Количество 17
Количество 17
CVE-2025-14523
A flaw in libsoup’s HTTP header handling allows multiple Host: headers in a request and returns the last occurrence for server-side processing. Common front proxies often honor the first Host: header, so this mismatch can cause vhost confusion where a proxy routes a request to one backend but the backend interprets it as destined for another host. This discrepancy enables request-smuggling style attacks, cache poisoning, or bypassing host-based access controls when an attacker supplies duplicate Host headers.
CVE-2025-14523
A flaw in libsoup’s HTTP header handling allows multiple Host: headers in a request and returns the last occurrence for server-side processing. Common front proxies often honor the first Host: header, so this mismatch can cause vhost confusion where a proxy routes a request to one backend but the backend interprets it as destined for another host. This discrepancy enables request-smuggling style attacks, cache poisoning, or bypassing host-based access controls when an attacker supplies duplicate Host headers.
CVE-2025-14523
Libsoup: libsoup: duplicate host header handling causes host-parsing discrepancy (first- vs last-value wins)
CVE-2025-14523
A flaw in libsoup\u2019s HTTP header handling allows multiple Host: he ...
SUSE-SU-2026:0123-1
Security update for libsoup
RLSA-2026:1509
Important: spice-client-win security update
RLSA-2026:0423
Important: libsoup3 security update
RLSA-2026:0422
Important: libsoup security update
RLSA-2026:0421
Important: libsoup security update
GHSA-4qpp-gxm3-h9vw
A flaw in libsoup’s HTTP header handling allows multiple Host: headers in a request and returns the last occurrence for server-side processing. Common front proxies often honor the first Host: header, so this mismatch can cause vhost confusion where a proxy routes a request to one backend but the backend interprets it as destined for another host. This discrepancy enables request-smuggling style attacks, cache poisoning, or bypassing host-based access controls when an attacker supplies duplicate Host headers.
ELSA-2026-0423
ELSA-2026-0423: libsoup3 security update (IMPORTANT)
ELSA-2026-0422
ELSA-2026-0422: libsoup security update (IMPORTANT)
ELSA-2026-0421
ELSA-2026-0421: libsoup security update (IMPORTANT)
SUSE-SU-2026:0258-1
Security update for libsoup2
SUSE-SU-2026:0253-1
Security update for libsoup2
SUSE-SU-2026:0257-1
Security update for libsoup
SUSE-SU-2026:0211-1
Security update for libsoup
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | CVE-2025-14523 A flaw in libsoup’s HTTP header handling allows multiple Host: headers in a request and returns the last occurrence for server-side processing. Common front proxies often honor the first Host: header, so this mismatch can cause vhost confusion where a proxy routes a request to one backend but the backend interprets it as destined for another host. This discrepancy enables request-smuggling style attacks, cache poisoning, or bypassing host-based access controls when an attacker supplies duplicate Host headers. | CVSS3: 8.2 | 0% Низкий | около 2 месяцев назад |
 | CVE-2025-14523 A flaw in libsoup’s HTTP header handling allows multiple Host: headers in a request and returns the last occurrence for server-side processing. Common front proxies often honor the first Host: header, so this mismatch can cause vhost confusion where a proxy routes a request to one backend but the backend interprets it as destined for another host. This discrepancy enables request-smuggling style attacks, cache poisoning, or bypassing host-based access controls when an attacker supplies duplicate Host headers. | CVSS3: 8.2 | 0% Низкий | около 2 месяцев назад |
 | CVE-2025-14523 Libsoup: libsoup: duplicate host header handling causes host-parsing discrepancy (first- vs last-value wins) | 0% Низкий | около 2 месяцев назад | |
| CVE-2025-14523 A flaw in libsoup\u2019s HTTP header handling allows multiple Host: he ... | CVSS3: 8.2 | 0% Низкий | около 2 месяцев назад |
 | SUSE-SU-2026:0123-1 Security update for libsoup | 0% Низкий | 26 дней назад | |
 | RLSA-2026:1509 Important: spice-client-win security update | 0% Низкий | 9 дней назад | |
| RLSA-2026:0423 Important: libsoup3 security update | 0% Низкий | 25 дней назад | |
| RLSA-2026:0422 Important: libsoup security update | 0% Низкий | 25 дней назад | |
| RLSA-2026:0421 Important: libsoup security update | 0% Низкий | 26 дней назад | |
| GHSA-4qpp-gxm3-h9vw A flaw in libsoup’s HTTP header handling allows multiple Host: headers in a request and returns the last occurrence for server-side processing. Common front proxies often honor the first Host: header, so this mismatch can cause vhost confusion where a proxy routes a request to one backend but the backend interprets it as destined for another host. This discrepancy enables request-smuggling style attacks, cache poisoning, or bypassing host-based access controls when an attacker supplies duplicate Host headers. | CVSS3: 8.2 | 0% Низкий | около 2 месяцев назад |
| ELSA-2026-0423 ELSA-2026-0423: libsoup3 security update (IMPORTANT) | 28 дней назад | ||
| ELSA-2026-0422 ELSA-2026-0422: libsoup security update (IMPORTANT) | 28 дней назад | ||
| ELSA-2026-0421 ELSA-2026-0421: libsoup security update (IMPORTANT) | 28 дней назад | ||
| SUSE-SU-2026:0258-1 Security update for libsoup2 | 17 дней назад | ||
| SUSE-SU-2026:0253-1 Security update for libsoup2 | 17 дней назад | ||
| SUSE-SU-2026:0257-1 Security update for libsoup | 17 дней назад | ||
| SUSE-SU-2026:0211-1 Security update for libsoup | 18 дней назад |
Уязвимостей на страницу