Back to search
CVE-2008-5184
Published: Nov 21, 2008
Modified: Aug 7, 2024
PUBLISHED
Description
The web interface (cgi-bin/admin.c) in CUPS before 1.3.8 uses the guest username when a user is not logged on to the web server, which makes it easier for remote attackers to bypass intended policy and conduct CSRF attacks via the (1) add and (2) cancel RSS subscription functions.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
[oss-security] 20081119 CVE request: CUPS DoS via RSS subscriptions
mailing-list
x_refsource_MLIST
http://www.gnucitizen.org/blog/pwning-ubuntu-via-cups/
x_refsource_MISC
http://www.cups.org/str.php?L2774
x_refsource_CONFIRM
SUSE-SR:2008:026
vendor-advisory
x_refsource_SUSE
MDVSA-2009:028
vendor-advisory
x_refsource_MANDRIVA
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now