CVE-2006-5876 - The soup_headers_parse function in soup-headers.c for libsoup HTTP library before 2.2.99 allows remo

CVE-2006-5876

Summary

The soup_headers_parse function in soup-headers.c for libsoup HTTP library before 2.2.99 allows remote attackers to cause a denial of service (crash) via malformed HTTP headers, probably involving missing fields or values.

References

Vulnerable Configurations

cpe:2.3:a:libsoup:libsoup:2.2.98:*:*:*:*:*:*:*
cpe:2.3:a:libsoup:libsoup:2.2.98:*:*:*:*:*:*:*

CVSS

Base:	7.8 (as of 20-07-2017 - 01:34)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
NONE	NONE	COMPLETE

cvss-vector via4

AV:N/AC:L/Au:N/C:N/I:N/A:C

refmap via4

bid	22034
confirm	http://ftp.gnome.org/pub/gnome/sources/libsoup/2.2/libsoup-2.2.99.news https://issues.rpath.com/browse/RPL-965
debian	DSA-1248
fedora	FEDORA-2007-109
mandriva	MDKSA-2007:029
osvdb	31667
secunia	23734 23770 23871 23873 23961 23976
ubuntu	USN-411-1
vupen	ADV-2007-0173
xf	libsoup-soupheadersparse-dos(31519)

statements via4

contributor	Mark J Cox
lastmodified	2007-03-14
organization	Red Hat
statement	Not vulnerable. The vulnerable code is not used by any application likned with libsoup shipped with Red Hat Enterprise Linux 2.1, 3, and 4. Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.

Last major update

20-07-2017 - 01:34

Published

16-01-2007 - 19:28

Last modified

20-07-2017 - 01:34