ID CVE-2006-5876
Summary The soup_headers_parse function in soup-headers.c for libsoup HTTP library before 2.2.99 allows remote attackers to cause a denial of service (crash) via malformed HTTP headers, probably involving missing fields or values.
References
Vulnerable Configurations
  • cpe:2.3:a:libsoup:libsoup:2.2.98
    cpe:2.3:a:libsoup:libsoup:2.2.98
CVSS
Base: 7.8 (as of 16-01-2007 - 15:06)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE COMPLETE
nessus via4
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-1248.NASL
    description Roland Lezuo and Josselin Mouette discovered that the libsoup HTTP library performs insufficient sanitising when parsing HTTP headers, which might lead to denial of service.
    last seen 2019-02-21
    modified 2018-08-09
    plugin id 24025
    published 2007-01-17
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=24025
    title Debian DSA-1248-1 : libsoup - missing input sanitising
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-411-1.NASL
    description Roland Lezuo and Josselin Mouette discovered that the HTTP server code in libsoup did not correctly verify request headers. Remote attackers could crash applications using libsoup by sending a crafted HTTP request, resulting in a denial of service. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-28
    plugin id 28000
    published 2007-11-10
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=28000
    title Ubuntu 5.10 / 6.06 LTS / 6.10 : libsoup vulnerability (USN-411-1)
  • NASL family SuSE Local Security Checks
    NASL id SUSE9_11401.NASL
    description This update fixes a bug in the HTTP header parsing code. Applications using this library maybe vulnerable to a remote denial-of-service attack. (CVE-2006-5876)
    last seen 2019-02-21
    modified 2012-04-23
    plugin id 41114
    published 2009-09-24
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=41114
    title SuSE9 Security Update : libsoup (YOU Patch Number 11401)
  • NASL family Mandriva Local Security Checks
    NASL id MANDRAKE_MDKSA-2007-029.NASL
    description The soup_headers_parse function in soup-headers.c for libsoup HTTP library before 2.2.99 allows remote attackers to cause a denial of service (crash) via malformed HTTP headers, probably involving missing fields or values. The updated packages have been patched to correct this issue.
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 24642
    published 2007-02-18
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=24642
    title Mandrake Linux Security Advisory : libsoup (MDKSA-2007:029)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2007-109.NASL
    description Update to the latest libsoup 2.2 release. This release fixes a security flaw that causes the libsoup server to crash when it receives a malformed HTTP GET header. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2015-10-21
    plugin id 24298
    published 2007-02-09
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=24298
    title Fedora Core 6 : libsoup-2.2.99-1.fc6 (2007-109)
  • NASL family SuSE Local Security Checks
    NASL id SUSE9_11461.NASL
    description This update fixes a bug in the HTTP header parsing code of the included libsoup. This bug makes rcd vulnerable to a remote denial-of-service attack. (CVE-2006-5876)
    last seen 2019-02-21
    modified 2012-04-23
    plugin id 41119
    published 2009-09-24
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=41119
    title SuSE9 Security Update : Red Carpet (YOU Patch Number 11461)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_LIBSOUP-2501.NASL
    description This update fixes a bug in the HTTP header parsing code. Applications using this library maybe vulnerable to a remote denial-of-service attack. (CVE-2006-5876)
    last seen 2019-02-21
    modified 2012-05-17
    plugin id 29511
    published 2007-12-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=29511
    title SuSE 10 Security Update : libsoup (ZYPP Patch Number 2501)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_LIBSOUP-2503.NASL
    description This update fixes a bug in the HTTP header parsing code. Applications using this library maybe vulnerable to a remote denial-of-service attack. (CVE-2006-5876)
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 27333
    published 2007-10-17
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=27333
    title openSUSE 10 Security Update : libsoup (libsoup-2503)
refmap via4
bid 22034
confirm
debian DSA-1248
fedora FEDORA-2007-109
mandriva MDKSA-2007:029
osvdb 31667
secunia
  • 23734
  • 23770
  • 23871
  • 23873
  • 23961
  • 23976
ubuntu USN-411-1
vupen ADV-2007-0173
xf libsoup-soupheadersparse-dos(31519)
statements via4
contributor Mark J Cox
lastmodified 2007-03-14
organization Red Hat
statement Not vulnerable. The vulnerable code is not used by any application likned with libsoup shipped with Red Hat Enterprise Linux 2.1, 3, and 4. Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.
Last major update 07-03-2011 - 21:43
Published 16-01-2007 - 14:28
Last modified 19-07-2017 - 21:34
Back to Top