Описание
A flaw in libsoup’s HTTP header handling allows multiple Host: headers in a request and returns the last occurrence for server-side processing. Common front proxies often honor the first Host: header, so this mismatch can cause vhost confusion where a proxy routes a request to one backend but the backend interprets it as destined for another host. This discrepancy enables request-smuggling style attacks, cache poisoning, or bypassing host-based access controls when an attacker supplies duplicate Host headers.
Отчет
This vulnerability is rated Important for Red Hat products that utilize libsoup in environments where applications are exposed via a front proxy. The flaw arises from a discrepancy in how libsoup processes duplicate Host: headers (last-value wins) compared to many proxies (first-value wins). This mismatch can lead to virtual-host confusion, enabling attackers to bypass host-based access controls or perform cache poisoning. Systems where libsoup applications are directly accessible without an intervening proxy are not affected by this specific issue.
Меры по смягчению последствий
Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 6 | libsoup | Out of support scope | ||
| Red Hat Enterprise Linux 10 | libsoup3 | Fixed | RHSA-2026:0423 | 12.01.2026 |
| Red Hat Enterprise Linux 10.0 Extended Update Support | libsoup3 | Fixed | RHSA-2026:0836 | 20.01.2026 |
| Red Hat Enterprise Linux 7 Extended Lifecycle Support | libsoup | Fixed | RHSA-2026:0925 | 21.01.2026 |
| Red Hat Enterprise Linux 8 | libsoup | Fixed | RHSA-2026:0421 | 12.01.2026 |
| Red Hat Enterprise Linux 8 | spice-client-win | Fixed | RHSA-2026:1509 | 28.01.2026 |
| Red Hat Enterprise Linux 8 | libsoup | Fixed | RHSA-2026:0421 | 12.01.2026 |
| Red Hat Enterprise Linux 8.2 Advanced Update Support | libsoup | Fixed | RHSA-2026:0911 | 21.01.2026 |
| Red Hat Enterprise Linux 8.2 Advanced Update Support | spice-client-win | Fixed | RHSA-2026:1571 | 29.01.2026 |
| Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support | libsoup | Fixed | RHSA-2026:0909 | 21.01.2026 |
Показывать по
Дополнительная информация
Статус:
8.2 High
CVSS3
Связанные уязвимости
A flaw in libsoup’s HTTP header handling allows multiple Host: headers in a request and returns the last occurrence for server-side processing. Common front proxies often honor the first Host: header, so this mismatch can cause vhost confusion where a proxy routes a request to one backend but the backend interprets it as destined for another host. This discrepancy enables request-smuggling style attacks, cache poisoning, or bypassing host-based access controls when an attacker supplies duplicate Host headers.
A flaw in libsoup’s HTTP header handling allows multiple Host: headers in a request and returns the last occurrence for server-side processing. Common front proxies often honor the first Host: header, so this mismatch can cause vhost confusion where a proxy routes a request to one backend but the backend interprets it as destined for another host. This discrepancy enables request-smuggling style attacks, cache poisoning, or bypassing host-based access controls when an attacker supplies duplicate Host headers.
Libsoup: libsoup: duplicate host header handling causes host-parsing discrepancy (first- vs last-value wins)
A flaw in libsoup\u2019s HTTP header handling allows multiple Host: he ...
8.2 High
CVSS3