Описание
The web interface in CUPS 1.7.4 allows local users in the lp group to read arbitrary files via a symlink attack on a file in /var/cache/cups/rss/ and language[0] set to null. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-3537.
| Релиз | Статус | Примечание |
|---|---|---|
| devel | not-affected | 1.7.5-1 |
| esm-infra-legacy/trusty | DNE | trusty/esm was DNE [trusty was released [1.7.2-0ubuntu1.2]] |
| lucid | released | 1.4.3-1ubuntu1.13 |
| precise | released | 1.5.3-0ubuntu8.5 |
| trusty | released | 1.7.2-0ubuntu1.2 |
| trusty/esm | DNE | trusty was released [1.7.2-0ubuntu1.2] |
| upstream | released | 1.7.4-5 |
Показывать по
EPSS
1.5 Low
CVSS2
Связанные уязвимости
The web interface in CUPS 1.7.4 allows local users in the lp group to read arbitrary files via a symlink attack on a file in /var/cache/cups/rss/ and language[0] set to null. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-3537.
The web interface in CUPS 1.7.4 allows local users in the lp group to read arbitrary files via a symlink attack on a file in /var/cache/cups/rss/ and language[0] set to null. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-3537.
The web interface in CUPS 1.7.4 allows local users in the lp group to ...
The web interface in CUPS 1.7.4 allows local users in the lp group to read arbitrary files via a symlink attack on a file in /var/cache/cups/rss/ and language[0] set to null. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-3537.
Уязвимости операционной системы Debian GNU/Linux, позволяющие удаленному злоумышленнику нарушить конфиденциальность защищаемой информации
EPSS
1.5 Low
CVSS2