{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2015-12-13T00:00:00", "descriptions": [{"lang": "en", "value": "Incomplete blacklist vulnerability in util.c in foomatic-rip in cups-filters 1.0.42 before 1.4.0 and in foomatic-filters in Foomatic 4.0.x allows remote attackers to execute arbitrary commands via a ; (semicolon) character in a print job, a different vulnerability than CVE-2015-8327."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-11-03T18:57:01", "orgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5", "shortName": "debian"}, "references": [{"name": "DSA-3419", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "http://www.debian.org/security/2015/dsa-3419"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://bzr.linuxfoundation.org/loggerhead/openprinting/cups-filters/revision/7419"}, {"name": "[oss-security] 20151214 Re: CVE Request: Cups Filters/Foomatic Filters: Does not consider semicolon as an illegal shell escape character", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2015/12/14/13"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html"}, {"name": "USN-2838-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "http://www.ubuntu.com/usn/USN-2838-1"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://bzr.linuxfoundation.org/loggerhead/openprinting/cups-filters/annotate/head:/NEWS"}, {"name": "DSA-3429", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "http://www.debian.org/security/2015/dsa-3429"}, {"name": "USN-2838-2", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "http://www.ubuntu.com/usn/USN-2838-2"}, {"name": "[oss-security] 20151213 CVE Request: Cups Filters/Foomatic Filters: Does not consider semicolon as an illegal shell escape character", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2015/12/13/2"}, {"name": "RHSA-2016:0491", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2016-0491.html"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security@debian.org", "ID": "CVE-2015-8560", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Incomplete blacklist vulnerability in util.c in foomatic-rip in cups-filters 1.0.42 before 1.4.0 and in foomatic-filters in Foomatic 4.0.x allows remote attackers to execute arbitrary commands via a ; (semicolon) character in a print job, a different vulnerability than CVE-2015-8327."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "DSA-3419", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2015/dsa-3419"}, {"name": "http://bzr.linuxfoundation.org/loggerhead/openprinting/cups-filters/revision/7419", "refsource": "CONFIRM", "url": "http://bzr.linuxfoundation.org/loggerhead/openprinting/cups-filters/revision/7419"}, {"name": "[oss-security] 20151214 Re: CVE Request: Cups Filters/Foomatic Filters: Does not consider semicolon as an illegal shell escape character", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2015/12/14/13"}, {"name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html", "refsource": "CONFIRM", "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html"}, {"name": "USN-2838-1", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-2838-1"}, {"name": "http://bzr.linuxfoundation.org/loggerhead/openprinting/cups-filters/annotate/head:/NEWS", "refsource": "CONFIRM", "url": "http://bzr.linuxfoundation.org/loggerhead/openprinting/cups-filters/annotate/head:/NEWS"}, {"name": "DSA-3429", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2015/dsa-3429"}, {"name": "USN-2838-2", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-2838-2"}, {"name": "[oss-security] 20151213 CVE Request: Cups Filters/Foomatic Filters: Does not consider semicolon as an illegal shell escape character", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2015/12/13/2"}, {"name": "RHSA-2016:0491", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2016-0491.html"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T08:20:43.214Z"}, "title": "CVE