CVE-2009-0164

Currently unrated

Key Information:

Vendor: Apple
Status: Cups
Vendor: CVE Published:; 24 April 2009

Summary

The web interface for CUPS before 1.3.10 does not validate the HTTP Host header in a client request, which makes it easier for remote attackers to conduct DNS rebinding attacks.

References

https://bugzilla.redhat.com/show_bug.cgi?id=490597

x_refsource_CONFIRM

http://security.gentoo.org/glsa/glsa-200904-20.xml

vendor-advisoryx_refsource_GENTOO

http://www.cups.org/str.php?L3118

x_refsource_CONFIRM

Timeline

Vulnerability published
Apr 24, 2009
Vulnerability Reserved
Jan 16, 2009