Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2014-2856

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2014-2856
Last Modified 13 May 2015 10:00:34
Published 18 Apr 2014 10:55:26
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2014-2856

Summary

Cross-site scripting (XSS) vulnerability in scheduler/client.c in Common Unix Printing System (CUPS) before 1.7.2 allows remote attackers to inject arbitrary web script or HTML via the URL path, related to the is_path_absolute function.

Vulnerable Systems

Application

  • Apple Cups 1.1

  • Apple Cups 1.1.1

  • Apple Cups 1.1.10

  • Apple Cups 1.1.10-1

  • Apple Cups 1.1.11

  • Apple Cups 1.1.12

  • Apple Cups 1.1.13

  • Apple Cups 1.1.14

  • Apple Cups 1.1.15

  • Apple Cups 1.1.16

  • Apple Cups 1.1.17

  • Apple Cups 1.1.18

  • Apple Cups 1.1.19

  • Apple Cups 1.1.2

  • Apple Cups 1.1.20

  • Apple Cups 1.1.21

  • Apple Cups 1.1.22

  • Apple Cups 1.1.23

  • Apple Cups 1.1.3

  • Apple Cups 1.1.4

  • Apple Cups 1.1.5

  • Apple Cups 1.1.5-1

  • Apple Cups 1.1.5-2

  • Apple Cups 1.1.6

  • Apple Cups 1.1.6-1

  • Apple Cups 1.1.6-2

  • Apple Cups 1.1.6-3

  • Apple Cups 1.1.7

  • Apple Cups 1.1.8

  • Apple Cups 1.1.9

  • Apple Cups 1.1.9-1

  • Apple Cups 1.2

  • Apple Cups 1.2.0

  • Apple Cups 1.2.1

  • Apple Cups 1.2.10

  • Apple Cups 1.2.11

  • Apple Cups 1.2.12

  • Apple Cups 1.2.2

  • Apple Cups 1.2.3

  • Apple Cups 1.2.4

  • Apple Cups 1.2.5

  • Apple Cups 1.2.6

  • Apple Cups 1.2.7

  • Apple Cups 1.2.8

  • Apple Cups 1.2.9

  • Apple Cups 1.3

  • Apple Cups 1.3.0

  • Apple Cups 1.3.1

  • Apple Cups 1.3.10

  • Apple Cups 1.3.11

  • Apple Cups 1.3.2

  • Apple Cups 1.3.3

  • Apple Cups 1.3.4

  • Apple Cups 1.3.5

  • Apple Cups 1.3.6

  • Apple Cups 1.3.7

  • Apple Cups 1.3.8

  • Apple Cups 1.3.9

  • Apple Cups 1.4

  • Apple Cups 1.4.0

  • Apple Cups 1.4.1

  • Apple Cups 1.4.2

  • Apple Cups 1.4.3

  • Apple Cups 1.4.4

  • Apple Cups 1.4.5

  • Apple Cups 1.4.6

  • Apple Cups 1.4.7

  • Apple Cups 1.4.8

  • Apple Cups 1.5

  • Apple Cups 1.5.0

  • Apple Cups 1.5.1

  • Apple Cups 1.5.2

  • Apple Cups 1.5.3

  • Apple Cups 1.5.4

  • Apple Cups 1.6

  • Apple Cups 1.6.1

  • Apple Cups 1.6.2

  • Apple Cups 1.6.3

  • Apple Cups 1.6.4

  • Apple Cups 1.7

  • Apple Cups 1.7.0

  • Apple Cups 1.7.1


References

MLIST - [oss-security] 20140415 Re: CVE request: cross-site scripting issue fixed in CUPS 1.7.2

MLIST - [oss-security] 20140414 CVE request: cross-site scripting issue fixed in CUPS 1.7.2

CONFIRM - http://www.cups.org/str.php?L4356

CONFIRM - http://www.cups.org/documentation.php/relnotes.html

SECUNIA - 57880

REDHAT - RHSA-2014:1388

MANDRIVA - MDVSA-2015:108

CONFIRM - http://advisories.mageia.org/MGASA-2014-0193.html

BID - 66788


Last Updated: 27 May 2016 11:05:02