Program Container", "references": [{"name": "DSA-3419", "tags": ["vendor-advisory", "x_refsource_DEBIAN", "x_transferred"], "url": "http://www.debian.org/security/2015/dsa-3419"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://bzr.linuxfoundation.org/loggerhead/openprinting/cups-filters/revision/7419"}, {"name": "[oss-security] 20151214 Re: CVE Request: Cups Filters/Foomatic Filters: Does not consider semicolon as an illegal shell escape character", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2015/12/14/13"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html"}, {"name": "USN-2838-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "http://www.ubuntu.com/usn/USN-2838-1"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://bzr.linuxfoundation.org/loggerhead/openprinting/cups-filters/annotate/head:/NEWS"}, {"name": "DSA-3429", "tags": ["vendor-advisory", "x_refsource_DEBIAN", "x_transferred"], "url": "http://www.debian.org/security/2015/dsa-3429"}, {"name": "USN-2838-2", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "http://www.ubuntu.com/usn/USN-2838-2"}, {"name": "[oss-security] 20151213 CVE Request: Cups Filters/Foomatic Filters: Does not consider semicolon as an illegal shell escape character", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2015/12/13/2"}, {"name": "RHSA-2016:0491", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://rhn.redhat.com/errata/RHSA-2016-0491.html"}]}]}, "cveMetadata": {"assignerOrgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5", "assignerShortName": "debian", "cveId": "CVE-2015-8560", "datePublished": "2016-04-14T14:00:00", "dateReserved": "2015-12-14T00:00:00", "dateUpdated": "2024-08-06T08:20:43.214Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*", "matchCriteriaId": "B6B7CAD7-9D4E-4FDB-88E3-1E583210A01F", "vulnerable": true}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*", "matchCriteriaId": "B5A6F2F3-4894-4392-8296-3B8DD2679084", "vulnerable": true}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:15.04:*:*:*:*:*:*:*", "matchCriteriaId": "F38D3B7E-8429-473F-BB31-FC3583EE5A5B", "vulnerable": true}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:15.10:*:*:*:*:*:*:*", "matchCriteriaId": "E88A537F-F4D0-46B9-9E37-965233C2A355", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:linuxfoundation:cups-filters:1.0.42:*:*:*:*:*:*:*", "matchCriteriaId": "68650F82-F655-4008-85EF-E86C02D9944D", "vulnerable": true}, {"criteria": "cpe:2.3:a:linuxfoundation:cups-filters:1.0.43:*:*:*:*:*:*:*", "matchCriteriaId": "23CA8354-40A7-4E01-AA8A-8200A34EA2BD", "vulnerable": true}, {"criteria": "cpe:2.3:a:linuxfoundation:cups-filters:1.0.44:*:*:*:*:*:*:*", "matchCriteriaId": "26EA706E-DE8C-404F-BE45-99E0E8C1D0BF", "vulnerable": true}, {"criteria": "cpe:2.3:a:linuxfoundation:cups-filters:1.0.45:*:*:*:*:*:*:*", "matchCriteriaId": "BC53B1B4-00F9-48B3-903F-D49F1E66668D", "vulnerable": true}, {"criteria": "cpe:2.3:a:linuxfoundation:cups-filters:1.0.46:*:*:*:*:*:*:*", "matchCriteriaId": "41CAF5A3-CE18-424C-B1F5-B3B2763CE600", "vulnerable": true}, {"criteria": "cpe:2.3:a:linuxfoundation:cups-filters:1.0.47:*:*:*:*:*:*:*", "matchCriteriaId": "98BACC25-D2CB-4347-BE7A-6A1238363C77", "vulnerable": true}, {"criteria": "cpe:2.3:a:linuxfoundation:cups-filters:1.0.48:*:*:*:*:*:*:*", "matchCriteriaId": "53A4BE56-B7DD-494C-A770-3ED6C682D3AD", "vulnerable": true}, {"criteria": "cpe:2.3:a:linuxfoundation:cups-filters:1.0.49:*:*:*:*:*:*:*", "matchCriteriaId": "4E062716-0141-4625-AA6F-FA560E49C100", "vulnerable": true}, {"criteria": "cpe:2.3:a:linuxfoundation:cups-filters:1.0.50:*:*:*:*:*:*:*", "matchCriteriaId": "4A90DE61-E53B-487E-86A8-33C0E027F956", "vulnerable": true}, {"criteria": "cpe:2.3:a:linuxfoundation:cups-filters:1.0.51:*:*:*:*:*:*:*", "matchCriteriaId": "0FCA7078-EB66-4950-A42E-AFA1C4884BF0", "vulnerable": true}, {"criteria": "cpe:2.3:a:linuxfoundation:cups-filters:1.0.52:*:*:*:*:*:*:*", "matchCriteriaId": "F820B469-1F21-4E38-9632-3D909B115D51", "vulnerable": true}, {"criteria": "cpe:2.3:a:linuxfoundation:cups-filters:1.0.53:*:*:*:*:*:*:*", "matchCriteriaId": "B6AA59E3-7FCE-408F-9A24-1E4D451BB15C", "vulnerable": true}, {"criteria": "cpe:2.3:a:linuxfoundation:cups-filters:1.0.54:*:*:*:*:*:*:*", "matchCriteriaId": "3975A1BA-90A6-4E16-BA17-CFA62EDB017B", "vulnerable": true}, {"criteria": "cpe:2.3:a:linuxfoundation:cups-filters:1.0.55:*:*:*:*:*:*:*", "matchCriteriaId": "42C8E1B5-9C65-4067-8FC6-63E286C7C5DD", "vulnerable": true}, {"criteria": "cpe:2.3:a:linuxfoundation:cups-filters:1.0.56:*:*:*:*:*:*:*", "matchCriteriaId": "FD1F6317-6CC3-4B1B-8A2C-F131F20395FC", "vulnerable": true}, {"criteria": "cpe:2.3:a:linuxfoundation:cups-filters:1.0.57:*:*:*:*:*:*:*", "matchCriteriaId": "90A028CB-53C4-4FA0-AB46-7FA6A5621D19", "vulnerable": true}, {"criteria": "cpe:2.3:a:linuxfoundation:cups-filters:1.0.58:*:*:*:*:*:*:*", "matchCriteriaId": "BD5BDDFE-93CE-462E-B059-78AE7635491E", "vulnerable": true}, {"criteria": "cpe:2.3:a:linuxfoundation:cups-filters:1.0.59:*:*:*:*:*:*:*", "matchCriteriaId": "12FAE5EA-91B4-4E3C-863D-BAFA832BD7E0", "vulnerable": true}, {"criteria": "cpe:2.3:a:linuxfoundation:cups-filters:1.0.60:*:*:*:*:*:*:*", "matchCriteriaId": "ACA2135A-6BB7-4C44-94A9-61C3DAE3BFE4", "vulnerable": true}, {"criteria": "cpe:2.3:a:linuxfoundation:cups-filters:1.0.61:*:*:*:*:*:*:*", "matchCriteriaId": "C011CFB5-66CF-4E9F-987B-497AF7F7D89C", "vulnerable": true}, {"criteria": "cpe:2.3:a:linuxfoundation:cups-filters:1.0.62:*:*:*:*:*:*:*", "matchCriteriaId": "51BECA9A-9A4F-483D-B0F8-7EDF39653220", "vulnerable": true}, {"criteria": "cpe:2.3:a:linuxfoundation:cups-filters:1.0.63:*:*:*:*:*:*:*", "matchCriteriaId": "144ADD44-7A0D-41CD-B9DD-8B0D55B30AE8", "vulnerable": true}, {"criteria": "cpe:2.3:a:linuxfoundation:cups-filters:1.0.64:*:*:*:*:*:*:*", "matchCriteriaId": "3629070E-A703-42DC-92B5-192D1C4E965A", "vulnerable": true}, {"criteria": "cpe:2.3:a:linuxfoundation:cups-filters:1.0.65:*:*:*:*:*:*:*", "matchCriteriaId": "BBADA027-AC75-48C1-A374-52D22C916DD7", "vulnerable": true}, {"criteria": "cpe:2.3:a:linuxfoundation:cups-filters:1.0.66:*:*:*:*:*:*:*", "matchCriteriaId": "A860B37D-62CB-4421-8A7E-32E944D8BDF5", "vulnerable": true}, {"criteria": "cpe:2.3:a:linuxfoundation:cups-filters:1.0.67:*:*:*:*:*:*:*", "matchCriteriaId": "816C584C-B1BE-4EF6-B524-4438006BD2C4", "vulnerable": true}, {"criteria": "cpe:2.3:a:linuxfoundation:cups-filters:1.0.68:*:*:*:*:*:*:*", "matchCriteriaId": "1F3062CE-C2DC-4920-9C35-B793E0EE367C", "vulnerable": true}, {"criteria": "cpe:2.3:a:linuxfoundation:cups-filters:1.0.69:*:*:*:*:*:*:*", "matchCriteriaId": "60466538-FEDC-4B88-B6DC-344770D5BEEB", "vulnerable": true}, {"criteria": "cpe:2.3:a:linuxfoundation:cups-filters:1.0.70:*:*:*:*:*:*:*", "matchCriteriaId": "30C5B79D-E24E-4D10-BA02-9CFD87C77B58", "vulnerable": true}, {"criteria": "cpe:2.3:a:linuxfoundation:cups-filters:1.0.71:*:*:*:*:*:*:*", "matchCriteriaId": "D32FAFD1-9E31-4D59-8B40-D6522566B85B", "vulnerable": true}, {"criteria": "cpe:2.3:a:linuxfoundation:cups-filters:1.0.72:*:*:*:*:*:*:*", "matchCriteriaId": "0359678E-7979-47F8-9583-A988211EEC79", "vulnerable": true}, {"criteria": "cpe:2.3:a:linuxfoundation:cups-filters:1.0.73:*:*:*:*:*:*:*", "matchCriteriaId": "A512A128-3906-4838-A932-29BA2C327957", "vulnerable": true}, {"criteria": "cpe:2.3:a:linuxfoundation:cups-filters:1.0.74:*:*:*:*:*:*:*", "matchCriteriaId": "23D7612C-445C-45B1-8320-1086972CA0B1", "vulnerable": true}, {"criteria": "cpe:2.3:a:linuxfoundation:cups-filters:1.0.75:*:*:*:*:*:*:*", "matchCriteriaId": "09E4C01C-B275-4092-AF25-803B219C4617", "vulnerable": true}, {"criteria": "cpe:2.3:a:linuxfoundation:cups-filters:1.0.76:*:*:*:*:*:*:*", "matchCriteriaId": "8B4D6B65-32AB-4845-9C26-F47E5824D4C3", "vulnerable": true}, {"criteria": "cpe:2.3:a:linuxfoundation:cups-filters:1.