CVE-2005-2874Software Products Cups vulnerability

7 documents7 sources
Severity
5.0MEDIUMNVD
EPSS
1.4%
top 19.28%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Apple CupsEasy Software Products Cups
Timeline
PublishedSep 13
Latest updateMay 1

Description

The is_path_absolute function in scheduler/client.c for the daemon in CUPS before 1.1.23 allows remote attackers to cause a denial of service (CPU consumption by tight loop) via a "..\.." URL in an HTTP request.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9

Affected Packages2 packages

Debianapple/cups< 1.1.23-1+3
NVDeasy_software_products/cups45 versions+44

Patches

Patch: securitytracker.comPatch: bugzilla.redhat.comPatch: securitytracker.com

🔴Vulnerability Details

3
GHSA
GHSA-r8x3-vmcc-9q2g: The is_path_absolute function in scheduler/client2022-05-01
OSV
CVE-2005-2874: The is_path_absolute function in scheduler/client2005-09-13
CVEList
CVE-2005-2874: The is_path_absolute function in scheduler/client2005-09-13

📋Vendor Advisories

2
Red Hat
security flaw2005-01-07
Debian
CVE-2005-2874: cups - The is_path_absolute function in scheduler/client.c for the daemon in CUPS befor...2005

💬Community

1
Bugzilla
CVE-2005-2874 security flaw2018-08-16
CVE-2005-2874 — Software Products Cups vulnerability | cvebase