CVE-2004-2154

CUPS before 1.1.21rc1 treats a Location directive in cupsd.conf as case sensitive, which allows attackers to bypass intended ACLs via a printer name containing uppercase or lowercase letters that are different from what is specified in the directive.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:apple:cups:*:*:*:*:*:*:*:*
cpe:2.3:a:apple:cups:1.1.21:-:*:*:*:*:*:*

Configuration 2 (hide)

cpe:2.3:o:canonical:ubuntu_linux:4.10:*:*:*:*:*:*:*

History

15 Feb 2024, 21:17

Type Values Removed Values Added
CWE NVD-CWE-Other CWE-178
References () http://www.cups.org/str.php?L700 - Patch () http://www.cups.org/str.php?L700 - Broken Link, Patch
References () http://www.novell.com/linux/security/advisories/2005_18_sr.html - () http://www.novell.com/linux/security/advisories/2005_18_sr.html - Broken Link
References () http://www.redhat.com/support/errata/RHSA-2005-571.html - () http://www.redhat.com/support/errata/RHSA-2005-571.html - Broken Link
References () http://www.ubuntu.com/usn/usn-185-1 - () http://www.ubuntu.com/usn/usn-185-1 - Third Party Advisory
References () https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=162405 - Vendor Advisory () https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=162405 - Issue Tracking, Vendor Advisory
References () https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=163274 - () https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=163274 - Issue Tracking
References () https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9940 - () https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9940 - Broken Link
CVSS v2 : 7.5
v3 : unknown
v2 : 7.5
v3 : 9.8
CPE cpe:2.3:a:easy_software_products:cups:1.1.12:*:*:*:*:*:*:*
cpe:2.3:a:easy_software_products:cups:1.1.20:*:*:*:*:*:*:*
cpe:2.3:a:easy_software_products:cups:1.1.4_2:*:*:*:*:*:*:*
cpe:2.3:a:easy_software_products:cups:1.1.18:*:*:*:*:*:*:*
cpe:2.3:a:easy_software_products:cups:1.1.13:*:*:*:*:*:*:*
cpe:2.3:a:easy_software_products:cups:1.1.19_rc5:*:*:*:*:*:*:*
cpe:2.3:a:easy_software_products:cups:1.1.15:*:*:*:*:*:*:*
cpe:2.3:a:easy_software_products:cups:1.1.4:*:*:*:*:*:*:*
cpe:2.3:a:easy_software_products:cups:1.0.4:*:*:*:*:*:*:*
cpe:2.3:a:easy_software_products:cups:1.1.6:*:*:*:*:*:*:*
cpe:2.3:a:easy_software_products:cups:1.1.4_3:*:*:*:*:*:*:*
cpe:2.3:a:easy_software_products:cups:1.0.4_8:*:*:*:*:*:*:*
cpe:2.3:a:easy_software_products:cups:1.1.7:*:*:*:*:*:*:*
cpe:2.3:a:easy_software_products:cups:1.1.1:*:*:*:*:*:*:*
cpe:2.3:a:easy_software_products:cups:1.1.4_5:*:*:*:*:*:*:*
cpe:2.3:a:easy_software_products:cups:1.1.17:*:*:*:*:*:*:*
cpe:2.3:a:easy_software_products:cups:1.1.16:*:*:*:*:*:*:*
cpe:2.3:a:easy_software_products:cups:1.1.19:*:*:*:*:*:*:*
cpe:2.3:a:easy_software_products:cups:1.1.10:*:*:*:*:*:*:*
cpe:2.3:a:easy_software_products:cups:1.1.14:*:*:*:*:*:*:*
cpe:2.3:a:apple:cups:*:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:4.10:*:*:*:*:*:*:*
cpe:2.3:a:apple:cups:1.1.21:-:*:*:*:*:*:*
First Time Apple
Apple cups
Canonical
Canonical ubuntu Linux

Information

Published : 2004-12-31 05:00

Updated : 2024-08-01 13:41


NVD link : CVE-2004-2154

Mitre link : CVE-2004-2154

CVE.ORG link : CVE-2004-2154


JSON object : View

Products Affected

apple

  • cups

canonical

  • ubuntu_linux
CWE
CWE-178

Improper Handling of Case Sensitivity