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "AE3913DB-A23C-42EB-B04C-464270C3C1F1", "vulnerable": true}, {"criteria": "cpe:2.3:a:linuxfoundation:cups-filters:1.2.0:*:*:*:*:*:*:*", "matchCriteriaId": "D7D6C5B9-C91B-4D2E-AFF0-77C2A552F277", "vulnerable": true}, {"criteria": "cpe:2.3:a:linuxfoundation:cups-filters:1.3.0:*:*:*:*:*:*:*", "matchCriteriaId": "AA32A4E7-3083-48C3-9131-534996094883", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:linuxfoundation:foomatic-filters:4.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "0BD0822E-225D-4534-A6F7-D8E442432CA1", "vulnerable": true}, {"criteria": "cpe:2.3:a:linuxfoundation:foomatic-filters:4.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "D31E4828-5DF6-47E7-86AE-CD03259D1E37", "vulnerable": true}, {"criteria": "cpe:2.3:a:linuxfoundation:foomatic-filters:4.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "EF3DD5E3-C304-4519-BE45-F20276E0DB7A", "vulnerable": true}, {"criteria": "cpe:2.3:a:linuxfoundation:foomatic-filters:4.0.3:*:*:*:*:*:*:*", "matchCriteriaId": "1D5FB154-6600-4CE1-9811-5BC672D68991", "vulnerable": true}, {"criteria": "cpe:2.3:a:linuxfoundation:foomatic-filters:4.0.4:*:*:*:*:*:*:*", "matchCriteriaId": "01CE79DA-B5C3-4923-B941-95C4717C8BE9", "vulnerable": true}, {"criteria": "cpe:2.3:a:linuxfoundation:foomatic-filters:4.0.5:*:*:*:*:*:*:*", "matchCriteriaId": "307F7310-F34B-4CEC-B81B-33899006E882", "vulnerable": true}, {"criteria": "cpe:2.3:a:linuxfoundation:foomatic-filters:4.0.6:*:*:*:*:*:*:*", "matchCriteriaId": "9D7CC46F-8875-4630-9B1A-278E94A2CD47", "vulnerable": true}, {"criteria": "cpe:2.3:a:linuxfoundation:foomatic-filters:4.0.7:*:*:*:*:*:*:*", "matchCriteriaId": "5CB351C4-66F2-4DAE-A34D-E5B2237F1887", "vulnerable": true}, {"criteria": "cpe:2.3:a:linuxfoundation:foomatic-filters:4.0.8:*:*:*:*:*:*:*", "matchCriteriaId": "9182A35A-C31C-4C8D-917A-C2B2231364AC", "vulnerable": true}, {"criteria": "cpe:2.3:a:linuxfoundation:foomatic-filters:4.0.9:*:*:*:*:*:*:*", "matchCriteriaId": "63EBEA36-790A-454D-B29F-996D0C0204FC", "vulnerable": true}, {"criteria": "cpe:2.3:a:linuxfoundation:foomatic-filters:4.0.10:*:*:*:*:*:*:*", "matchCriteriaId": "22E3EC4A-48AE-4039-974D-4D5BE0598A79", "vulnerable": true}, {"criteria": "cpe:2.3:a:linuxfoundation:foomatic-filters:4.0.11:*:*:*:*:*:*:*", "matchCriteriaId": "FCB8C32D-C84B-4D0D-A145-562904B94C61", "vulnerable": true}, {"criteria": "cpe:2.3:a:linuxfoundation:foomatic-filters:4.0.12:*:*:*:*:*:*:*", "matchCriteriaId": "66D52942-C9DA-46CF-B066-B2D569EAD5AB", "vulnerable": true}, {"criteria": "cpe:2.3:a:linuxfoundation:foomatic-filters:4.0.13:*:*:*:*:*:*:*", "matchCriteriaId": "F54BE2F2-226D-4EAE-BBE3-8B042E2B3914", "vulnerable": true}, {"criteria": "cpe:2.3:a:linuxfoundation:foomatic-filters:4.0.14:*:*:*:*:*:*:*", "matchCriteriaId": "4CFE1F4C-3476-4C43-99E7-41846BAE6544", "vulnerable": true}, {"criteria": "cpe:2.3:a:linuxfoundation:foomatic-filters:4.0.15:*:*:*:*:*:*:*", "matchCriteriaId": "910858E2-1083-4F9F-827D-E0F8EBA6C1A4", "vulnerable": true}, {"criteria": "cpe:2.3:a:linuxfoundation:foomatic-filters:4.0.16:*:*:*:*:*:*:*", "matchCriteriaId": "CB713EAA-C0CB-464B-B9B4-40D9718B9106", "vulnerable": true}, {"criteria": "cpe:2.3:a:linuxfoundation:foomatic-filters:4.0.17:*:*:*:*:*:*:*", "matchCriteriaId": "6C285215-4125-44E4-A1EC-A2BA92F88251", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Incomplete blacklist vulnerability in util.c in foomatic-rip in cups-filters 1.0.42 before 1.4.0 and in foomatic-filters in Foomatic 4.0.x allows remote attackers to execute arbitrary commands via a ; (semicolon) character in a print job, a different vulnerability than CVE-2015-8327."