Описание
The web interface for CUPS before 1.3.10 does not validate the HTTP Host header in a client request, which makes it easier for remote attackers to conduct DNS rebinding attacks.
The web interface for CUPS before 1.3.10 does not validate the HTTP Host header in a client request, which makes it easier for remote attackers to conduct DNS rebinding attacks.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2009-0164
- https://bugzilla.redhat.com/show_bug.cgi?id=490597
- http://bugs.gentoo.org/show_bug.cgi?id=263070
- http://lists.apple.com/archives/security-announce/2009/May/msg00002.html
- http://secunia.com/advisories/35074
- http://security.gentoo.org/glsa/glsa-200904-20.xml
- http://support.apple.com/kb/HT3549
- http://wiki.rpath.com/Advisories:rPSA-2009-0061
- http://www.cups.org/articles.php?L582
- http://www.cups.org/str.php?L3118
- http://www.securityfocus.com/archive/1/502750/100/0/threaded
- http://www.securityfocus.com/bid/34665
- http://www.us-cert.gov/cas/techalerts/TA09-133A.html
- http://www.vupen.com/english/advisories/2009/1297
Связанные уязвимости
The web interface for CUPS before 1.3.10 does not validate the HTTP Host header in a client request, which makes it easier for remote attackers to conduct DNS rebinding attacks.
The web interface for CUPS before 1.3.10 does not validate the HTTP Host header in a client request, which makes it easier for remote attackers to conduct DNS rebinding attacks.
The web interface for CUPS before 1.3.10 does not validate the HTTP Host header in a client request, which makes it easier for remote attackers to conduct DNS rebinding attacks.
The web interface for CUPS before 1.3.10 does not validate the HTTP Ho ...
Уязвимости операционной системы Gentoo Linux, позволяющие удаленному злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации