CUPS Web Interface Vulnerability in Apple and Linux Systems
CVE-2009-0164

Currently unrated

Key Information:

Vendor: Apple
Status: Cups
Vendor: CVE Published:; 24 April 2009

Summary

The web interface for the Common Unix Printing System (CUPS) prior to version 1.3.10 is susceptible to manipulation of HTTP Host headers. This vulnerability can be exploited by remote attackers to perform DNS rebinding attacks, which may allow unauthorized manipulation of the printing services on affected systems. The absence of proper validation enables attackers to redirect requests, potentially gaining access to sensitive information or compromising the integrity of the print jobs.

References

https://bugzilla.redhat.com/show_bug.cgi?id=490597

x_refsource_CONFIRM

http://security.gentoo.org/glsa/glsa-200904-20.xml

vendor-advisoryx_refsource_GENTOO

http://www.cups.org/str.php?L3118

x_refsource_CONFIRM

Timeline

Vulnerability published
Apr 24, 2009
Vulnerability Reserved
Jan 16, 2009