Computer Security
[EN] securityvulns.ru no-pyccku


CUPS security vulnerabilities
Published:14.06.2015
Source:
SecurityVulns ID:14537
Type:library
Threat Level:
6/10
Description:Code execution, crossite scripting.
Affected:CUPS : cups 2.0
CVE:CVE-2015-1159 (Cross-site scripting (XSS) vulnerability in the cgi_puts function in cgi-bin/template.c in the template engine in CUPS before 2.0.3 allows remote attackers to inject arbitrary web script or HTML via the QUERY parameter to help/.)
 CVE-2015-1158 (The add_job function in scheduler/ipp.c in cupsd in CUPS before 2.0.3 performs incorrect free operations for multiple-value job-originating-host-name attributes, which allows remote attackers to trigger data corruption for reference-counted strings via a crafted (1) IPP_CREATE_JOB or (2) IPP_PRINT_JOB request, as demonstrated by replacing the configuration file and consequently executing arbitrary code.)
Original documentdocumentUBUNTU, [USN-2629-1] CUPS vulnerabilities (14.06.2015)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod