Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
10
CVSSv2

CVE-2008-5184

Published: 21/11/2008 Updated: 29/01/2009
CVSS v2 Base Score: 10 | Impact Score: 10 | Exploitability Score: 10
VMScore: 890
Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
Subscribe to Apple

Vulnerability Summary

The web interface (cgi-bin/admin.c) in CUPS prior to 1.3.8 uses the guest username when a user is not logged on to the web server, which makes it easier for remote malicious users to bypass intended policy and conduct CSRF attacks via the (1) add and (2) cancel RSS subscription functions.

Vulnerable Product Search on Vulmon Subscribe to Product

apple cups 1.1.10-1

apple cups 1.1.1

apple cups 1.1.10

apple cups 1.1.19

apple cups 1.1.2

apple cups 1.1.20

apple cups 1.1.21

apple cups 1.1.5-2

apple cups 1.1.3

apple cups 1.1.8

apple cups 1.1.7

apple cups 1.2.10

apple cups 1.2.11

apple cups 1.2

apple cups 1.3.3

apple cups 1.3.6

apple cups 1.1.15

apple cups 1.1.12

apple cups 1.1.23

apple cups 1.1.22

apple cups 1.1.4

apple cups 1.1.5

apple cups 1.2.1

apple cups 1.2.0

apple cups 1.2.12

apple cups 1.2.5

apple cups 1.3

apple cups 1.1

apple cups 1.1.13

apple cups 1.1.18

apple cups 1.1.17

apple cups 1.1.5-1

apple cups 1.1.6-3

apple cups 1.1.6-2

apple cups 1.2.7

apple cups 1.2.8

apple cups 1.2.2

apple cups 1.2.9

apple cups 1.3.1

apple cups 1.3.2

apple cups

apple cups 1.1.11

apple cups 1.1.14

apple cups 1.1.16

apple cups 1.1.9

apple cups 1.1.9-1

apple cups 1.1.6

apple cups 1.1.6-1

apple cups 1.2.6

apple cups 1.2.4

apple cups 1.2.3

apple cups 1.3.0

apple cups 1.3.4

apple cups 1.3.5

Vendor Advisories

Debian CVElist Bug Report Logs: CVE-2008-5183: daemon crashes when adding more than 100 subscriptions
Debian Bug report logs - #506180 CVE-2008-5183: daemon crashes when adding more than 100 subscriptions Package: cups; Maintainer for cups is Debian Printing Team <debian-printing@listsdebianorg>; Source for cups is src:cups (PTS, buildd, popcon) Reported by: Raphael Geissert <atomo64@gmailcom> Date: Wed, 19 Nov 20 ...
Ubuntu Security Notice: cups, cupsys vulnerabilities
It was discovered that CUPS didn’t properly handle adding a large number of RSS subscriptions A local user could exploit this and cause CUPS to crash, leading to a denial of service This issue only applied to Ubuntu 710, 804 LTS and 810 (CVE-2008-5183) ...

References

CWE-255http://www.gnucitizen.org/blog/pwning-ubuntu-via-cups/http://www.openwall.com/lists/oss-security/2008/11/19/3http://www.cups.org/str.php?L2774http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00002.htmlhttp://www.mandriva.com/security/advisories?name=MDVSA-2009:028https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=506180https://usn.ubuntu.com/707-1/https://nvd.nist.gov
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
deserializationCVE-2024-4040cross-site scriptingCVE-2023-25790CVE-2024-2961XML external entityCVE-2024-26926CVE-2024-32806CVE-2024-32711
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook