Description
The web interface (cgi-bin/admin.c) in CUPS before 1.3.8 uses the guest username when a user is not logged on to the web server, which makes it easier for remote attackers to bypass intended policy and conduct CSRF attacks via the (1) add and (2) cancel RSS subscription functions.
Analysis
No analysis available yet.
Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).
| Vendor | Product | Default status | Versions | ||||||
|---|---|---|---|---|---|---|---|---|---|
| n/a | n/a | affected |
|
Configuration 1 [-]
|
No data.
No data available yet.
Remediation
No remediation available yet.
Tracking
Sign in to view the affected projects.
Advisories
| Source | ID | Title |
|---|---|---|
 EUVD |
EUVD-2008-5162 | The web interface (cgi-bin/admin.c) in CUPS before 1.3.8 uses the guest username when a user is not logged on to the web server, which makes it easier for remote attackers to bypass intended policy and conduct CSRF attacks via the (1) add and (2) cancel RSS subscription functions. |
 Ubuntu USN |
USN-707-1 | CUPS vulnerabilities |
References
History
Wed, 28 May 2025 14:45:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| References |
Thu, 22 May 2025 04:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| References |
MITRE
Status: PUBLISHED
Assigner: canonical
Published:
Updated: 2024-08-07T10:40:17.249Z
Reserved: 2008-11-20T00:00:00.000Z
Link: CVE-2008-5184
Vulnrichment
No data.
NVD
Status : Deferred
Published: 2008-11-21T02:30:00.467
Modified: 2025-04-09T00:30:58.490
Link: CVE-2008-5184
Redhat
OpenCVE Enrichment
No data.
Weaknesses