CVE-2014-2856

Опубликовано: 18 апр. 2014

Источник: nvd

CVSS2: 4.3

EPSS Низкий

Описание

Cross-site scripting (XSS) vulnerability in scheduler/client.c in Common Unix Printing System (CUPS) before 1.7.2 allows remote attackers to inject arbitrary web script or HTML via the URL path, related to the is_path_absolute function.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:apple:cups:*:*:*:*:*:*:*:*

Версия до 1.7.1 (включая)

cpe:2.3:a:apple:cups:1.1:*:*:*:*:*:*:*

cpe:2.3:a:apple:cups:1.1.1:*:*:*:*:*:*:*

cpe:2.3:a:apple:cups:1.1.2:*:*:*:*:*:*:*

cpe:2.3:a:apple:cups:1.1.3:*:*:*:*:*:*:*

cpe:2.3:a:apple:cups:1.1.4:*:*:*:*:*:*:*

cpe:2.3:a:apple:cups:1.1.5:*:*:*:*:*:*:*

cpe:2.3:a:apple:cups:1.1.5-1:*:*:*:*:*:*:*

cpe:2.3:a:apple:cups:1.1.5-2:*:*:*:*:*:*:*

cpe:2.3:a:apple:cups:1.1.6:*:*:*:*:*:*:*

cpe:2.3:a:apple:cups:1.1.6-1:*:*:*:*:*:*:*

cpe:2.3:a:apple:cups:1.1.6-2:*:*:*:*:*:*:*

cpe:2.3:a:apple:cups:1.1.6-3:*:*:*:*:*:*:*

cpe:2.3:a:apple:cups:1.1.7:*:*:*:*:*:*:*

cpe:2.3:a:apple:cups:1.1.8:*:*:*:*:*:*:*

cpe:2.3:a:apple:cups:1.1.9:*:*:*:*:*:*:*

cpe:2.3:a:apple:cups:1.1.9-1:*:*:*:*:*:*:*

cpe:2.3:a:apple:cups:1.1.10:*:*:*:*:*:*:*

cpe:2.3:a:apple:cups:1.1.10-1:*:*:*:*:*:*:*

cpe:2.3:a:apple:cups:1.1.11:*:*:*:*:*:*:*

cpe:2.3:a:apple:cups:1.1.12:*:*:*:*:*:*:*

cpe:2.3:a:apple:cups:1.1.13:*:*:*:*:*:*:*

cpe:2.3:a:apple:cups:1.1.14:*:*:*:*:*:*:*

cpe:2.3:a:apple:cups:1.1.15:*:*:*:*:*:*:*

cpe:2.3:a:apple:cups:1.1.16:*:*:*:*:*:*:*

cpe:2.3:a:apple:cups:1.1.17:*:*:*:*:*:*:*

cpe:2.3:a:apple:cups:1.1.18:*:*:*:*:*:*:*

cpe:2.3:a:apple:cups:1.1.19:*:*:*:*:*:*:*

cpe:2.3:a:apple:cups:1.1.19:rc1:*:*:*:*:*:*

cpe:2.3:a:apple:cups:1.1.19:rc2:*:*:*:*:*:*

cpe:2.3:a:apple:cups:1.1.19:rc3:*:*:*:*:*:*

cpe:2.3:a:apple:cups:1.1.19:rc4:*:*:*:*:*:*

cpe:2.3:a:apple:cups:1.1.19:rc5:*:*:*:*:*:*

cpe:2.3:a:apple:cups:1.1.20:*:*:*:*:*:*:*

cpe:2.3:a:apple:cups:1.1.20:rc1:*:*:*:*:*:*

cpe:2.3:a:apple:cups:1.1.20:rc2:*:*:*:*:*:*

cpe:2.3:a:apple:cups:1.1.20:rc3:*:*:*:*:*:*

cpe:2.3:a:apple:cups:1.1.20:rc4:*:*:*:*:*:*

cpe:2.3:a:apple:cups:1.1.20:rc5:*:*:*:*:*:*

cpe:2.3:a:apple:cups:1.1.20:rc6:*:*:*:*:*:*

cpe:2.3:a:apple:cups:1.1.21:*:*:*:*:*:*:*

cpe:2.3:a:apple:cups:1.1.21:rc1:*:*:*:*:*:*

cpe:2.3:a:apple:cups:1.1.21:rc2:*:*:*:*:*:*

cpe:2.3:a:apple:cups:1.1.22:*:*:*:*:*:*:*

cpe:2.3:a:apple:cups:1.1.22:rc1:*:*:*:*:*:*

cpe:2.3:a:apple:cups:1.1.22:rc2:*:*:*:*:*:*

cpe:2.3:a:apple:cups:1.1.23:*:*:*:*:*:*:*

cpe:2.3:a:apple:cups:1.1.23:rc1:*:*:*:*:*:*

cpe:2.3:a:apple:cups:1.2:b1:*:*:*:*:*:*

cpe:2.3:a:apple:cups:1.2:b2:*:*:*:*:*:*

cpe:2.3:a:apple:cups:1.2:rc1:*:*:*:*:*:*

cpe:2.3:a:apple:cups:1.2:rc2:*:*:*:*:*:*

cpe:2.3:a:apple:cups:1.2:rc3:*:*:*:*:*:*

cpe:2.3:a:apple:cups:1.2.0:*:*:*:*:*:*:*

cpe:2.3:a:apple:cups:1.2.1:*:*:*:*:*:*:*

cpe:2.3:a:apple:cups:1.2.2:*:*:*:*:*:*:*

