Oracle Solaris Third-Party Patch Update : libsoup (cve_2011_2524_directory_traversal)
Medium Nessus Plugin ID 80677
SynopsisThe remote Solaris system is missing a security patch for third-party software.
DescriptionThe remote Solaris system is missing necessary patches to address security updates :
- Directory traversal vulnerability in soup-uri.c in SoupServer in libsoup before 2.35.4 allows remote attackers to read arbitrary files via a %2e%2e (encoded dot dot) in a URI. (CVE-2011-2524)
SolutionUpgrade to Solaris 11/11 SRU 11.4.