:2.2.5:*:*:*:*:*:*:*

cpe:2.3:a:gnome:libsoup:2.2.6:*:*:*:*:*:*:*

cpe:2.3:a:gnome:libsoup:2.2.6.1:*:*:*:*:*:*:*

cpe:2.3:a:gnome:libsoup:2.2.7:*:*:*:*:*:*:*

cpe:2.3:a:gnome:libsoup:2.2.91:*:*:*:*:*:*:*

cpe:2.3:a:gnome:libsoup:2.2.92:*:*:*:*:*:*:*

cpe:2.3:a:gnome:libsoup:2.2.93:*:*:*:*:*:*:*

cpe:2.3:a:gnome:libsoup:2.2.94:*:*:*:*:*:*:*

cpe:2.3:a:gnome:libsoup:2.2.95.1:*:*:*:*:*:*:*

cpe:2.3:a:gnome:libsoup:2.2.96:*:*:*:*:*:*:*

cpe:2.3:a:gnome:libsoup:2.2.97:*:*:*:*:*:*:*

cpe:2.3:a:gnome:libsoup:2.2.98:*:*:*:*:*:*:*

cpe:2.3:a:gnome:libsoup:2.2.99:*:*:*:*:*:*:*

cpe:2.3:a:gnome:libsoup:2.2.100:*:*:*:*:*:*:*

cpe:2.3:a:gnome:libsoup:2.2.101:*:*:*:*:*:*:*

cpe:2.3:a:gnome:libsoup:2.2.102:*:*:*:*:*:*:*

cpe:2.3:a:gnome:libsoup:2.2.103:*:*:*:*:*:*:*

cpe:2.3:a:gnome:libsoup:2.2.104:*:*:*:*:*:*:*

cpe:2.3:a:gnome:libsoup:2.3.0.1:*:*:*:*:*:*:*

cpe:2.3:a:gnome:libsoup:2.3.2:*:*:*:*:*:*:*

cpe:2.3:a:gnome:libsoup:2.3.4:*:*:*:*:*:*:*

cpe:2.3:a:gnome:libsoup:2.4.0:*:*:*:*:*:*:*

cpe:2.3:a:gnome:libsoup:2.4.1:*:*:*:*:*:*:*

cpe:2.3:a:gnome:libsoup:2.23.1:*:*:*:*:*:*:*

cpe:2.3:a:gnome:libsoup:2.23.6:*:*:*:*:*:*:*

cpe:2.3:a:gnome:libsoup:2.23.91:*:*:*:*:*:*:*

cpe:2.3:a:gnome:libsoup:2.23.92:*:*:*:*:*:*:*

cpe:2.3:a:gnome:libsoup:2.24.0.1:*:*:*:*:*:*:*

cpe:2.3:a:gnome:libsoup:2.24.1:*:*:*:*:*:*:*

cpe:2.3:a:gnome:libsoup:2.25.2:*:*:*:*:*:*:*

cpe:2.3:a:gnome:libsoup:2.25.3:*:*:*:*:*:*:*

cpe:2.3:a:gnome:libsoup:2.25.4:*:*:*:*:*:*:*

cpe:2.3:a:gnome:libsoup:2.25.5:*:*:*:*:*:*:*

cpe:2.3:a:gnome:libsoup:2.25.91:*:*:*:*:*:*:*

cpe:2.3:a:gnome:libsoup:2.26.0:*:*:*:*:*:*:*

cpe:2.3:a:gnome:libsoup:2.26.1:*:*:*:*:*:*:*

cpe:2.3:a:gnome:libsoup:2.27.1:*:*:*:*:*:*:*

cpe:2.3:a:gnome:libsoup:2.27.2:*:*:*:*:*:*:*

cpe:2.3:a:gnome:libsoup:2.27.4:*:*:*:*:*:*:*

cpe:2.3:a:gnome:libsoup:2.27.5:*:*:*:*:*:*:*

cpe:2.3:a:gnome:libsoup:2.27.90:*:*:*:*:*:*:*

cpe:2.3:a:gnome:libsoup:2.27.91:*:*:*:*:*:*:*

cpe:2.3:a:gnome:libsoup:2.27.92:*:*:*:*:*:*:*

cpe:2.3:a:gnome:libsoup:2.28.0:*:*:*:*:*:*:*

cpe:2.3:a:gnome:libsoup:2.28.1:*:*:*:*:*:*:*

cpe:2.3:a:gnome:libsoup:2.29.3:*:*:*:*:*:*:*

cpe:2.3:a:gnome:libsoup:2.29.5:*:*:*:*:*:*:*

cpe:2.3:a:gnome:libsoup:2.29.6:*:*:*:*:*:*:*

cpe:2.3:a:gnome:libsoup:2.29.90:*:*:*:*:*:*:*

cpe:2.3:a:gnome:libsoup:2.29.91:*:*:*:*:*:*:*

cpe:2.3:a:gnome:libsoup:2.30.0:*:*:*:*:*:*:*

cpe:2.3:a:gnome:libsoup:2.30.1:*:*:*:*:*:*:*

