CVE-2008-5184 — Vulnetix

Try Vulnetix Request Demo

CVE-2008-5184 PUBLISHED CVSS 10 CRITICAL

The web interface (cgi-bin/admin.c) in CUPS before 1.3.8 uses the guest username when a user is not logged on to the web server, which makes it easier for remote attackers to bypass intended policy and conduct CSRF attacks via the (1) add and (2) cancel RSS subscription functions.

EPSS 0.29% · 51.7th percentile

Risk Scores

CVSS v2.0

10

EPSS Score

0.29%

51.7th percentile

Affected Products

Vendor	Product	Versions
apple	cups	1.3.6, 0, 1.1
n/a	n/a	n/a

Timeline

Nov 21, 2008 CVE Published
Feb 4, 2022 EPSS Score
Mar 28, 2022 EPSS Score
May 19, 2022 EPSS Score
Jul 10, 2022 EPSS Score
Sep 1, 2022 EPSS Score
Oct 23, 2022 EPSS Score
Dec 14, 2022 EPSS Score
Feb 4, 2023 EPSS Score
Mar 28, 2023 EPSS Score
May 19, 2023 EPSS Score
Jul 10, 2023 EPSS Score

References

[oss-security] 20081119 CVE request: CUPS DoS via RSS subscriptions mailing-list
http://www.gnucitizen.org/blog/pwning-ubuntu-via-cups/ url
http://www.cups.org/str.php?L2774 url
SUSE-SR:2008:026 vendor-advisory
MDVSA-2009:028 vendor-advisory
https://nvd.nist.gov/vuln/detail/CVE-2008-5184 advisory
http://www.gnucitizen.org/blog/pwning-ubuntu-via-cups url

Open in Interactive Console →