fkie_cve-2008-5184
Vulnerability from fkie_nvd
Published
2008-11-21 02:30
Modified
2025-04-09 00:30
Severity ?
Summary
The web interface (cgi-bin/admin.c) in CUPS before 1.3.8 uses the guest username when a user is not logged on to the web server, which makes it easier for remote attackers to bypass intended policy and conduct CSRF attacks via the (1) add and (2) cancel RSS subscription functions.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apple:cups:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6E8DB5A3-0C79-4D3D-BF78-7448D527B670",
"versionEndIncluding": "1.3.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E4D89E03-94D0-4F7F-9A54-3021E3E5A321",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "298D6BE7-7683-4225-8DD6-4C0FC5EB48BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "230B77E7-B1AE-4470-859D-7B5F99749D74",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "F8FECBBD-B1A2-4F42-8A68-32AB8331BDC7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "7B6070FC-4566-4314-940E-0AAE34B56E28",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "BC691F07-8B38-4867-AB18-51F380CAEA46",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.1.5-1:*:*:*:*:*:*:*",
"matchCriteriaId": "E943EFBF-39A7-408F-8AC5-677E83DFDBB4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.1.5-2:*:*:*:*:*:*:*",
"matchCriteriaId": "5EA7725A-4398-4C76-BEBF-10E56C7F34F4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "D7415295-0FBF-4946-8D99-8CB2EC391319",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.1.6-1:*:*:*:*:*:*:*",
"matchCriteriaId": "7C702EE3-4B7C-42EA-92AA-8717807CF67C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.1.6-2:*:*:*:*:*:*:*",
"matchCriteriaId": "73F74581-D71C-4FEC-BA8C-85EF4C1991BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.1.6-3:*:*:*:*:*:*:*",
"matchCriteriaId": "7ABCFB52-33D3-428C-B1D5-DCE504170A37",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "45F03F2B-6AC3-4872-9032-293C2E9B837C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.1.8:*:*:*:*:*:*:*",
"matchCriteriaId": "7E02B6FB-C36D-45F3-95F3-566CA03B29A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.1.9:*:*:*:*:*:*:*",
"matchCriteriaId": "96093309-A87D-48D0-84DA-446255ABF231",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.1.9-1:*:*:*:*:*:*:*",
"matchCriteriaId": "CF67F149-614B-4507-A15F-E557A1B73423",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.1.10:*:*:*:*:*:*:*",
"matchCriteriaId": "B4A14432-D8A1-4D19-9408-B9B4F2FC6B0A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.1.10-1:*:*:*:*:*:*:*",
"matchCriteriaId": "49862F77-B8DE-4AA7-AE17-B348B05AC00E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.1.11:*:*:*:*:*:*:*",
"matchCriteriaId": "78D7719F-03E0-4E66-A50A-F8E857A9B6AD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.1.12:*:*:*:*:*:*:*",
"matchCriteriaId": "F3139FDA-9476-4414-B349-7119E63FD268",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.1.13:*:*:*:*:*:*:*",
"matchCriteriaId": "523FE78C-441F-4ACD-B9F2-3E5293E277AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.1.14:*:*:*:*:*:*:*",
"matchCriteriaId": "F887B5B1-7528-4086-AE6C-134F54A93342",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.1.15:*:*:*:*:*:*:*",
"matchCriteriaId": "0D6D24ED-0D73-4CF2-B746-6EF29F2EF56F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.1.16:*:*:*:*:*:*:*",
"matchCriteriaId": "E8C5C552-6276-4791-80CD-6B3EB425EF04",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.1.17:*:*:*:*:*:*:*",
"matchCriteriaId": "8335D4E3-563D-4288-B708-A9635BCA595F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.1.18:*:*:*:*:*:*:*",
"matchCriteriaId": "5279D055-248A-4BD1-9FBB-0024BA16DF5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.1.19:*:*:*:*:*:*:*",
"matchCriteriaId": "BF791C1D-9AF8-4F0F-8F4B-844BC9A55DFD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.1.19:rc1:*:*:*:*:*:*",
