Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cvelistMitreCVELIST:CVE-2009-2820
HistoryNov 10, 2009 - 7:00 p.m.

CVE-2009-2820

2009-11-1019:00:00
mitre
raw.githubusercontent.com
1

4.9 Medium

AI Score

Confidence

High

0.009 Low

EPSS

Percentile

82.5%

JSON

The web interface in CUPS before 1.4.2, as used on Apple Mac OS X before 10.6.2 and other platforms, does not properly handle (1) HTTP headers and (2) HTML templates, which allows remote attackers to conduct cross-site scripting (XSS) attacks and HTTP response splitting attacks via vectors related to (a) the productโ€™s web interface, (b) the configuration of the print system, and ยฉ the titles of printed jobs, as demonstrated by an XSS attack that uses the kerberos parameter to the admin program, and leverages attribute injection and HTTP Parameter Pollution (HPP) issues.

Related

openvas 30
prion 1
seebug 4
nessus 16
cve 1
debiancve 1
ubuntu 1
debian 1
veracode 1
ubuntucve 1
exploitdb 1
oraclelinux 1
centos 1
redhat 1
fedora 4
openvas
openvas
SLES11: Security update for CUPS
2009-11-17 00:00:00
Debian Security Advisory DSA 1933-1 (cups)
2009-11-17 00:00:00
Debian: Security Advisory (DSA-1933-1)
2009-11-17 00:00:00
prion
prion
Cross site scripting
2009-11-10 19:30:00
seebug
seebug
CUPS vulnerability
2009-11-11 00:00:00
CUPS kerberosๅ‚ๆ•ฐ่ทจ็ซ™่„šๆœฌๆผๆดž
2009-11-18 00:00:00
New cups packages fix cross-site scripting
2009-11-11 00:00:00
nessus
nessus
Fedora 10 : cups-1.3.11-2.fc10 (2009-11062)
2009-12-02 00:00:00
Debian DSA-1933-1 : cups - missing input sanitising
2010-02-24 00:00:00
SuSE 11 Security Update : CUPS (SAT Patch Number 1504)
2009-11-12 00:00:00
cve
cve
CVE-2009-2820
2009-11-10 19:30:00
debiancve
debiancve
CVE-2009-2820
2009-11-10 19:30:00
ubuntu
ubuntu
CUPS vulnerability
2009-11-10 00:00:00
debian
debian
[SECURITY] [DSA 1933-1] New cups packages fix cross-site scripting
2009-11-10 02:41:44
veracode
veracode
Cross-site Scripting (XSS)
2020-04-10 00:39:44
ubuntucve
ubuntucve
CVE-2009-2820
2009-11-09 00:00:00
exploitdb
exploitdb
CUPS 'kerberos' Parameter Cross-Site Scripting Vulnerability
2009-11-09 00:00:00
oraclelinux
oraclelinux
cups security update
2009-11-18 00:00:00
centos
centos
cups security update
2009-11-24 16:44:53
redhat
redhat
(RHSA-2009:1595) Moderate: cups security update
2009-11-18 00:00:00
fedora
fedora
[SECURITY] Fedora 12 Update: cups-1.4.2-7.fc12
2009-12-01 04:34:10
[SECURITY] Fedora 10 Update: cups-1.3.11-2.fc10
2009-12-02 04:49:04
[SECURITY] Fedora 11 Update: cups-1.4.2-7.fc11
2009-12-01 04:19:25

4.9 Medium

AI Score

Confidence

High

0.009 Low

EPSS

Percentile

82.5%

JSON
Related for CVELIST:CVE-2009-2820
openvas30prion1seebug4nessus16cve1debiancve1ubuntu1debian1veracode1ubuntucve1exploitdb1oraclelinux1centos1redhat1fedora4