CVE-2005-2874

2005-09-1322:03:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

cups

denial of service

http request

security vulnerability

6.4 Medium

AI Score

Confidence

Low

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.119 Low

EPSS

Percentile

95.3%

JSON

The is_path_absolute function in scheduler/client.c for the daemon in CUPS before 1.1.23 allows remote attackers to cause a denial of service (CPU consumption by tight loop) via a “…..” URL in an HTTP request.

CPENameOperatorVersion
easy_software_products:cupseasy software products cupseq1.1.22
easy_software_products:cupseasy software products cupseq1.1.19_rc5
easy_software_products:cupseasy software products cupseq1.1.19_rc4
easy_software_products:cupseasy software products cupseq1.1.10_1
easy_software_products:cupseasy software products cupseq1.1.10
easy_software_products:cupseasy software products cupseq1.1.16
easy_software_products:cupseasy software products cupseq1.1.3
easy_software_products:cupseasy software products cupseq1.1.22_rc2
easy_software_products:cupseasy software products cupseq1.1.5_1
easy_software_products:cupseasy software products cupseq1.1.6_2

CPE	Name	Operator	Version
easy_software_products:cups	easy software products cups	eq	1.1.22
easy_software_products:cups	easy software products cups	eq	1.1.19_rc5
easy_software_products:cups	easy software products cups	eq	1.1.19_rc4
easy_software_products:cups	easy software products cups	eq	1.1.10_1
easy_software_products:cups	easy software products cups	eq	1.1.10
easy_software_products:cups	easy software products cups	eq	1.1.16
easy_software_products:cups	easy software products cups	eq	1.1.3
easy_software_products:cups	easy software products cups	eq	1.1.22_rc2
easy_software_products:cups	easy software products cups	eq	1.1.5_1
easy_software_products:cups	easy software products cups	eq	1.1.6_2