CVE-2009-0164

CWE-20 — Improper Input Validation7 documents7 sources

Severity

6.4MEDIUM

EPSS

4.2%

top 11.28%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apple Cups

Timeline

PublishedApr 24

Latest updateMay 2

Description

The web interface for CUPS before 1.3.10 does not validate the HTTP Host header in a client request, which makes it easier for remote attackers to conduct DNS rebinding attacks.

CVSS vector

AV:N/AC:L/C:N/I:P/A:PExploitability: 10.0 | Impact: 4.9

Affected Packages2 packages

▶Debiancups< 1.3.10-1+3

▶NVDapple/cups1.3.9+55

Patches

Patch: www.cups.org ↗Patch: www.cups.org ↗Patch: bugzilla.redhat.com ↗

🔴Vulnerability Details

GHSA

GHSA-x338-9gp2-578v: The web interface for CUPS before 1↗2022-05-02

▶

OSV

CVE-2009-0164: The web interface for CUPS before 1↗2009-04-24

▶

CVEList

CVE-2009-0164: The web interface for CUPS before 1↗2009-04-24

▶

📋Vendor Advisories

Red Hat

cups: insufficient checking of the HTTP Host: header↗2009-04-16

▶

Debian

CVE-2009-0164: cups - The web interface for CUPS before 1.3.10 does not validate the HTTP Host header ...↗2009

▶

💬Community

Bugzilla

CVE-2009-0164 cups: insufficient checking of the HTTP Host: header↗2009-03-17

▶