Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cveMitreCVE-2009-2820
HistoryNov 10, 2009 - 7:30 p.m.

CVE-2009-2820

2009-11-1019:30:01
CWE-79
mitre
web.nvd.nist.gov
57
cups
web interface
xss attacks
http response splitting attacks
cve-2009-2820
security vulnerability
nvd

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

6.8

Confidence

High

EPSS

0.009

Percentile

82.7%

JSON

The web interface in CUPS before 1.4.2, as used on Apple Mac OS X before 10.6.2 and other platforms, does not properly handle (1) HTTP headers and (2) HTML templates, which allows remote attackers to conduct cross-site scripting (XSS) attacks and HTTP response splitting attacks via vectors related to (a) the product’s web interface, (b) the configuration of the print system, and © the titles of printed jobs, as demonstrated by an XSS attack that uses the kerberos parameter to the admin program, and leverages attribute injection and HTTP Parameter Pollution (HPP) issues.

Affected configurations

Nvd
Node
applemac_os_xRange10.6.1
OR
applemac_os_xMatch10.0
OR
applemac_os_xMatch10.0.0
OR
applemac_os_xMatch10.0.1
OR
applemac_os_xMatch10.0.2
OR
applemac_os_xMatch10.0.3
OR
applemac_os_xMatch10.0.4
OR
applemac_os_xMatch10.1
OR
applemac_os_xMatch10.1.0
OR
applemac_os_xMatch10.1.1
OR
applemac_os_xMatch10.1.2
OR
applemac_os_xMatch10.1.3
OR
applemac_os_xMatch10.1.4
OR
applemac_os_xMatch10.1.5
OR
applemac_os_xMatch10.2
OR
applemac_os_xMatch10.2.0
OR
applemac_os_xMatch10.2.1
OR
applemac_os_xMatch10.2.2
OR
applemac_os_xMatch10.2.3
OR
applemac_os_xMatch10.2.4
OR
applemac_os_xMatch10.2.5
OR
applemac_os_xMatch10.2.6
OR
applemac_os_xMatch10.2.7
OR
applemac_os_xMatch10.2.8
OR
applemac_os_xMatch10.3
OR
applemac_os_xMatch10.3.0
OR
applemac_os_xMatch10.3.1
OR
applemac_os_xMatch10.3.2
OR
applemac_os_xMatch10.3.3
OR
applemac_os_xMatch10.3.4
OR
applemac_os_xMatch10.3.5
OR
applemac_os_xMatch10.3.6
OR
applemac_os_xMatch10.3.7
OR
applemac_os_xMatch10.3.8
OR
applemac_os_xMatch10.3.9
OR
applemac_os_xMatch10.4
OR
applemac_os_xMatch10.4.0
OR
applemac_os_xMatch10.4.1
OR
applemac_os_xMatch10.4.2
OR
applemac_os_xMatch10.4.3
OR
applemac_os_xMatch10.4.4
OR
applemac_os_xMatch10.4.5
OR
applemac_os_xMatch10.4.6
OR
applemac_os_xMatch10.4.7
OR
applemac_os_xMatch10.4.8
OR
applemac_os_xMatch10.4.9
OR
applemac_os_xMatch10.4.10
OR
applemac_os_xMatch10.4.11
OR
applemac_os_xMatch10.5
OR
applemac_os_xMatch10.5.0
OR
applemac_os_xMatch10.5.1
OR
applemac_os_xMatch10.5.2
OR
applemac_os_xMatch10.5.3
OR
applemac_os_xMatch10.5.4
OR
applemac_os_xMatch10.5.5
OR
applemac_os_xMatch10.5.6
OR
applemac_os_xMatch10.5.7
OR
applemac_os_xMatch10.5.8
OR
applemac_os_xMatch10.6
Node
applemac_os_x_serverRange10.6.1
OR
applemac_os_x_serverMatch10.0
OR
applemac_os_x_serverMatch10.0.0
OR
applemac_os_x_serverMatch10.0.1
OR
applemac_os_x_serverMatch10.0.2
OR
applemac_os_x_serverMatch10.0.3
OR
applemac_os_x_serverMatch10.0.4
OR
applemac_os_x_serverMatch10.1
OR
applemac_os_x_serverMatch10.1.0
OR
applemac_os_x_serverMatch10.1.1
OR
applemac_os_x_serverMatch10.1.2
OR
applemac_os_x_serverMatch10.1.3
OR
applemac_os_x_serverMatch10.1.4
OR
applemac_os_x_serverMatch10.1.5
OR
applemac_os_x_serverMatch10.2
OR
applemac_os_x_serverMatch10.2.0
OR
applemac_os_x_serverMatch10.2.1
OR
applemac_os_x_serverMatch10.2.2
OR
applemac_os_x_serverMatch10.2.3
OR
applemac_os_x_serverMatch10.2.4
OR
applemac_os_x_serverMatch10.2.5
OR
applemac_os_x_serverMatch10.2.6
OR
applemac_os_x_serverMatch10.2.7
OR
applemac_os_x_serverMatch10.2.8
OR
applemac_os_x_serverMatch10.3
OR
applemac_os_x_serverMatch10.3.0
OR
applemac_os_x_serverMatch10.3.1
OR
applemac_os_x_serverMatch10.3.2
OR
applemac_os_x_serverMatch10.3.3
OR
applemac_os_x_serverMatch10.3.4
OR
applemac_os_x_serverMatch10.3.5
OR
applemac_os_x_serverMatch10.3.6
OR
applemac_os_x_serverMatch10.3.7
OR
applemac_os_x_serverMatch10.3.8
OR
applemac_os_x_serverMatch10.3.9
OR
applemac_os_x_serverMatch10.4
OR
applemac_os_x_serverMatch10.4.0
OR
applemac_os_x_serverMatch10.4.1
OR
applemac_os_x_serverMatch10.4.2
OR
applemac_os_x_serverMatch10.4.3
OR
applemac_os_x_serverMatch10.4.4
OR
applemac_os_x_serverMatch10.4.5
OR
applemac_os_x_serverMatch10.4.6
OR
applemac_os_x_serverMatch10.4.7
OR
applemac_os_x_serverMatch10.4.8
OR
applemac_os_x_serverMatch10.4.9
OR
applemac_os_x_serverMatch10.4.10
OR
applemac_os_x_serverMatch10.4.11
OR
applemac_os_x_serverMatch10.5
OR
applemac_os_x_serverMatch10.5.0
OR
applemac_os_x_serverMatch10.5.1
OR
applemac_os_x_serverMatch10.5.2
OR
applemac_os_x_serverMatch10.5.3
OR
applemac_os_x_serverMatch10.5.4
OR
applemac_os_x_serverMatch10.5.5
OR
applemac_os_x_serverMatch10.5.6
OR
applemac_os_x_serverMatch10.5.7
OR
applemac_os_x_serverMatch10.5.8
OR
applemac_os_x_serverMatch10.6
VendorProductVersionCPE
applemac_os_x*cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*
applemac_os_x10.0cpe:2.3:o:apple:mac_os_x:10.0:*:*:*:*:*:*:*
applemac_os_x10.0.0cpe:2.3:o:apple:mac_os_x:10.0.0:*:*:*:*:*:*:*
applemac_os_x10.0.1cpe:2.3:o:apple:mac_os_x:10.0.1:*:*:*:*:*:*:*
applemac_os_x10.0.2cpe:2.3:o:apple:mac_os_x:10.0.2:*:*:*:*:*:*:*
applemac_os_x10.0.3cpe:2.3:o:apple:mac_os_x:10.0.3:*:*:*:*:*:*:*
applemac_os_x10.0.4cpe:2.3:o:apple:mac_os_x:10.0.4:*:*:*:*:*:*:*
applemac_os_x10.1cpe:2.3:o:apple:mac_os_x:10.1:*:*:*:*:*:*:*
applemac_os_x10.1.0cpe:2.3:o:apple:mac_os_x:10.1.0:*:*:*:*:*:*:*
applemac_os_x10.1.1cpe:2.3:o:apple:mac_os_x:10.1.1:*:*:*:*:*:*:*
Rows per page:
1-10 of 1181

Related

debian 1
seebug 4
nessus 16
openvas 30
nvd 1
debiancve 1
ubuntu 1
prion 1
ubuntucve 1
veracode 1
exploitdb 2
cvelist 1
centos 1
oraclelinux 1
redhat 1
fedora 4
debian
debian
[SECURITY] [DSA 1933-1] New cups packages fix cross-site scripting
2009-11-10 02:41:26
seebug
seebug
CUPS kerberos参数跨站脚本漏洞
2009-11-18 00:00:00
CUPS vulnerability
2009-11-11 00:00:00
New cups packages fix cross-site scripting
2009-11-11 00:00:00
nessus
nessus
CUPS < 1.4.2 kerberos Parameter XSS
2009-11-11 00:00:00
SuSE 11 Security Update : CUPS (SAT Patch Number 1504)
2009-11-12 00:00:00
Debian DSA-1933-1 : cups - missing input sanitising
2010-02-24 00:00:00
openvas
openvas
CUPS 'kerberos' Parameter XSS Vulnerability
2009-11-13 00:00:00
SLES11: Security update for CUPS
2009-11-17 00:00:00
Debian Security Advisory DSA 1933-1 (cups)
2009-11-17 00:00:00
nvd
nvd
CVE-2009-2820
2009-11-10 19:30:01
debiancve
debiancve
CVE-2009-2820
2009-11-10 19:30:01
ubuntu
ubuntu
CUPS vulnerability
2009-11-10 00:00:00
prion
prion
Cross site scripting
2009-11-10 19:30:00
ubuntucve
ubuntucve
CVE-2009-2820
2009-11-09 00:00:00
veracode
veracode
Cross-site Scripting (XSS)
2020-04-10 00:39:44
exploitdb
exploitdb
CUPS - &#039;kerberos&#039; Cross-Site Scripting
2009-11-11 00:00:00
CUPS 'kerberos' Parameter Cross-Site Scripting Vulnerability
2009-11-09 00:00:00
cvelist
cvelist
CVE-2009-2820
2009-11-10 19:00:00
centos
centos
cups security update
2009-11-24 16:44:53
oraclelinux
oraclelinux
cups security update
2009-11-18 00:00:00
redhat
redhat
(RHSA-2009:1595) Moderate: cups security update
2009-11-18 00:00:00
fedora
fedora
[SECURITY] Fedora 12 Update: cups-1.4.2-7.fc12
2009-12-01 04:34:10
[SECURITY] Fedora 10 Update: cups-1.3.11-2.fc10
2009-12-02 04:49:04
[SECURITY] Fedora 11 Update: cups-1.4.2-7.fc11
2009-12-01 04:19:25

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

6.8

Confidence

High

EPSS

0.009

Percentile

82.7%

JSON
Related for CVE-2009-2820
debian1seebug4nessus16openvas30nvd1debiancve1ubuntu1prion1ubuntucve1veracode1exploitdb2cvelist1centos1oraclelinux1redhat1fedora4