CVE-2009-0164

Опубликовано: 24 апр. 2009

Источник: nvd

CVSS2: 6.4

EPSS Низкий

Описание

The web interface for CUPS before 1.3.10 does not validate the HTTP Host header in a client request, which makes it easier for remote attackers to conduct DNS rebinding attacks.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:apple:cups:*:*:*:*:*:*:*:*

Версия до 1.3.9 (включая)

cpe:2.3:a:apple:cups:1.1:*:*:*:*:*:*:*

cpe:2.3:a:apple:cups:1.1.1:*:*:*:*:*:*:*

cpe:2.3:a:apple:cups:1.1.2:*:*:*:*:*:*:*

cpe:2.3:a:apple:cups:1.1.3:*:*:*:*:*:*:*

cpe:2.3:a:apple:cups:1.1.4:*:*:*:*:*:*:*

cpe:2.3:a:apple:cups:1.1.5:*:*:*:*:*:*:*

cpe:2.3:a:apple:cups:1.1.5-1:*:*:*:*:*:*:*

cpe:2.3:a:apple:cups:1.1.5-2:*:*:*:*:*:*:*

cpe:2.3:a:apple:cups:1.1.6:*:*:*:*:*:*:*

cpe:2.3:a:apple:cups:1.1.6-1:*:*:*:*:*:*:*

cpe:2.3:a:apple:cups:1.1.6-2:*:*:*:*:*:*:*

cpe:2.3:a:apple:cups:1.1.6-3:*:*:*:*:*:*:*

cpe:2.3:a:apple:cups:1.1.7:*:*:*:*:*:*:*

cpe:2.3:a:apple:cups:1.1.8:*:*:*:*:*:*:*

cpe:2.3:a:apple:cups:1.1.9:*:*:*:*:*:*:*

cpe:2.3:a:apple:cups:1.1.9-1:*:*:*:*:*:*:*

cpe:2.3:a:apple:cups:1.1.10:*:*:*:*:*:*:*

cpe:2.3:a:apple:cups:1.1.10-1:*:*:*:*:*:*:*

cpe:2.3:a:apple:cups:1.1.11:*:*:*:*:*:*:*

cpe:2.3:a:apple:cups:1.1.12:*:*:*:*:*:*:*

cpe:2.3:a:apple:cups:1.1.13:*:*:*:*:*:*:*

cpe:2.3:a:apple:cups:1.1.14:*:*:*:*:*:*:*

cpe:2.3:a:apple:cups:1.1.15:*:*:*:*:*:*:*

cpe:2.3:a:apple:cups:1.1.16:*:*:*:*:*:*:*

cpe:2.3:a:apple:cups:1.1.17:*:*:*:*:*:*:*

cpe:2.3:a:apple:cups:1.1.18:*:*:*:*:*:*:*

cpe:2.3:a:apple:cups:1.1.19:*:*:*:*:*:*:*

cpe:2.3:a:apple:cups:1.1.19:rc1:*:*:*:*:*:*

cpe:2.3:a:apple:cups:1.1.19:rc2:*:*:*:*:*:*

cpe:2.3:a:apple:cups:1.1.19:rc3:*:*:*:*:*:*

cpe:2.3:a:apple:cups:1.1.19:rc4:*:*:*:*:*:*

cpe:2.3:a:apple:cups:1.1.19:rc5:*:*:*:*:*:*

cpe:2.3:a:apple:cups:1.1.20:*:*:*:*:*:*:*

cpe:2.3:a:apple:cups:1.1.20:rc1:*:*:*:*:*:*

cpe:2.3:a:apple:cups:1.1.20:rc2:*:*:*:*:*:*

cpe:2.3:a:apple:cups:1.1.20:rc3:*:*:*:*:*:*

cpe:2.3:a:apple:cups:1.1.20:rc4:*:*:*:*:*:*

cpe:2.3:a:apple:cups:1.1.20:rc5:*:*:*:*:*:*

cpe:2.3:a:apple:cups:1.1.20:rc6:*:*:*:*:*:*

cpe:2.3:a:apple:cups:1.1.21:*:*:*:*:*:*:*

cpe:2.3:a:apple:cups:1.1.21:rc1:*:*:*:*:*:*

cpe:2.3:a:apple:cups:1.1.21:rc2:*:*:*:*:*:*

cpe:2.3:a:apple:cups:1.1.22:*:*:*:*:*:*:*

cpe:2.3:a:apple:cups:1.1.22:rc1:*:*:*:*:*:*

cpe:2.3:a:apple:cups:1.1.22:rc2:*:*:*:*:*:*

cpe:2.3:a:apple:cups:1.1.23:*:*:*:*:*:*:*

cpe:2.3:a:apple:cups:1.1.23:rc1:*:*:*:*:*:*

