FKIE_CVE-2011-2524
Vulnerability from fkie_nvd - Published: 2011-08-31 23:55 - Updated: 2025-04-11 00:51
Severity ?
Summary
Directory traversal vulnerability in soup-uri.c in SoupServer in libsoup before 2.35.4 allows remote attackers to read arbitrary files via a %2e%2e (encoded dot dot) in a URI.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:gnome:libsoup:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8C5DD5AB-8CB2-4B2E-AE93-3754085845ED",
"versionEndIncluding": "2.35.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:libsoup:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "99EFB489-06D8-402D-8470-38551BCB2FC6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:libsoup:2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B1C82429-BB29-49E7-ADFA-EED16ED7AFC8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:libsoup:2.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9B9D7017-F606-4466-8F9A-817C6862AD95",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:libsoup:2.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3619C616-7DAB-4035-9D23-2F2336954DBB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:libsoup:2.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E672080A-06D2-4C2C-B3D1-BE679D5649BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:libsoup:2.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "6B1B4616-3889-41B6-870F-37DC78A153FA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:libsoup:2.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "2E1E613A-B333-4E96-90BA-A2AD4363DEB8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:libsoup:2.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "8EEDB4A8-5593-47C3-92F3-F91476C0D4F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:libsoup:2.2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "FD001D38-16AB-4AFB-9DC6-F7A340436E2B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:libsoup:2.2.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6D5398E1-3FB1-4BEA-9278-F9C041A34BD2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:libsoup:2.2.7:*:*:*:*:*:*:*",
"matchCriteriaId": "C03F3575-9B90-419C-A5A5-5535F537F096",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:libsoup:2.2.91:*:*:*:*:*:*:*",
"matchCriteriaId": "467EDDA7-DA81-4DC5-815F-9D1B394CB02F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:libsoup:2.2.92:*:*:*:*:*:*:*",
"matchCriteriaId": "63FE3D88-0596-479B-8E38-E47C7FA04397",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:libsoup:2.2.93:*:*:*:*:*:*:*",
"matchCriteriaId": "BF7DEA94-7E9C-457B-B095-66CC23E9681F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:libsoup:2.2.94:*:*:*:*:*:*:*",
"matchCriteriaId": "0F806A86-1250-49EE-992A-09574191D087",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:libsoup:2.2.95.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E72DA717-D352-4DCB-BBF9-231284B945F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:libsoup:2.2.96:*:*:*:*:*:*:*",
"matchCriteriaId": "19FD71C4-0D7E-4E32-ABFB-35D2943AFC5C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:libsoup:2.2.97:*:*:*:*:*:*:*",
"matchCriteriaId": "3AE675A3-B03B-4417-8671-F289604C2291",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:libsoup:2.2.98:*:*:*:*:*:*:*",
"matchCriteriaId": "5AE3AD41-FAEA-41CE-8317-89E76BE9FE68",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:libsoup:2.2.99:*:*:*:*:*:*:*",
"matchCriteriaId": "0DD23A95-C65E-4C2E-BAAC-0D8364A1DBF8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:libsoup:2.2.100:*:*:*:*:*:*:*",
"matchCriteriaId": "969CB6C0-AD9B-4F48-B77A-0BE3F56B0B22",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:libsoup:2.2.101:*:*:*:*:*:*:*",
"matchCriteriaId": "95B2D824-7560-4779-A844-07D86C2CCAAB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:libsoup:2.2.102:*:*:*:*:*:*:*",
"matchCriteriaId": "EBCC06A9-A79D-4CB2-ADCD-AC1987E2790B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:libsoup:2.2.103:*:*:*:*:*:*:*",
"matchCriteriaId": "25DE1614-7F35-4484-BE88-F9C4D9935EC1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:libsoup:2.2.104:*:*:*:*:*:*:*",
"matchCriteriaId": "1756B5C1-18E1-4C6D-89AD-17432B29EBB9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:libsoup:2.3.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "22EA54CB-F7C9-4B17-9118-BA335B9E8D46",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:libsoup:2.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0C43A424-B38A-4819-AFC3-3532C447DF9F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:libsoup:2.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "3C994C81-6B80-47E8-AD70-B2DC7BF12209",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:libsoup:2.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FC08FAE6-B41F-41B8-B819-F582DBEA918A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:libsoup:2.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6D6E08FA-E647-42B7-A033-806DAC1F4951",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:libsoup:2.23.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2752C2FA-7627-4488-88A5-5E6F76FC8F3D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:libsoup:2.23.6:*:*:*:*:*:*:*",
"matchCriteriaId": "1F4AE3DE-5379-47A0-9BDC-AB49323F85C1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:libsoup:2.23.91:*:*:*:*:*:*:*",
"matchCriteriaId": "896575A0-8B7B-43BE-A653-0BEF54E3049B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:libsoup:2.23.92:*:*:*:*:*:*:*",
"matchCriteriaId": "A02CCE6B-C774-4D9C-AD88-69D24651E1F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:libsoup:2.24.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9299BB6F-DF57-427C-A0D0-7F872810420B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:libsoup:2.24.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BEB94071-AB85-412E-A31B-29FD8189484D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:libsoup:2.25.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0BC56735-58B1-4780-ABA9-32501C24B56F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:libsoup:2.25.3:*:*:*:*:*:*:*",
"matchCriteriaId": "72B7C474-9C79-4C1F-B0A3-A5780F87379A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:libsoup:2.25.4:*:*:*:*:*:*:*",
"matchCriteriaId": "BF3B6CBD-5F44-4FC6-83B7-41134055D1AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:libsoup:2.25.5:*:*:*:*:*:*:*",
"matchCriteriaId": "832089BA-670E-40E1-A812-164F13FE29C1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:libsoup:2.25.91:*:*:*:*:*:*:*",
"matchCriteriaId": "6C76B162-8BCC-43A9-A00B-BEDC16F02C2E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:libsoup:2.26.0:*:*:*:*:*:*:*",
"matchCriteriaId": "42B5A587-2F23-42CB-BE0F-1F5A4E96AD06",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:libsoup:2.26.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C713940D-24D7-429F-B961-E3E1651F30C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:libsoup:2.27.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4C537C96-A138-4D5D-A657-E04D3E2B04AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:libsoup:2.27.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6C5EFE4E-ED20-4CB2-B0DE-D7A726F26221",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:libsoup:2.27.4:*:*:*:*:*:*:*",
"matchCriteriaId": "99340F6B-F033-497F-AD66-655504495CBD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:libsoup:2.27.5:*:*:*:*:*:*:*",
"matchCriteriaId": "7DFE407F-7F02-4E08-9242-41E51A436F1D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:libsoup:2.27.90:*:*:*:*:*:*:*",
"matchCriteriaId": "A838EB16-BC34-4747-84E6-FD31718BC708",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:libsoup:2.27.91:*:*:*:*:*:*:*",
"matchCriteriaId": "EB6F6369-34FD-47D2-A829-BB36CBAAA99A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:libsoup:2.27.92:*:*:*:*:*:*:*",
"matchCriteriaId": "054A96BA-6584-4D6B-AEB5-FE12209E5C69",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:libsoup:2.28.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0FAB459F-29F5-4AD9-95F4-95F5D05FE91B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:libsoup:2.28.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9FFD7530-6548-4A91-9A0A-F80429368E4B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:libsoup:2.29.3:*:*:*:*:*:*:*",
"matchCriteriaId": "0B48661A-D82E-49D7-917C-3D6A3A7CE116",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:libsoup:2.29.5:*:*:*:*:*:*:*",
"matchCriteriaId": "BA0FA486-3657-48DC-9E10-11EE8A1458B7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:libsoup:2.29.6:*:*:*:*:*:*:*",
"matchCriteriaId": "15F7CFA6-628D-4CF5-93EB-55519CF955EB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:libsoup:2.29.90:*:*:*:*:*:*:*",
"matchCriteriaId": "5D1878C5-80C7-4DC2-987C-1BC52E63A8C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:libsoup:2.29.91:*:*:*:*:*:*:*",
"matchCriteriaId": "7D7E6439-AC14-4D45-BC73-C0BF7E79BE9D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:libsoup:2.30.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C2E158D5-987A-4F93-82A0-CF74527CA210",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:libsoup:2.30.1:*:*:*:*:*:*:*",
"matchCriteriaId": "CE0D94D2-D74A-448F-9DF5-4B4C23138E0A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:libsoup:2.31.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0D363498-6F1D-4EEF-853D-905F1D95E62D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:libsoup:2.31.6:*:*:*:*:*:*:*",
"matchCriteriaId": "981AF805-9646-4913-B274-1969AFACC734",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:libsoup:2.31.90:*:*:*:*:*:*:*",
"matchCriteriaId": "C1197161-E084-4485-BA72-B60C07469680",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:libsoup:2.31.92:*:*:*:*:*:*:*",
"matchCriteriaId": "F9E91156-537E-4885-87C2-EC4BA8C2B306",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:libsoup:2.32.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9130A56A-2995-455A-8A51-1A0A85F3D38E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:libsoup:2.32.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F3A81CD2-1192-4F9E-8BF4-BF86445E11AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:libsoup:2.32.2:*:*:*:*:*:*:*",
"matchCriteriaId": "92398648-8754-4130-BA90-A54838AFA159",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:libsoup:2.33.4:*:*:*:*:*:*:*",
"matchCriteriaId": "C536F346-4B27-4A53-A942-68531D9991A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:libsoup:2.33.5:*:*:*:*:*:*:*",
"matchCriteriaId": "8F602177-543B-4A42-92C1-53F1573518FD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:libsoup:2.33.6:*:*:*:*:*:*:*",
"matchCriteriaId": "8011A42F-B7EF-44F2-BE9A-E2543EB1C808",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:libsoup:2.33.90:*:*:*:*:*:*:*",
"matchCriteriaId": "EC3501F1-B153-4870-A7A4-741ACA848656",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:libsoup:2.33.92:*:*:*:*:*:*:*",
"matchCriteriaId": "398B638B-9879-403D-9F55-59FCC8CE3F31",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:libsoup:2.34.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A16CBF8D-7411-4E16-81B0-47696F036C35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:libsoup:2.34.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4AC22BA2-D63A-48F8-BF0F-90D664EA6856",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in soup-uri.c in SoupServer in libsoup before 2.35.4 allows remote attackers to read arbitrary files via a %2e%2e (encoded dot dot) in a URI."
},
{
"lang": "es",
"value": "Una vulnerabilidad de salto de directorio en la soup-uri.c en SoupServer en libsoup antes de v2.35.4 permite a atacantes remotos leer archivos de su elecci\u00f3n a trav\u00e9s de un %2e%2e (punto punto) en la URI."
}
],
"id": "CVE-2011-2524",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2011-08-31T23:55:02.957",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://git.gnome.org/browse/libsoup/tree/NEWS"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-August/063431.html"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/47299"
},
{
"source": "secalert@redhat.com",
"url": "http://www.debian.org/security/2011/dsa-2369"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.redhat.com/support/errata/RHSA-2011-1102.html"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securitytracker.com/id?1025864"
},
{
"source": "secalert@redhat.com",
"url": "http://www.ubuntu.com/usn/USN-1181-1"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "https://bugzilla.gnome.org/show_bug.cgi?id=653258"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://git.gnome.org/browse/libsoup/tree/NEWS"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-August/063431.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/47299"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2011/dsa-2369"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.redhat.com/support/errata/RHSA-2011-1102.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1025864"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/USN-1181-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://bugzilla.gnome.org/show_bug.cgi?id=653258"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…