Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
amazonAmazonALAS-2014-438
HistoryOct 28, 2014 - 5:17 p.m.

Medium: cups

2014-10-2817:17:00
alas.aws.amazon.com
13

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.009 Low

EPSS

Percentile

82.2%

JSON

Issue Overview:

A cross-site scripting (XSS) flaw was found in the CUPS web interface. An attacker could use this flaw to perform a cross-site scripting attack against users of the CUPS web interface. (CVE-2014-2856)

It was discovered that CUPS allowed certain users to create symbolic links in certain directories under /var/cache/cups/. A local user with the ‘lp’ group privileges could use this flaw to read the contents of arbitrary files on the system or, potentially, escalate their privileges on the system. (CVE-2014-3537, CVE-2014-5029, CVE-2014-5030, CVE-2014-5031)

Affected Packages:

cups

Issue Correction:
Run yum update cups to update your system.

New Packages:

i686:  
    cups-libs-1.4.2-67.20.al12.i686  
    cups-lpd-1.4.2-67.20.al12.i686  
    cups-devel-1.4.2-67.20.al12.i686  
    cups-php-1.4.2-67.20.al12.i686  
    cups-1.4.2-67.20.al12.i686  
    cups-debuginfo-1.4.2-67.20.al12.i686  
  
src:  
    cups-1.4.2-67.20.al12.src  
  
x86_64:  
    cups-lpd-1.4.2-67.20.al12.x86_64  
    cups-devel-1.4.2-67.20.al12.x86_64  
    cups-libs-1.4.2-67.20.al12.x86_64  
    cups-debuginfo-1.4.2-67.20.al12.x86_64  
    cups-1.4.2-67.20.al12.x86_64  
    cups-php-1.4.2-67.20.al12.x86_64

Additional References

Red Hat: CVE-2014-2856, CVE-2014-3537, CVE-2014-5029, CVE-2014-5030, CVE-2014-5031

Mitre: CVE-2014-2856, CVE-2014-3537, CVE-2014-5029, CVE-2014-5030, CVE-2014-5031

OSVersionArchitecturePackageVersionFilename
Amazon Linuxanyi686cups-libs< 1.4.2-67.20.al12cups-libs-1.4.2-67.20.al12.i686.rpm
Amazon Linuxanyi686cups-lpd< 1.4.2-67.20.al12cups-lpd-1.4.2-67.20.al12.i686.rpm
Amazon Linuxanyi686cups-devel< 1.4.2-67.20.al12cups-devel-1.4.2-67.20.al12.i686.rpm
Amazon Linuxanyi686cups-php< 1.4.2-67.20.al12cups-php-1.4.2-67.20.al12.i686.rpm
Amazon Linuxanyi686cups< 1.4.2-67.20.al12cups-1.4.2-67.20.al12.i686.rpm
Amazon Linuxanyi686cups-debuginfo< 1.4.2-67.20.al12cups-debuginfo-1.4.2-67.20.al12.i686.rpm
Amazon Linuxanyx86_64cups-lpd< 1.4.2-67.20.al12cups-lpd-1.4.2-67.20.al12.x86_64.rpm
Amazon Linuxanyx86_64cups-devel< 1.4.2-67.20.al12cups-devel-1.4.2-67.20.al12.x86_64.rpm
Amazon Linuxanyx86_64cups-libs< 1.4.2-67.20.al12cups-libs-1.4.2-67.20.al12.x86_64.rpm
Amazon Linuxanyx86_64cups-debuginfo< 1.4.2-67.20.al12cups-debuginfo-1.4.2-67.20.al12.x86_64.rpm
Rows per page:
1-10 of 121

Related

nessus 26
openvas 25
oraclelinux 1
redhat 1
centos 1
securityvulns 7
osv 1
fedora 6
debian 3
mageia 2
ubuntu 3
debiancve 5
cve 5
prion 5
veracode 5
ubuntucve 5
checkpoint_advisories 2
nessus
nessus
RHEL 6 : cups (RHSA-2014:1388)
2014-10-14 00:00:00
Oracle Linux 6 : cups (ELSA-2014-1388)
2014-10-17 00:00:00
CentOS 6 : cups (CESA-2014:1388)
2014-11-12 00:00:00
openvas
openvas
Oracle: Security Advisory (ELSA-2014-1388)
2015-10-06 00:00:00
RedHat Update for cups RHSA-2014:1388-02
2014-10-15 00:00:00
Amazon Linux: Security Advisory (ALAS-2014-438)
2015-09-08 00:00:00
oraclelinux
oraclelinux
cups security and bug fix update
2014-10-15 00:00:00
redhat
redhat
(RHSA-2014:1388) Moderate: cups security and bug fix update
2014-10-14 00:00:00
centos
centos
cups security update
2014-10-20 18:08:35
securityvulns
securityvulns
CUPS unauthorized files access
2014-07-28 00:00:00
[SECURITY] [DSA 2990-1] cups security update
2014-07-28 00:00:00
CUPS crossite scripting
2014-05-04 00:00:00
osv
osv
cups - security update
2014-07-31 00:00:00
fedora
fedora
[SECURITY] Fedora 20 Update: cups-1.7.4-3.fc20
2014-07-30 21:57:02
[SECURITY] Fedora 19 Update: cups-1.6.4-10.fc19
2014-10-03 03:57:17
[SECURITY] Fedora 20 Update: cups-1.7.5-12.fc20
2015-02-20 08:33:22
debian
debian
[SECURITY] [DSA 2990-1] cups security update
2014-07-27 14:18:27
[DLA-0022-1] cups security update
2014-07-31 07:57:21
[SECURITY] [DSA 2990-1] cups security update
2014-07-27 14:18:46
mageia
mageia
Updated cups packages fix security vulnerability
2014-08-06 00:08:48
Updated cups packages fix CVE-2014-2856
2014-04-24 23:10:04
ubuntu
ubuntu
CUPS vulnerabilities
2014-09-08 00:00:00
CUPS vulnerability
2014-07-21 00:00:00
CUPS vulnerability
2014-04-24 00:00:00
debiancve
debiancve
CVE-2014-5029
2014-07-29 14:55:00
CVE-2014-5030
2014-07-29 14:55:00
CVE-2014-5031
2014-07-29 14:55:00
cve
cve
CVE-2014-5029
2014-07-29 14:55:00
CVE-2014-5030
2014-07-29 14:55:00
CVE-2014-5031
2014-07-29 14:55:00
prion
prion
Code injection
2014-07-29 14:55:00
Design/Logic Flaw
2014-07-23 14:55:00
Code injection
2014-07-29 14:55:00
veracode
veracode
Information Disclosure
2019-05-02 05:12:22
Information Disclosure
2019-05-02 05:12:22
Information Disclosure
2019-05-02 05:12:22
ubuntucve
ubuntucve
CVE-2014-5029
2014-07-29 00:00:00
CVE-2014-5030
2014-07-29 00:00:00
CVE-2014-5031
2014-07-29 00:00:00
checkpoint_advisories
checkpoint_advisories
Apple CUPS Web Interface URL Handling Cross-Site Scripting (CVE-2014-2856)
2014-06-19 00:00:00
Apple CUPS Web Interface URL Handling Cross-Site Scripting - ver 2 (CVE-2014-2856; CVE-2015-1159)
2016-02-07 00:00:00

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.009 Low

EPSS

Percentile

82.2%

JSON
Related for ALAS-2014-438
nessus26openvas25oraclelinux1redhat1centos1securityvulns7osv1fedora6debian3mageia2ubuntu3debiancve5cve5prion5veracode5ubuntucve5checkpoint_advisories2