CVE-2008-5184

Exploit

EPSS 0.29%
Veröffentlicht 21.11.2008 02:30:00
Zuletzt bearbeitet 09.04.2025 00:30:58
Quelle security@ubuntu.com
Teams Watchlist Login
Unerledigt Login

The web interface (cgi-bin/admin.c) in CUPS before 1.3.8 uses the guest username when a user is not logged on to the web server, which makes it easier for remote attackers to bypass intended policy and conduct CSRF attacks via the (1) add and (2) cancel RSS subscription functions.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 0 Referenzen 8

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Apple ≫ Cups Version <= 1.3.7

Apple ≫ Cups Version1.1

Apple ≫ Cups Version1.1.1

Apple ≫ Cups Version1.1.2

Apple ≫ Cups Version1.1.3

Apple ≫ Cups Version1.1.4

Apple ≫ Cups Version1.1.5

Apple ≫ Cups Version1.1.5-1

Apple ≫ Cups Version1.1.5-2

Apple ≫ Cups Version1.1.6

Apple ≫ Cups Version1.1.6-1

Apple ≫ Cups Version1.1.6-2

Apple ≫ Cups Version1.1.6-3

Apple ≫ Cups Version1.1.7

Apple ≫ Cups Version1.1.8

Apple ≫ Cups Version1.1.9

Apple ≫ Cups Version1.1.9-1

Apple ≫ Cups Version1.1.10

Apple ≫ Cups Version1.1.10-1

Apple ≫ Cups Version1.1.11

Apple ≫ Cups Version1.1.12

Apple ≫ Cups Version1.1.13

Apple ≫ Cups Version1.1.14

Apple ≫ Cups Version1.1.15

Apple ≫ Cups Version1.1.16

Apple ≫ Cups Version1.1.17

Apple ≫ Cups Version1.1.18

Apple ≫ Cups Version1.1.19

Apple ≫ Cups Version1.1.19 Updaterc1

Apple ≫ Cups Version1.1.19 Updaterc2

Apple ≫ Cups Version1.1.19 Updaterc3

Apple ≫ Cups Version1.1.19 Updaterc4

Apple ≫ Cups Version1.1.19 Updaterc5

Apple ≫ Cups Version1.1.20

Apple ≫ Cups Version1.1.20 Updaterc1

Apple ≫ Cups Version1.1.20 Updaterc2

Apple ≫ Cups Version1.1.20 Updaterc3

Apple ≫ Cups Version1.1.20 Updaterc4

Apple ≫ Cups Version1.1.20 Updaterc5

Apple ≫ Cups Version1.1.20 Updaterc6

Apple ≫ Cups Version1.1.21

Apple ≫ Cups Version1.1.21 Updaterc1

Apple ≫ Cups Version1.1.21 Updaterc2

Apple ≫ Cups Version1.1.22

Apple ≫ Cups Version1.1.22 Updaterc1

Apple ≫ Cups Version1.1.22 Updaterc2

Apple ≫ Cups Version1.1.23

Apple ≫ Cups Version1.1.23 Updaterc1

Apple ≫ Cups Version1.2 Updateb1

Apple ≫ Cups Version1.2 Updateb2

Apple ≫ Cups Version1.2 Updaterc1

Apple ≫ Cups Version1.2 Updaterc2

Apple ≫ Cups Version1.2 Updaterc3

Apple ≫ Cups Version1.2.0

Apple ≫ Cups Version1.2.1

Apple ≫ Cups Version1.2.2

Apple ≫ Cups Version1.2.3

Apple ≫ Cups Version1.2.4

Apple ≫ Cups Version1.2.5

Apple ≫ Cups Version1.2.6

Apple ≫ Cups Version1.2.7

Apple ≫ Cups Version1.2.8

Apple ≫ Cups Version1.2.9

Apple ≫ Cups Version1.2.10

Apple ≫ Cups Version1.2.11

Apple ≫ Cups Version1.2.12

Apple ≫ Cups Version1.3 Updateb1

Apple ≫ Cups Version1.3 Updaterc1

Apple ≫ Cups Version1.3 Updaterc2

Apple ≫ Cups Version1.3.0

Apple ≫ Cups Version1.3.1

Apple ≫ Cups Version1.3.2

Apple ≫ Cups Version1.3.3

Apple ≫ Cups Version1.3.4

Apple ≫ Cups Version1.3.5

Apple ≫ Cups Version1.3.6

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.29%	0.491

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	10	10	10	AV:N/AC:L/Au:N/C:C/I:C/A:C

http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00002.html

http://www.gnucitizen.org/blog/pwning-ubuntu-via-cups/

Exploit

http://www.mandriva.com/security/advisories?name=MDVSA-2009:028

http://www.openwall.com/lists/oss-security/2008/11/19/3

http://www.cups.org/str.php?L2774

https://nvd.nist.gov/vuln/detail/CVE-2008-5184

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2008-5184

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2008-5184

EUVD