CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
AI Score
Confidence
High
EPSS
Percentile
82.7%
The web interface in CUPS before 1.4.2, as used on Apple Mac OS X before 10.6.2 and other platforms, does not properly handle (1) HTTP headers and (2) HTML templates, which allows remote attackers to conduct cross-site scripting (XSS) attacks and HTTP response splitting attacks via vectors related to (a) the product’s web interface, (b) the configuration of the print system, and © the titles of printed jobs, as demonstrated by an XSS attack that uses the kerberos parameter to the admin program, and leverages attribute injection and HTTP Parameter Pollution (HPP) issues.
Vendor | Product | Version | CPE |
---|---|---|---|
apple | mac_os_x | 10.0.0 | cpe:/o:apple:mac_os_x:10.0.0::: |
apple | mac_os_x | 10.3.5 | cpe:/o:apple:mac_os_x:10.3.5::: |
apple | mac_os_x | 10.4.4 | cpe:/o:apple:mac_os_x:10.4.4::: |
apple | mac_os_x | 10.1.4 | cpe:/o:apple:mac_os_x:10.1.4::: |
apple | mac_os_x | 10.3 | cpe:/o:apple:mac_os_x:10.3::: |
apple | mac_os_x | 10.2.8 | cpe:/o:apple:mac_os_x:10.2.8::: |
apple | mac_os_x | 10.4.7 | cpe:/o:apple:mac_os_x:10.4.7::: |
apple | mac_os_x | 10.5.7 | cpe:/o:apple:mac_os_x:10.5.7::: |
apple | mac_os_x | 10.1.3 | cpe:/o:apple:mac_os_x:10.1.3::: |
apple | mac_os_x | 10.4.2 | cpe:/o:apple:mac_os_x:10.4.2::: |
lists.apple.com/archives/security-announce/2009/Nov/msg00000.html
secunia.com/advisories/37308
secunia.com/advisories/37360
sunsolve.sun.com/search/document.do?assetkey=1-77-1021115.1-1
support.apple.com/kb/HT3937
www.cups.org/articles.php?L590
www.cups.org/documentation.php/relnotes.html
www.cups.org/str.php?L3367
www.mandriva.com/security/advisories?name=MDVSA-2010:072
www.mandriva.com/security/advisories?name=MDVSA-2010:073
www.redhat.com/support/errata/RHSA-2009-1595.html
www.securityfocus.com/bid/36956
www.vupen.com/english/advisories/2009/3184
bugzilla.redhat.com/show_bug.cgi?id=529833
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9153