vendor:
CUPS
by:
Adrian 'pagvac' Pastor
7.5
CVSS
HIGH
Denial of Service (DoS)
400
CWE
Product Name: CUPS
Affected Version From: 1.3.2007
Affected Version To: 1.3.2007
Patch Exists: NO
Related CWE: N/A
CPE: a:apple:cups:1.3.7
Metasploit:
N/A
Other Scripts:
N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References:
N/A
Nuclei Metadata: N/A
Platforms Tested: Ubuntu 8.04.1, Linux 2.6.24-21-generic, openSUSE 11.0, Linux 2.6.25.5-1.1-default
2008
CUPS Denial of Service (DoS) Exploit
This exploit makes 101 CSRFed requests to the CUPS daemon via 'img' tags, causing the CUPS daemon to crash.
Mitigation:
Restrict access to the CUPS daemon to trusted users and networks.