}, {"lang": "es", "value": "Vulnerabilidad de lista negra incompleta en util.c en foomatic-rip en cups-filters 1.0.42 en versiones anteriores a 1.4.0 y en foomatic-filters en Foomatic 4.0.x permite a atacantes remotos ejecutar comandos arbitrarios a trav\u00e9s de un car\u00e1cter ; (punto y coma) en un trabajo de impresi\u00f3n, una vulnerabilidad diferente a CVE-2015-8327."}], "evaluatorComment": "<a href=\"http://cwe.mitre.org/data/definitions/184.html\">CWE-184: Incomplete Blacklist</a>", "id": "CVE-2015-8560", "lastModified": "2018-10-30T16:27:30.403", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary"}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 7.3, "baseSeverity": "HIGH", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 3.4, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2016-04-14T14:59:06.207", "references": [{"source": "security@debian.org", "tags": ["Vendor Advisory"], "url": "http://bzr.linuxfoundation.org/loggerhead/openprinting/cups-filters/annotate/head:/NEWS"}, {"source": "security@debian.org", "url": "http://bzr.linuxfoundation.org/loggerhead/openprinting/cups-filters/revision/7419"}, {"source": "security@debian.org", "url": "http://rhn.redhat.com/errata/RHSA-2016-0491.html"}, {"source": "security@debian.org", "url": "http://www.debian.org/security/2015/dsa-3419"}, {"source": "security@debian.org", "url": "http://www.debian.org/security/2015/dsa-3429"}, {"source": "security@debian.org", "url": "http://www.openwall.com/lists/oss-security/2015/12/13/2"}, {"source": "security@debian.org", "url": "http://www.openwall.com/lists/oss-security/2015/12/14/13"}, {"source": "security@debian.org", "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html"}, {"source": "security@debian.org", "url": "http://www.ubuntu.com/usn/USN-2838-1"}, {"source": "security@debian.org", "url": "http://www.ubuntu.com/usn/USN-2838-2"}], "sourceIdentifier": "security@debian.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHSA-2016:0491", "cpe": "cpe:/o:redhat:enterprise_linux:6", "package": "foomatic-0:4.0.4-5.el6_7", "product_name": "Red Hat Enterprise Linux 6", "release_date": "2016-03-22T00:00:00Z"}], "bugzilla": {"description": "cups-filters: foomatic-rip did not consider semicolon as illegal shell escape character", "id": "1291227", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1291227"}, "csaw": false, "cvss": {"cvss_base_score": "5.1", "cvss_scoring_vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "status": "verified"}, "cwe": "CWE-77", "details": ["Incomplete blacklist vulnerability in util.c in foomatic-rip in cups-filters 1.0.42 before 1.4.0 and in foomatic-filters in Foomatic 4.0.x allows remote attackers to execute arbitrary commands via a ; (semicolon) character in a print job, a different vulnerability than CVE-2015-8327.", "It was discovered that foomatic-rip failed to remove all shell special characters from inputs used to construct command lines for external programs run by the filter. An attacker could possibly use this flaw to execute arbitrary commands."], "name": "CVE-2015-8560", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:5", "fix_state": "Not affected", "package_name": "cups", "product_name": "Red Hat Enterprise Linux 5"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "cups", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "cups-filters", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Will not fix", "package_name": "foomatic", "product_name": "Red Hat Enterprise Linux 7"}], "public_date": "2015-12-12T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2015-8560\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-8560"], "threat_severity": "Moderate", "upstream_fix": "cups-filters 1.4.0"}