cpe:2.3:a:apple:cups:1.2:b1:*:*:*:*:*:*

cpe:2.3:a:apple:cups:1.2:b2:*:*:*:*:*:*

cpe:2.3:a:apple:cups:1.2:rc1:*:*:*:*:*:*

cpe:2.3:a:apple:cups:1.2:rc2:*:*:*:*:*:*

cpe:2.3:a:apple:cups:1.2:rc3:*:*:*:*:*:*

cpe:2.3:a:apple:cups:1.2.0:*:*:*:*:*:*:*

cpe:2.3:a:apple:cups:1.2.1:*:*:*:*:*:*:*

cpe:2.3:a:apple:cups:1.2.2:*:*:*:*:*:*:*

cpe:2.3:a:apple:cups:1.2.3:*:*:*:*:*:*:*

cpe:2.3:a:apple:cups:1.2.4:*:*:*:*:*:*:*

cpe:2.3:a:apple:cups:1.2.5:*:*:*:*:*:*:*

cpe:2.3:a:apple:cups:1.2.6:*:*:*:*:*:*:*

cpe:2.3:a:apple:cups:1.2.7:*:*:*:*:*:*:*

cpe:2.3:a:apple:cups:1.2.8:*:*:*:*:*:*:*

cpe:2.3:a:apple:cups:1.2.9:*:*:*:*:*:*:*

cpe:2.3:a:apple:cups:1.2.10:*:*:*:*:*:*:*

cpe:2.3:a:apple:cups:1.2.11:*:*:*:*:*:*:*

cpe:2.3:a:apple:cups:1.2.12:*:*:*:*:*:*:*

cpe:2.3:a:apple:cups:1.3:b1:*:*:*:*:*:*

cpe:2.3:a:apple:cups:1.3:rc1:*:*:*:*:*:*

cpe:2.3:a:apple:cups:1.3:rc2:*:*:*:*:*:*

cpe:2.3:a:apple:cups:1.3.0:*:*:*:*:*:*:*

cpe:2.3:a:apple:cups:1.3.1:*:*:*:*:*:*:*

cpe:2.3:a:apple:cups:1.3.2:*:*:*:*:*:*:*

cpe:2.3:a:apple:cups:1.3.3:*:*:*:*:*:*:*

cpe:2.3:a:apple:cups:1.3.4:*:*:*:*:*:*:*

cpe:2.3:a:apple:cups:1.3.5:*:*:*:*:*:*:*

cpe:2.3:a:apple:cups:1.3.6:*:*:*:*:*:*:*

cpe:2.3:a:apple:cups:1.3.7:*:*:*:*:*:*:*

cpe:2.3:a:apple:cups:1.3.8:*:*:*:*:*:*:*

EPSS

Процентиль: 89%

0.0445

Низкий

6.4 Medium

CVSS2

Дефекты

CWE-20

Связанные уязвимости

CVE-2009-0164

ubuntu

больше 16 лет назад

The web interface for CUPS before 1.3.10 does not validate the HTTP Host header in a client request, which makes it easier for remote attackers to conduct DNS rebinding attacks.

CVE-2009-0164

redhat

больше 16 лет назад

The web interface for CUPS before 1.3.10 does not validate the HTTP Host header in a client request, which makes it easier for remote attackers to conduct DNS rebinding attacks.

CVE-2009-0164

debian

больше 16 лет назад

The web interface for CUPS before 1.3.10 does not validate the HTTP Ho ...

GHSA-x338-9gp2-578v

github

больше 3 лет назад

The web interface for CUPS before 1.3.10 does not validate the HTTP Host header in a client request, which makes it easier for remote attackers to conduct DNS rebinding attacks.

BDU:2015-09375

fstec

больше 16 лет назад

Уязвимости операционной системы Gentoo Linux, позволяющие удаленному злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации

EPSS

Процентиль: 89%

0.0445

Низкий

6.4 Medium

CVSS2

Дефекты

CWE-20