"matchCriteriaId": "16519855-FCB9-44A8-9C7E-116192327BAB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.1.19:rc2:*:*:*:*:*:*",
"matchCriteriaId": "B1D9330B-C51A-4C7D-A322-85103C64D86C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.1.19:rc3:*:*:*:*:*:*",
"matchCriteriaId": "2DA0C19F-95EB-429C-AF06-A2C1D5643662",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.1.19:rc4:*:*:*:*:*:*",
"matchCriteriaId": "225CCE80-FF4B-4B39-B8BD-EB4710047524",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.1.19:rc5:*:*:*:*:*:*",
"matchCriteriaId": "07925DD8-50C0-4908-95D1-7342A4617BBC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.1.20:*:*:*:*:*:*:*",
"matchCriteriaId": "48A519DB-6C6D-4094-814D-33BD5EF389BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.1.20:rc1:*:*:*:*:*:*",
"matchCriteriaId": "B6ED7566-5092-4B08-97A9-B2B53117A224",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.1.20:rc2:*:*:*:*:*:*",
"matchCriteriaId": "98DCAC0C-896F-4353-A665-5BCD0D8AEBA5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.1.20:rc3:*:*:*:*:*:*",
"matchCriteriaId": "E72614CD-8F70-4E07-AD83-8FDE8026CEC7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.1.20:rc4:*:*:*:*:*:*",
"matchCriteriaId": "48E62419-C165-4B42-8C23-E24821BD4BB4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.1.20:rc5:*:*:*:*:*:*",
"matchCriteriaId": "217D804B-CA56-49CE-B9EB-2A297EB1763C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.1.20:rc6:*:*:*:*:*:*",
"matchCriteriaId": "A41E8583-C837-4871-B4D2-FD41C78D538E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.1.21:*:*:*:*:*:*:*",
"matchCriteriaId": "D480C37B-0DA8-4096-80B0-5198FE589A4B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.1.21:rc1:*:*:*:*:*:*",
"matchCriteriaId": "74F5A83B-3C1A-49F3-A9D6-F7B9B897E447",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.1.21:rc2:*:*:*:*:*:*",
"matchCriteriaId": "241D4183-879D-4974-BACB-A6987EDA2E7D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.1.22:*:*:*:*:*:*:*",
"matchCriteriaId": "96592A93-4967-4B91-BCF7-558DC472E7BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.1.22:rc1:*:*:*:*:*:*",
"matchCriteriaId": "8758715D-B973-4960-8B7D-6F9A11E73288",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.1.22:rc2:*:*:*:*:*:*",
"matchCriteriaId": "0370E9EB-B830-4362-B83C-912579695691",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.1.23:*:*:*:*:*:*:*",
"matchCriteriaId": "DA3EC6EE-720D-4F27-A2E1-88AE53FC41A5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.1.23:rc1:*:*:*:*:*:*",
"matchCriteriaId": "D644926A-C2A5-45FE-85A3-2782CE87ED86",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.2:b1:*:*:*:*:*:*",
"matchCriteriaId": "AFB34629-DB13-4164-8A18-BD818E50528B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.2:b2:*:*:*:*:*:*",
"matchCriteriaId": "2D432471-B5FD-4B1D-82DF-6F3152752071",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.2:rc1:*:*:*:*:*:*",
"matchCriteriaId": "960DE41E-63DB-45EB-9B19-6349BDA05086",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.2:rc2:*:*:*:*:*:*",
"matchCriteriaId": "A57D2299-3409-4907-9FC0-5C3C715CDB37",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.2:rc3:*:*:*:*:*:*",
"matchCriteriaId": "C7EB92FA-3669-4530-BE69-84CF01D98FF4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0696E675-0A13-45FC-8917-845E6FF7A311",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "78BAC98C-1FE6-42A3-8B62-E3C321914F6A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "BCC3EF2F-0140-4185-9FB3-2B595B61CDC1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "7C36785A-F735-45C0-986B-9624AD65F0C3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "3C1D3916-607F-44E8-9D47-93C6C0789083",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "174613C3-A04B-4701-849B-BAA598BF4F72",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "81C1137C-BE3D-45F9-83C9-D212107F0E14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.2.7:*:*:*:*:*:*:*",
