Lucene search

K

[email protected]CVE-2015-1159

HistoryJun 26, 2015 - 10:59 a.m.

CVE-2015-1159

2015-06-2610:59:00

CWE-79

[email protected]

web.nvd.nist.gov

64

cve-2015-1159

cross-site scripting

xss

cgi_puts function

template engine

cups

nvd

4.4 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.854 High

EPSS

Percentile

98.5%

Cross-site scripting (XSS) vulnerability in the cgi_puts function in cgi-bin/template.c in the template engine in CUPS before 2.0.3 allows remote attackers to inject arbitrary web script or HTML via the QUERY parameter to help/.

CPENameOperatorVersion
cups:cupscupsle2.0.2

References

googleprojectzero.blogspot.in/2015/06/owning-internet-printing-case-study-in.html

kb.juniper.net/InfoCenter/index?page=content&id=JSA10702

lists.opensuse.org/opensuse-security-announce/2015-06/msg00003.html

lists.opensuse.org/opensuse-security-announce/2015-06/msg00006.html

lists.opensuse.org/opensuse-security-announce/2015-06/msg00010.html

rhn.redhat.com/errata/RHSA-2015-1123.html

www.cups.org/blog.php?L1082

www.debian.org/security/2015/dsa-3283

www.kb.cert.org/vuls/id/810572

www.securityfocus.com/bid/75106

www.securitytracker.com/id/1032556

www.ubuntu.com/usn/USN-2629-1

bugzilla.opensuse.org/show_bug.cgi?id=924208

bugzilla.redhat.com/show_bug.cgi?id=1221642

code.google.com/p/google-security-research/issues/detail?id=455

security.gentoo.org/glsa/201510-07

www.cups.org/str.php?L4609

4.4 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.854 High

EPSS

Percentile

98.5%