CVE-2014-3537

CWE-5912 documents8 sources

Severity

1.2LOW

EPSS

0.1%

top 83.33%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apple Cups Canonical Ubuntu Linux Fedoraproject Fedora

Timeline

PublishedJul 23

Latest updateMay 17

Description

The web interface in CUPS before 1.7.4 allows local users in the lp group to read arbitrary files via a symlink attack on a file in /var/cache/cups/rss/.

CVSS vector

AV:L/AC:H/C:P/I:N/A:NExploitability: 1.9 | Impact: 2.9

Affected Packages2 packages

▶Debiancups< 1.7.4-1+3

▶NVDapple/cups1.7.3+4

Also affects: Fedora 20, Ubuntu Linux 10.04, 12.04, 14.04

🔴Vulnerability Details

GHSA

GHSA-5cfv-xhm7-9f3x: The web interface in CUPS before 1↗2022-05-17

▶

CVEList

CVE-2014-3537: The web interface in CUPS before 1↗2014-07-23

▶

OSV

CVE-2014-3537: The web interface in CUPS before 1↗2014-07-23

▶

📋Vendor Advisories

Red Hat

cups: Incomplete fix for CVE-2014-3537↗2014-07-22

▶

Ubuntu

CUPS vulnerability↗2014-07-21

▶

Red Hat

cups: insufficient checking leads to privilege escalation↗2014-07-14

▶

Debian

CVE-2014-3537: cups - The web interface in CUPS before 1.7.4 allows local users in the lp group to rea...↗2014

▶

💬Community

Bugzilla

CVE-2014-5029 CVE-2014-5030 CVE-2014-5031 cups: Incomplete fix for CVE-2014-3537 [fedora-all]↗2014-07-23

▶

Bugzilla

CVE-2014-5029 cups: Incomplete fix for CVE-2014-3537↗2014-07-23

▶

Bugzilla

CVE-2014-3537 cups: insufficient checking leads to privilege escalation [fedora-all]↗2014-07-14

▶

Bugzilla

CVE-2014-3537 cups: insufficient checking leads to privilege escalation↗2014-07-02

▶