CUPS Web Interface Cross Site Scripting Vulnerability Network Vulnerability

Summary

This host is installed with CUPS and is prone to cross site scripting vulnerability

Impact

Successful exploitation will allow attacker to execute arbitrary HTML and script code in a user's browser session in the context of an affected site. Impact Level: Application

Solution

Upgrade to version 1.7.2, or higher, For updates refer to http://www.cups.org/software.php

Insight

Flaws is due to is_path_absolute() function does not validate input via URL path before returning it to users.

Affected

Common Unix Printing System (CUPS) version before 1.7.2

Detection

Send a crafted data via HTTP GET request and check whether it is able to get domain or not.

References

http://osvdb.org/105715
http://secunia.com/advisories/57880/
http://www.cups.org/str.php?L4356
http://www.openwall.com/lists/oss-security/2014/04/14/2

Updated on 2015-03-25

Severity

Classification

CVE CVE-2014-2856
CVSS Base Score: 4.3
AV:N/AC:M/Au:N/C:N/I:P/A:N

Related Vulnerabilities

A Really Simple Chat Multiple XSS Vulnerabilities
Apache Struts CookBook/Examples Multiple Cross-Site Scripting Vulnerabilities
Apache Struts Directory Traversal Vulnerability
AMSI 'file' Parameter Directory Traversal Vulnerability
Apache ActiveMQ Source Code Information Disclosure Vulnerability

Take action and discover your vulnerabilities