libsoup Vary Header Caching Vulnerability Leading to Information Disclosure

Vulnerability

A vulnerability exists in the libsoup HTTP library's caching mechanism, SoupCache, where the HTTP Vary header is disregarded when assessing cached responses. This header is crucial for ensuring that responses vary according to request headers like language or authentication. The absence of this check can lead to cached content being improperly reused across different requests, potentially revealing sensitive user information. While this flaw is unlikely to impact typical desktop usage, it could cause confidentiality issues in proxy or multi-user environments.

Impact

Exploitation of this vulnerability could result in the unintentional disclosure of sensitive or user-specific information, as cached responses containing confidential data might be served to the wrong users.

Added: Sep 3, 2025, 1:38 PM

Updated: Sep 3, 2025, 1:38 PM

Vulnerability Rating

Custom Algorithm

spread

7.3

impact

2.5

exploitability

8.0

remediation

0.0

relevance

0.5

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

7.3

impact

2.5

exploitability

8.0

remediation

0.0

relevance

0.5

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

libsoup Vary Header Caching Vulnerability Leading to Information Disclosure

Vulnerability

Impact

Affected Products

libsoup

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating