VDB
DEBIAN-CVE-2008-5184
DEBIAN-CVE-2008-5184
PUBLISHED
CVSS 5.099999904632568 MEDIUM
The web interface (cgi-bin/admin.c) in CUPS before 1.3.8 uses the guest username when a user is not logged on to the web server, which makes it easier for remote attackers to bypass intended policy and conduct CSRF attacks via the (1) add and (2) cancel RSS subscription functions.
Risk Scores
CVSS v4.0
5.099999904632568
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Debian:14 | cups | 0, 0, 0 |
| Debian:13 | cups | 0, 0, 0 |
| Debian | cups | |
| Debian:12 | cups | 0, 0, 0 |
| Debian:11 | cups | 0, 0, 0 |
Timeline
- Nov 21, 2008 CVE Published
- Apr 28, 2026 CVE Updated