Описание
CUPS cups-browsed before 2.5b1 will send an HTTP POST request to an arbitrary destination and port in response to a single IPP UDP packet requesting a printer to be added, a different vulnerability than CVE-2024-47176. (The request is meant to probe the new printer but can be used to create DDoS amplification attacks.)
A flaw was found in cups-browsed. This vulnerability allows an attacker to launch DDoS amplification attacks via an HTTP POST request to an arbitrary destination and port in response to a single IPP UDP packet requesting a printer to be added.
Отчет
CVE-2024-47850 is resolved by the same fixes released for the related CVE-2024-47176.
Меры по смягчению последствий
See the security bulletin for a detailed mitigation procedure.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 10 | cups-browsed | Affected | ||
| Red Hat Enterprise Linux 7.7 Advanced Update Support | cups-filters | Fixed | RHSA-2024:7551 | 02.10.2024 |
| Red Hat Enterprise Linux 7 Extended Lifecycle Support | cups-filters | Fixed | RHSA-2024:7553 | 02.10.2024 |
| Red Hat Enterprise Linux 8 | cups-filters | Fixed | RHSA-2024:7463 | 01.10.2024 |
| Red Hat Enterprise Linux 8.2 Advanced Update Support | cups-filters | Fixed | RHSA-2024:7461 | 01.10.2024 |
| Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support | cups-filters | Fixed | RHSA-2024:7504 | 02.10.2024 |
| Red Hat Enterprise Linux 8.4 Telecommunications Update Service | cups-filters | Fixed | RHSA-2024:7504 | 02.10.2024 |
| Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions | cups-filters | Fixed | RHSA-2024:7504 | 02.10.2024 |
| Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support | cups-filters | Fixed | RHSA-2024:7623 | 03.10.2024 |
| Red Hat Enterprise Linux 8.6 Telecommunications Update Service | cups-filters | Fixed | RHSA-2024:7623 | 03.10.2024 |
Показывать по
Дополнительная информация
Статус:
EPSS
7.5 High
CVSS3
Связанные уязвимости
CUPS cups-browsed before 2.5b1 will send an HTTP POST request to an arbitrary destination and port in response to a single IPP UDP packet requesting a printer to be added, a different vulnerability than CVE-2024-47176. (The request is meant to probe the new printer but can be used to create DDoS amplification attacks.)
CUPS cups-browsed before 2.5b1 will send an HTTP POST request to an arbitrary destination and port in response to a single IPP UDP packet requesting a printer to be added, a different vulnerability than CVE-2024-47176. (The request is meant to probe the new printer but can be used to create DDoS amplification attacks.)
CUPS cups-browsed before 2.5b1 will send an HTTP POST request to an ar ...
CUPS cups-browsed before 2.5b1 will send an HTTP POST request to an arbitrary destination and port in response to a single IPP UDP packet requesting a printer to be added, a different vulnerability than CVE-2024-47176. (The request is meant to probe the new printer but can be used to create DDoS amplification attacks.)
EPSS
7.5 High
CVSS3