Lucene search
Ubuntu.comUB:CVE-2008-5184HistoryNov 21, 2008 - 12:00 a.m.
CVE-2008-5184
2008-11-2100:00:00
ubuntu.com
ubuntu.com
13
10 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
0.013 Low
EPSS
Percentile
85.5%
The web interface (cgi-bin/admin.c) in CUPS before 1.3.8 uses the guest
username when a user is not logged on to the web server, which makes it
easier for remote attackers to bypass intended policy and conduct CSRF
attacks via the (1) add and (2) cancel RSS subscription functions.
Notes
| Author | Note |
|---|---|
| mdeslaur | Only 1.3.x has rss subscriptions, so dapper is not vulnerable |
Related
debiancve
debiancve
CVE-2008-5184
2008-11-21 02:30:00
CVE-2008-5183
2008-11-21 02:30:00
prion
prion
Cross site request forgery (csrf)
2008-11-21 02:30:00
Null pointer dereference
2008-11-21 02:30:00
cve
cve
CVE-2008-5184
2008-11-21 02:30:00
CVE-2008-5183
2008-11-21 02:30:00
nessus
nessus
openSUSE Security Update : cups (cups-322)
2009-07-21 00:00:00
openSUSE Security Update : cups (cups-356)
2009-07-21 00:00:00
Mandriva Linux Security Advisory : cups (MDVSA-2009:028)
2009-04-23 00:00:00
openvas
openvas
CUPS < 1.3.8 DoS Vulnerability
2008-11-26 00:00:00
FreeBSD Ports: cups-base
2008-12-03 00:00:00
FreeBSD Ports: cups-base
2008-12-03 00:00:00
ubuntucve
ubuntucve
CVE-2008-5183
2008-11-21 00:00:00
securityvulns
securityvulns
CUPS integer overflow
2008-12-03 00:00:00
ubuntu
ubuntu
CUPS vulnerabilities
2009-01-12 00:00:00
10 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
0.013 Low
EPSS
Percentile
85.5%
Related for UB:CVE-2008-5184