CVE-2005-2874

Published: Sep 13, 2005

Modified: Aug 7, 2024

PUBLISHED

Description

The is_path_absolute function in scheduler/client.c for the daemon in CUPS before 1.1.23 allows remote attackers to cause a denial of service (CPU consumption by tight loop) via a "..\.." URL in an HTTP request.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

FEDORA-2005-908

vendor-advisory

x_refsource_FEDORA

http://www.cups.org/relnotes.php#010123

x_refsource_CONFIRM

https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=168072

x_refsource_MISC

1012811

vdb-entry

x_refsource_SECTRACK

RHSA-2005:772

vendor-advisory

x_refsource_REDHAT

oval:org.mitre.oval:def:9774

vdb-entry

signature

x_refsource_OVAL

http://www.cups.org/str.php?L1042+P0+S-1+C0+I0+E0+Q1042

x_refsource_CONFIRM

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2005-2874

Description

Affected Products

References