"matchCriteriaId": "3CBC1F81-E93A-42A7-8BC8-4B903688F2E0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.2.8:*:*:*:*:*:*:*",
"matchCriteriaId": "1FA876FF-C58A-45CF-A8E8-E2068DF79421",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.2.9:*:*:*:*:*:*:*",
"matchCriteriaId": "5FD78771-BD9A-4AC2-B664-B189DD288FB2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.2.10:*:*:*:*:*:*:*",
"matchCriteriaId": "50A16424-732F-4B76-A753-1642A97BC1EA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.2.11:*:*:*:*:*:*:*",
"matchCriteriaId": "E189C976-2DD2-485C-828E-7FC3DC6A8F32",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.2.12:*:*:*:*:*:*:*",
"matchCriteriaId": "A86CA90F-A944-4F3E-B75F-8147125335D2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.3:b1:*:*:*:*:*:*",
"matchCriteriaId": "690C4DEC-1467-4D7D-8E73-6EE1758439D5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.3:rc1:*:*:*:*:*:*",
"matchCriteriaId": "FB5CA96B-411E-47BE-81A1-1C2E240A25F4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.3:rc2:*:*:*:*:*:*",
"matchCriteriaId": "AA5A29C9-1913-4B8F-B162-66E71BEABD1A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9FAFABDC-E40F-4C53-AC66-94EFD077665D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "42A2F7B3-F4A7-416E-A07F-D4C5F0768B6F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F96C1B80-9E20-4832-8308-BF7911569EF6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "3F2D7DB3-F467-4BC0-83BB-4706D067A2C5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "ABD33C2C-7D39-4CCE-AC99-BC7B1B205A4F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "46C394DC-65A7-4713-B823-6F5D329A0C5C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:cups:1.3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "E5E9F74F-3C7D-486A-8BA1-EE2A73160B39",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The web interface (cgi-bin/admin.c) in CUPS before 1.3.8 uses the guest username when a user is not logged on to the web server, which makes it easier for remote attackers to bypass intended policy and conduct CSRF attacks via the (1) add and (2) cancel RSS subscription functions."
},
{
"lang": "es",
"value": "La interfaz web (cgi-bin/admin.c) en CUPS antes de v1.3.8 utiliza un nombre de usuario de invitado cuando un usuario no esta conectado al servidor web, lo cual facilita a atacantes remotos evitar la pol\u00edtica y conducir un ataque CSRF a trav\u00e9s de las funciones (1) add y (2) cancel suscripciones RSS."
}
],
"id": "CVE-2008-5184",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2008-11-21T02:30:00.467",
"references": [
{
"source": "security@ubuntu.com",
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00002.html"
},
{
"source": "security@ubuntu.com",
"url": "http://www.cups.org/str.php?L2774"
},
{
"source": "security@ubuntu.com",
"tags": [
"Exploit"
],
"url": "http://www.gnucitizen.org/blog/pwning-ubuntu-via-cups/"
},
{
"source": "security@ubuntu.com",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:028"
},
{
"source": "security@ubuntu.com",
"url": "http://www.openwall.com/lists/oss-security/2008/11/19/3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00002.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.cups.org/str.php?L2774"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.gnucitizen.org/blog/pwning-ubuntu-via-cups/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:028"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2008/11/19/3"
}
],
"sourceIdentifier": "security@ubuntu.com",
"vendorComments": [
{
"comment": "Not vulnerable. This issue did not affect the versions of CUPS as shipped with Red Hat Enterprise Linux 3, 4, or 5. Versions shipped do not support RSS subscriptions.",
"lastModified": "2008-12-03T00:00:00",
"organization": "Red Hat"
}
],
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-255"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…