cpe:2.3:a:gnome:libsoup:2.31.2:*:*:*:*:*:*:*

cpe:2.3:a:gnome:libsoup:2.31.6:*:*:*:*:*:*:*

cpe:2.3:a:gnome:libsoup:2.31.90:*:*:*:*:*:*:*

cpe:2.3:a:gnome:libsoup:2.31.92:*:*:*:*:*:*:*

cpe:2.3:a:gnome:libsoup:2.32.0:*:*:*:*:*:*:*

cpe:2.3:a:gnome:libsoup:2.32.1:*:*:*:*:*:*:*

cpe:2.3:a:gnome:libsoup:2.32.2:*:*:*:*:*:*:*

cpe:2.3:a:gnome:libsoup:2.33.4:*:*:*:*:*:*:*

cpe:2.3:a:gnome:libsoup:2.33.5:*:*:*:*:*:*:*

cpe:2.3:a:gnome:libsoup:2.33.6:*:*:*:*:*:*:*

cpe:2.3:a:gnome:libsoup:2.33.90:*:*:*:*:*:*:*

cpe:2.3:a:gnome:libsoup:2.33.92:*:*:*:*:*:*:*

cpe:2.3:a:gnome:libsoup:2.34.0:*:*:*:*:*:*:*

cpe:2.3:a:gnome:libsoup:2.34.1:*:*:*:*:*:*:*

cpe:2.3:a:gnome:libsoup:*:*:*:*:*:*:*:* versions up to 2.35.3 (inclusive)

Tenable Plugins

View all (15 total)

IDNameProductFamilySeverity
80677Oracle Solaris Third-Party Patch Update : libsoup (cve_2011_2524_directory_traversal)NessusSolaris Local Security Checks
medium
79962GLSA-201412-09 : Multiple packages, Multiple vulnerabilities fixed in 2011NessusGentoo Local Security Checks
critical
75921openSUSE Security Update : libsoup-2_4-1 (openSUSE-SU-2011:0875-1)NessusSuSE Local Security Checks
medium
75614openSUSE Security Update : libsoup-2_4-1 (openSUSE-SU-2011:0875-1)NessusSuSE Local Security Checks
medium
68315Oracle Linux 6 : libsoup (ELSA-2011-1102)NessusOracle Linux Local Security Checks
medium
6902EAServer <= 6.3.1 Multiple VulnerabilitiesNessus Network MonitorWeb Servers
medium
61102Scientific Linux Security Update : libsoup on SL6.x i386/x86_64NessusScientific Linux Local Security Checks
medium
58475Mandriva Linux Security Advisory : libsoup (MDVSA-2012:036)NessusMandriva Local Security Checks
medium
57509Debian DSA-2369-1 : libsoup2.4 - insufficient input sanitizationNessusDebian Local Security Checks
medium
56297Fedora 14 : libsoup-2.32.2-2.fc14 (2011-9820)NessusFedora Local Security Checks
medium
55774SuSE 11.1 Security Update : libsoup (SAT Patch Number 4945)NessusSuSE Local Security Checks
medium
55771Fedora 15 : libsoup-2.34.3-1.fc15 (2011-9763)NessusFedora Local Security Checks
medium
55731Ubuntu 10.04 LTS / 10.10 / 11.04 : libsoup2.4 vulnerability (USN-1181-1)NessusUbuntu Local Security Checks
medium
55724RHEL 6 : libsoup (RHSA-2011:1102)NessusRed Hat Local Security Checks
medium
10297Web Server Directory Traversal Arbitrary File AccessNessusWeb Servers
critical