CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
EPSS
Percentile
82.4%
According to its banner, the version of CUPS installed on the remote host is prior to version 1.7.2. It is, therefore, affected by a cross-site scripting vulnerability.
A flaw exists with the is_path_absolute function within the scheduler/client.cscript. This could allow a context-dependent attacker, with a specially crafted request, to execute arbitrary script code within the browser and server trust relationship.
Note that Nessus has not tested for this issue but has instead relied only on the application’s self-reported version number.
#
# (C) Tenable Network Security, Inc.
#
include("compat.inc");
if (description)
{
script_id(73734);
script_version("1.7");
script_cvs_date("Date: 2018/11/15 20:50:23");
script_cve_id("CVE-2014-2856");
script_bugtraq_id(66788);
script_name(english:"CUPS < 1.7.2 is_path_absolute Function XSS");
script_summary(english:"Checks CUPS server version");
script_set_attribute(attribute:"synopsis", value:
"The remote print service is affected by a cross-site scripting
vulnerability.");
script_set_attribute(attribute:"description", value:
"According to its banner, the version of CUPS installed on the remote
host is prior to version 1.7.2. It is, therefore, affected by a
cross-site scripting vulnerability.
A flaw exists with the is_path_absolute function within the
scheduler/client.cscript. This could allow a context-dependent
attacker, with a specially crafted request, to execute arbitrary
script code within the browser and server trust relationship.
Note that Nessus has not tested for this issue but has instead relied
only on the application's self-reported version number.");
script_set_attribute(attribute:"see_also", value:"https://www.cups.org/blog/2014-04-10-cups-1.7.2.html");
script_set_attribute(attribute:"see_also", value:"http://www.cups.org/str.php?L4356");
script_set_attribute(attribute:"see_also", value:"http://www.cups.org/strfiles.php/3268/str4356.patch");
script_set_attribute(attribute:"solution", value:"Upgrade to CUPS version 1.7.2 or later, or apply the vendor patch.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
script_cwe_id(20, 74, 79, 442, 629, 711, 712, 722, 725, 750, 751, 800, 801, 809, 811, 864, 900, 928, 931, 990);
script_set_attribute(attribute:"vuln_publication_date", value:"2014/01/30");
script_set_attribute(attribute:"patch_publication_date", value:"2014/04/10");
script_set_attribute(attribute:"plugin_publication_date", value:"2014/04/28");
script_set_attribute(attribute:"cpe", value:"cpe:/a:apple:cups");
script_set_attribute(attribute:"potential_vulnerability", value:"true");
script_set_attribute(attribute:"plugin_type", value:"remote");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Misc.");
script_copyright(english:"This script is Copyright (C) 2014-2018 Tenable Network Security, Inc.");
script_dependencies("http_version.nasl", "cups_1_3_5.nasl");
script_require_keys("www/cups", "Settings/ParanoidReport");
script_require_ports("Services/www", 631);
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("misc_func.inc");
include("http.inc");
port = get_http_port(default:631, embedded:TRUE);
get_kb_item_or_exit("www/"+port+"/cups/running");
version = get_kb_item_or_exit("cups/"+port+"/version");
source = get_kb_item_or_exit("cups/"+port+"/source");
if (report_paranoia < 2) audit(AUDIT_PARANOID);
if (version =~ "^(1|1\.7)($|[^0-9br.])") audit(AUDIT_VER_NOT_GRANULAR, "CUPS", port, version);
# Affected :
# < 1.7.2
if (
version =~ "^1\.[0-6]($|[^0-9.])" ||
version =~ "^1\.7\.[01]($|[^0-9.])" ||
version =~ "^1\.7(rc|b)"
)
{
set_kb_item(name:'www/'+port+'/XSS', value:TRUE);
if (report_verbosity > 0)
{
report =
'\n Version source : ' + source +
'\n Installed version : ' + version +
'\n Fixed version : 1.7.2' +
'\n';
security_warning(port:port, extra:report);
}
else security_warning(port);
exit(0);
}
else audit(AUDIT_LISTEN_NOT_VULN, "CUPS", port, version);