An arbitrary file creation vulnerability exists in PaperCut NG/MF that only affects Windows servers with Web Print enabled. This specific flaw exists within the web-print.exe process, which can incorrectly create files that don’t exist when a maliciously formed payload is provided. This can be used to flood disk space and result in a Denial of Service (DoS) attack.
Note:
This CVE has been split from CVE-2024-4712.
Metrics
Affected Vendors & Products
References
Link | Providers |
---|---|
https://www.papercut.com/kb/Main/Security-Bulletin-May-2024/ |
History
Thu, 26 Sep 2024 15:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|
Thu, 26 Sep 2024 02:00:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | An arbitrary file creation vulnerability exists in PaperCut NG/MF that only affects Windows servers with Web Print enabled. This specific flaw exists within the web-print.exe process, which can incorrectly create files that don’t exist when a maliciously formed payload is provided. This can be used to flood disk space and result in a Denial of Service (DoS) attack. Note: This CVE has been split from CVE-2024-4712. | |
Title | Arbitrary File Creation in PaperCut NG/MF Web Print leading to a Denial of Service attack | |
Weaknesses | CWE-77 | |
References |
| |
Metrics |
cvssV3_1
|
MITRE
Status: PUBLISHED
Assigner: PaperCut
Published: 2024-09-26T01:36:26.364Z
Updated: 2024-09-26T15:02:10.145Z
Reserved: 2024-09-04T05:55:45.849Z
Link: CVE-2024-8405
Vulnrichment
Updated: 2024-09-26T15:02:05.465Z
NVD
Status : Awaiting Analysis
Published: 2024-09-26T02:15:03.007
Modified: 2024-09-26T13:32:02.803
Link: CVE-2024-8405
Redhat
No data.