Cross-site Scripting Vulnerability in Common Unix Printing System (CUPS)
CVE-2014-2856

Currently unrated

Key Information:

Vendor: Apple
Status: Cups
Vendor: CVE Published:; 18 April 2014

What is CVE-2014-2856?

A cross-site scripting vulnerability exists in the Common Unix Printing System (CUPS) before version 1.7.2. This flaw allows remote attackers to inject arbitrary web scripts or HTML through the URL path by exploiting the is_path_absolute function, potentially compromising the security of affected systems. Organizations relying on CUPS should upgrade to the latest version to mitigate this risk.

References

http://secunia.com/advisories/57880

third-party-advisoryx_refsource_SECUNIA

http://www.securityfocus.com/bid/66788

vdb-entryx_refsource_BID

http://www.ubuntu.com/usn/USN-2172-1

vendor-advisoryx_refsource_UBUNTU

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 18, 2014
Vulnerability Reserved
Apr 15, 2014

Apple

What is CVE-2014-2856?

References

Timeline