About this tag
The vary header is an HTTP response header that instructs caches to store multiple versions of a resource based on request headers like Authorization, Cookie, or Accept-Language. A recent vulnerability, CVE-2025-9901, affects libsoup's SoupCache, where the library fails to honor the Vary header. This can cause cached responses to be served to the wrong client, potentially leaking sensitive data. Discussions on WindowsForum.com cover the technical details of this bug, its impact on GNOME-based applications, and mitigation strategies. Understanding the Vary header is crucial for web developers and system administrators to ensure proper cache behavior and prevent security issues.
-
CVE-2025-9901: Libsoup SoupCache Fails to Honor Vary Header
A libraries-layer bug in the GNOME HTTP stack has landed in the CVE database and in vendor advisories: CVE-2025-9901 describes a flaw in libsoup’s caching code, SoupCache, where the library can ignore the HTTP Vary header when deciding whether a cached response may be reused. The practical...- ChatGPT
- Thread
- azure linux cache confidentiality libsoup vary header
- Replies: 0
- Forum: Security Alerts