F5SOL16794

HistoryJun 23, 2015 - 12:00 a.m.

Vulners
/
F5
/
SOL16794 - CUPS vulnerabilities CVE-2015-1158 / CVE-2015-1159

SOL16794 - CUPS vulnerabilities CVE-2015-1158 / CVE-2015-1159

2015-06-2300:00:00

support.f5.com

EPSS

0.918

Percentile

99.0%

JSON

CVE-2015-1158

A string reference count bug was found in cupsd, causing premature freeing of string objects. An attacker can submit a malicious print job that exploits this flaw to dismantle ACLs protecting privileged operations, allowing a replacement configuration file to be uploaded, which in turn allows the attacker to run arbitrary code on the CUPS server.

CVE-2015-1159

A cross-site scripting bug in the CUPS templating engine allows this bug to be exploited when a user browses the web.

References

support.f5.com/kb/en-us/solutions/public/0000/100/sol167.html

support.f5.com/kb/en-us/solutions/public/10000/900/sol10942.html

support.f5.com/kb/en-us/solutions/public/4000/600/sol4602.html

support.f5.com/kb/en-us/solutions/public/4000/900/sol4918.html

support.f5.com/kb/en-us/solutions/public/9000/900/sol9957.html

support.f5.com/kb/en-us/solutions/public/9000/900/sol9970.html

osv 3

nessus 21

openvas 21

securityvulns 2

debian 3

ubuntu 1

googleprojectzero 1

fedora 2

freebsd 1

f5 1

exploitdb 2

archlinux 1

packetstorm 2

gentoo 1

mageia 1

exploitpack 2

cert 1

zdt 2

veracode 2

oraclelinux 1

ibm 2

suse 4

centos 1

redhat 1

amazon 1

cvelist 2

cve 2

debiancve 2

nvd 2

ubuntucve 2

prion 2

checkpoint_advisories 3

slackware 1

osv

cups - security update

2015-06-09 00:00:00

cups - security update

2015-06-09 00:00:00

cups-2.1.3-2.3 on GA media

2024-06-15 00:00:00

nessus

Ubuntu 14.04 LTS : CUPS vulnerabilities (USN-2629-1)

2015-06-11 00:00:00

Debian DSA-3283-1 : cups - security update

2015-06-10 00:00:00

Fedora 21 : cups-1.7.5-17.fc21 (2015-9801)

2015-06-22 00:00:00

openvas

Debian: Security Advisory (DSA-3283-1)

2015-06-08 00:00:00

Ubuntu: Security Advisory (USN-2629-1)

2015-06-11 00:00:00

Debian: Security Advisory (DLA-239-1)

