CVE-2014-5030

CWE-5912 documents8 sources

Severity

1.9LOW

EPSS

0.1%

top 83.82%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apple Cups Canonical Ubuntu Linux

Timeline

PublishedJul 29

Latest updateMay 17

Description

CUPS before 2.0 allows local users to read arbitrary files via a symlink attack on (1) index.html, (2) index.class, (3) index.pl, (4) index.php, (5) index.pyc, or (6) index.py.

CVSS vector

AV:L/AC:M/C:P/I:N/A:NExploitability: 3.4 | Impact: 2.9

Affected Packages2 packages

▶Debiancups< 1.7.4-2+3

▶NVDapple/cups1.7.4+5

Also affects: Ubuntu Linux 10.04, 12.04, 14.04

Patches

Patch: cups.org ↗Patch: cups.org ↗

🔴Vulnerability Details

GHSA

GHSA-f4q9-g8vj-q74x: CUPS before 2↗2022-05-17

▶

OSV

libdbi-perl vulnerabilities↗2022-02-03

▶

OSV

CVE-2014-5030: CUPS before 2↗2014-07-29

▶

CVEList

CVE-2014-5030: CUPS before 2↗2014-07-29

▶

📋Vendor Advisories

Ubuntu

CUPS vulnerabilities↗2014-09-08

▶

Red Hat

cups: allows local users to read arbitrary files via a symlink attack↗2014-07-22

▶

Debian

CVE-2014-5030: cups - CUPS before 2.0 allows local users to read arbitrary files via a symlink attack ...↗2014

▶

💬Community

Bugzilla

CVE-2014-5030 cups: allows local users to read arbitrary files via a symlink attack↗2014-08-11

▶

Bugzilla

CVE-2014-5030 cups: various flaws [fedora-all]↗2014-08-11

▶

Bugzilla

CVE-2014-5029 CVE-2014-5030 CVE-2014-5031 cups: Incomplete fix for CVE-2014-3537 [fedora-all]↗2014-07-23

▶