CVE-2008-5184
published 2008-11-21CVE-2008-5184: The web interface (cgi-bin/admin.c) in CUPS before 1.3.8 uses the guest username when a user is not logged on to the web server, which makes it easier for…
critical10CVSS 3.1
AVNACLAuNCCICAC
The web interface (cgi-bin/admin.c) in CUPS before 1.3.8 uses the guest username when a user is not logged on to the web server, which makes it easier for remote attackers to bypass intended policy and conduct CSRF attacks via the (1) add and (2) cancel RSS subscription functions.
Affected
70 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| apple | cups | <= 1.3.7 | — |
| apple | cups | <= 1.3.9 | — |
| apple | cups | — | — |
| apple | cups | — | — |
| apple | cups | — | — |
| apple | cups | — | — |
| apple | cups | — | — |
| apple | cups | — | — |
| apple | cups | — | — |
| apple | cups | — | — |
| apple | cups | — | — |
| apple | cups | — | — |
| apple | cups | — | — |
| apple | cups | — | — |
| apple | cups | — | — |
| apple | cups | — | — |
| apple | cups | — | — |
| apple | cups | — | — |
| apple | cups | — | — |
| apple | cups | — | — |
| apple | cups | — | — |
| apple | cups | — | — |
| apple | cups | — | — |
| apple | cups | — | — |
| apple | cups | — | — |
CVSS provenance
nvd10.0CRITICALAV:N/AC:L/Au:N/C:C/I:C/A:C
nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
osv10.0CRITICAL