cpe:2.3:a:apple:cups:1.2.3:*:*:*:*:*:*:*

cpe:2.3:a:apple:cups:1.2.4:*:*:*:*:*:*:*

cpe:2.3:a:apple:cups:1.2.5:*:*:*:*:*:*:*

cpe:2.3:a:apple:cups:1.2.6:*:*:*:*:*:*:*

cpe:2.3:a:apple:cups:1.2.7:*:*:*:*:*:*:*

cpe:2.3:a:apple:cups:1.2.8:*:*:*:*:*:*:*

cpe:2.3:a:apple:cups:1.2.9:*:*:*:*:*:*:*

cpe:2.3:a:apple:cups:1.2.10:*:*:*:*:*:*:*

cpe:2.3:a:apple:cups:1.2.11:*:*:*:*:*:*:*

cpe:2.3:a:apple:cups:1.2.12:*:*:*:*:*:*:*

cpe:2.3:a:apple:cups:1.3:b1:*:*:*:*:*:*

cpe:2.3:a:apple:cups:1.3:rc1:*:*:*:*:*:*

cpe:2.3:a:apple:cups:1.3:rc2:*:*:*:*:*:*

cpe:2.3:a:apple:cups:1.3.0:*:*:*:*:*:*:*

cpe:2.3:a:apple:cups:1.3.1:*:*:*:*:*:*:*

cpe:2.3:a:apple:cups:1.3.2:*:*:*:*:*:*:*

cpe:2.3:a:apple:cups:1.3.3:*:*:*:*:*:*:*

cpe:2.3:a:apple:cups:1.3.4:*:*:*:*:*:*:*

cpe:2.3:a:apple:cups:1.3.5:*:*:*:*:*:*:*

cpe:2.3:a:apple:cups:1.3.6:*:*:*:*:*:*:*

cpe:2.3:a:apple:cups:1.3.7:*:*:*:*:*:*:*

cpe:2.3:a:apple:cups:1.3.8:*:*:*:*:*:*:*

cpe:2.3:a:apple:cups:1.3.9:*:*:*:*:*:*:*

cpe:2.3:a:apple:cups:1.3.10:*:*:*:*:*:*:*

cpe:2.3:a:apple:cups:1.3.11:*:*:*:*:*:*:*

cpe:2.3:a:apple:cups:1.4:b1:*:*:*:*:*:*

cpe:2.3:a:apple:cups:1.4:b2:*:*:*:*:*:*

cpe:2.3:a:apple:cups:1.4:b3:*:*:*:*:*:*

cpe:2.3:a:apple:cups:1.4:rc1:*:*:*:*:*:*

cpe:2.3:a:apple:cups:1.4.0:*:*:*:*:*:*:*

cpe:2.3:a:apple:cups:1.4.1:*:*:*:*:*:*:*

cpe:2.3:a:apple:cups:1.4.2:*:*:*:*:*:*:*

cpe:2.3:a:apple:cups:1.4.3:*:*:*:*:*:*:*

cpe:2.3:a:apple:cups:1.4.4:*:*:*:*:*:*:*

cpe:2.3:a:apple:cups:1.4.5:*:*:*:*:*:*:*

cpe:2.3:a:apple:cups:1.4.6:*:*:*:*:*:*:*

cpe:2.3:a:apple:cups:1.4.7:*:*:*:*:*:*:*

cpe:2.3:a:apple:cups:1.4.8:*:*:*:*:*:*:*

cpe:2.3:a:apple:cups:1.5:b1:*:*:*:*:*:*

cpe:2.3:a:apple:cups:1.5:b2:*:*:*:*:*:*

cpe:2.3:a:apple:cups:1.5:rc1:*:*:*:*:*:*

cpe:2.3:a:apple:cups:1.5.0:*:*:*:*:*:*:*

cpe:2.3:a:apple:cups:1.5.1:*:*:*:*:*:*:*

cpe:2.3:a:apple:cups:1.5.2:*:*:*:*:*:*:*

cpe:2.3:a:apple:cups:1.5.3:*:*:*:*:*:*:*

cpe:2.3:a:apple:cups:1.5.4:*:*:*:*:*:*:*

cpe:2.3:a:apple:cups:1.6:b1:*:*:*:*:*:*

cpe:2.3:a:apple:cups:1.6:rc1:*:*:*:*:*:*

cpe:2.3:a:apple:cups:1.6.1:*:*:*:*:*:*:*

cpe:2.3:a:apple:cups:1.6.2:*:*:*:*:*:*:*

cpe:2.3:a:apple:cups:1.6.3:*:*:*:*:*:*:*

cpe:2.3:a:apple:cups:1.6.4:*:*:*:*:*:*:*

cpe:2.3:a:apple:cups:1.7:rc1:*:*:*:*:*:*

cpe:2.3:a:apple:cups:1.7.0:*:*:*:*:*:*:*

cpe:2.3:a:apple:cups:1.7.1:b1:*:*:*:*:*:*

EPSS

Процентиль: 76%

0.01035

Низкий

4.3 Medium

CVSS2

Дефекты

CWE-79

Связанные уязвимости

CVE-2014-2856

ubuntu

больше 11 лет назад

CVE-2014-2856

redhat

больше 11 лет назад

CVE-2014-2856

debian

больше 11 лет назад

Cross-site scripting (XSS) vulnerability in scheduler/client.c in Comm ...

GHSA-5rr9-vfp7-m4m5

github

больше 3 лет назад

ELSA-2014-1388

oracle-oval

почти 11 лет назад

ELSA-2014-1388: cups security and bug fix update (MODERATE)

EPSS

Процентиль: 76%

0.01035

Низкий

4.3 Medium

CVSS2

Дефекты

CWE-79