CVE-2014-4338
cups-filters < 1.0.52 - Unauthenticated Access Control Bypass via Malformed BrowseAllow Directive
Title source: llmDescription
cups-browsed in cups-filters before 1.0.53 allows remote attackers to bypass intended access restrictions in opportunistic circumstances by leveraging a malformed cups-browsed.conf BrowseAllow directive that is interpreted as granting browse access to all IP addresses.
References (6)
Core 6
Core References
Third Party Advisory vendor-advisory
x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2014-1795.html
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/68124
Third Party Advisory x_refsource_confirm
https://bugs.linuxfoundation.org/show_bug.cgi?id=1204
Permissions Required third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/62044
Mailing List, Third Party Advisory mailing-list
x_refsource_mlist
http://openwall.com/lists/oss-security/2014/04/25/7
Mailing List, Third Party Advisory mailing-list
x_refsource_mlist
http://openwall.com/lists/oss-security/2014/06/19/12
Scores
EPSS
0.0039
EPSS Percentile
60.5%
Details
CWE
CWE-264
Status
published
Products (1)
linuxfoundation/cups-filters
< 1.0.52
Published
Jun 22, 2014
Tracked Since
Feb 18, 2026