Description
The web interface in CUPS before 1.4.2, as used on Apple Mac OS X before 10.6.2 and other platforms, does not properly handle (1) HTTP headers and (2) HTML templates, which allows remote attackers to conduct cross-site scripting (XSS) attacks and HTTP response splitting attacks via vectors related to (a) the product's web interface, (b) the configuration of the print system, and (c) the titles of printed jobs, as demonstrated by an XSS attack that uses the kerberos parameter to the admin program, and leverages attribute injection and HTTP Parameter Pollution (HPP) issues.
Exploits (1)
exploitdb
WRITEUP
VERIFIED
by Aaron Sigel · textremotemultiple
https://www.exploit-db.com/exploits/10001
References (15)
Core 15
Core References
Various Sources x_refsource_confirm
http://www.cups.org/str.php?L3367
Vendor Advisory vendor-advisory
x_refsource_sunalert
http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021115.1-1
Vendor Advisory vendor-advisory
x_refsource_redhat
http://www.redhat.com/support/errata/RHSA-2009-1595.html
Vendor Advisory vendor-advisory
x_refsource_mandriva
http://www.mandriva.com/security/advisories?name=MDVSA-2010:072
Patch vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/36956
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/37308
Issue Tracking x_refsource_confirm
https://bugzilla.redhat.com/show_bug.cgi?id=529833
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/37360
Vendor Advisory vendor-advisory
x_refsource_mandriva
http://www.mandriva.com/security/advisories?name=MDVSA-2010:073
Third Party Advisory, VDB Entry vdb-entry
signature
x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9153
Various Sources x_refsource_confirm
http://www.cups.org/documentation.php/relnotes.html
Third Party Advisory vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2009/3184
Various Sources x_refsource_confirm
http://www.cups.org/articles.php?L590
Vendor Advisory vendor-advisory
x_refsource_apple
http://lists.apple.com/archives/security-announce/2009/Nov/msg00000.html
Patch, Vendor Advisory x_refsource_confirm
http://support.apple.com/kb/HT3937
Scores
EPSS
0.0199
EPSS Percentile
83.7%
Details
CWE
CWE-79
Status
published
Products (50)
apple/mac_os_x
10.0
apple/mac_os_x
10.0.0
apple/mac_os_x
10.0.1
apple/mac_os_x
10.0.2
apple/mac_os_x
10.0.3
apple/mac_os_x
10.0.4
apple/mac_os_x
10.1
apple/mac_os_x
10.1.0
apple/mac_os_x
10.1.1
apple/mac_os_x
10.1.2
... and 40 more
Published
Nov 10, 2009
Tracked Since
Feb 18, 2026