2023-03-08 00:00:00

securityvulns

[USN-2629-1] CUPS vulnerabilities

2015-06-14 00:00:00

CUPS security vulnerabilities

2015-06-14 00:00:00

debian

[SECURITY] [DSA 3283-1] cups security update

2015-06-09 20:24:48

[SECURITY] [DSA 3283-1] cups security update

2015-06-09 20:24:48

[SECURITY] [DLA 239-1] cups security update

2015-06-09 10:27:06

ubuntu

CUPS vulnerabilities

2015-06-10 00:00:00

googleprojectzero

Owning Internet Printing - A Case Study in Modern Software Exploitation

2015-06-19 00:00:00

fedora

[SECURITY] Fedora 22 Update: cups-2.0.3-1.fc22

2015-06-21 00:21:04

[SECURITY] Fedora 21 Update: cups-1.7.5-17.fc21

2015-06-21 00:36:00

freebsd

cups -- multiple vulnerabilities

2015-06-09 00:00:00

K16794 : CUPS vulnerabilities CVE-2015-1158 / CVE-2015-1159

2015-06-23 00:00:00

exploitdb

CUPS < 2.0.3 - Multiple Vulnerabilities

2015-06-22 00:00:00

CUPS < 2.0.3 - Remote Command Execution

2017-02-03 00:00:00

archlinux

cups: multiple issues

2015-06-10 00:00:00

packetstorm

CUPS XSS / String Handling / Improper Teardown

2015-06-22 00:00:00

CUPS Remote Code Execution

2017-02-03 00:00:00

gentoo

CUPS: Multiple vulnerabilities

2015-10-31 00:00:00

mageia

Updated cups package fixes security vulnerabilities

2015-06-19 16:33:05

exploitpack

CUPS 2.0.3 - Multiple Vulnerabilities

2015-06-22 00:00:00

CUPS 2.0.3 - Remote Command Execution

2017-02-03 00:00:00

cert

CUPS print service is vulnerable to privilege escalation and cross-site scripting

2015-06-09 00:00:00

zdt

CUPS 2.0.3 - Multiple Vulnerabilities

2015-06-23 00:00:00

CUPS 2.0.3 - Remote Command Execution Exploit

2017-02-03 00:00:00

veracode

Arbitrary Code Execution

2019-05-02 05:17:51

Denial Of Service (DoS)

2019-05-02 05:17:51

oraclelinux

cups security update

2015-06-17 00:00:00

ibm

Security Bulletin: PowerKVM is affected by cups vulnerabilities (multiple CVEs)

2018-06-18 01:28:42

Security Bulletin: Multiple vulnerabilities in cups, curl, libxfont affect IBM SmartCloud Provisioning for IBM Software Virtual Appliance

2018-06-17 22:30:13

suse

Security update for cups154 (critical)

2015-06-11 20:06:22

Security update for cups (critical)

2015-06-12 21:05:05

Security update for cups (critical)

2015-06-11 17:05:04

centos

cups security update

2015-06-18 11:29:43

redhat

(RHSA-2015:1123) Important: cups security update

2015-06-17 00:00:00

amazon

Medium: cups

2015-07-07 12:34:00

cvelist

CVE-2015-1159

2015-06-26 10:00:00

CVE-2015-1158

2015-06-26 10:00:00

cve

CVE-2015-1159

2015-06-26 10:59:02

CVE-2015-1158

2015-06-26 10:59:00

debiancve

CVE-2015-1159

2015-06-26 10:59:02

CVE-2015-1158

2015-06-26 10:59:00

nvd

CVE-2015-1159

2015-06-26 10:59:02

CVE-2015-1158

2015-06-26 10:59:00

ubuntucve

CVE-2015-1159

2015-06-09 00:00:00

CVE-2015-1158

2015-06-09 00:00:00

prion

Cross site scripting

2015-06-26 10:59:00

Design/Logic Flaw

2015-06-26 10:59:00

checkpoint_advisories

Apple CUPS cupsd Privilege Escalation (CVE-2015-1158)

2015-07-05 00:00:00

Apple CUPS Web Interface URL Handling Cross-Site Scripting - ver 2 (CVE-2014-2856; CVE-2015-1159)

2016-02-07 00:00:00

Web Clients HTTP URL JavaScript Function Cross-Site Scripting (CVE-2015-1159; CVE-2015-6099; CVE-2015-6972; CVE-2017-0068)

2015-06-01 00:00:00

slackware

[slackware-security] cups

2015-07-08 00:00:21

Solutions

Vulnerabilities intelligence
Perimeter control tool
Linux scanner
Windows scanner
Developers SDK
Security Intelligence feeds

Database

Vulnerabilities
Exploits
Security News
BugBounty
Wild Exploited
Top Vulnerabilities
CVE Feed

Resources

Statics & Sources
Plugins
API docs
FAQ
Blog
Glossary

Company

About
Contacts
Pricing
EULA
Privacy Policy
Submission Policy
OpenSource

@2024 Vulners Inc

SOL16794 - CUPS vulnerabilities CVE-2015-1158 / CVE-2015-1159

References

Related