CVE-2011-2524

Name of the Vulnerable Software and Affected Versions libsoup versions prior to 2.35.4 libsoup2.4 (affected versions not specified) libsoup-debuginfo-2.28.2 libsoup-devel-2.28.2 libsoup-2.28.2

Description The issue allows remote attackers to exploit a directory traversal vulnerability in the soup-uri.c file of the SoupServer in libsoup, potentially leading to unauthorized access to arbitrary files via a %2e%2e (encoded dot dot) in a URI. This could result in a breach of confidentiality of protected information. The vulnerability can be exploited remotely.

Recommendations For versions prior to 2.35.4, update to version 2.35.4 or later to resolve the issue. For libsoup2.4, no specific fix is provided, but ensuring the software is updated to the latest version may help mitigate the risk. For libsoup-debuginfo-2.28.2, libsoup-devel-2.28.2, and libsoup-2.28.2, consider restricting access to the soup-uri.c file and the SoupServer until a patch is available. As a temporary workaround, consider disabling the SoupServer functionality until a patch is available.