Lucene search
HistoryJun 22, 2010 - 8:30 p.m.
CVE-2010-2432
CVSS2
5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
AI Score
8.3
Confidence
High
EPSS
0.006
Percentile
78.4%
The cupsDoAuthentication function in auth.c in the client in CUPS before 1.4.4, when HAVE_GSSAPI is omitted, does not properly handle a demand for authorization, which allows remote CUPS servers to cause a denial of service (infinite loop) via HTTP_UNAUTHORIZED responses.
Affected configurations
Node
applecupsRange≤1.4.3
ORapplecupsMatch1.1
ORapplecupsMatch1.1.1
ORapplecupsMatch1.1.2
ORapplecupsMatch1.1.3
ORapplecupsMatch1.1.4
ORapplecupsMatch1.1.5
ORapplecupsMatch1.1.5-1
ORapplecupsMatch1.1.5-2
ORapplecupsMatch1.1.6
ORapplecupsMatch1.1.6-1
ORapplecupsMatch1.1.6-2
ORapplecupsMatch1.1.6-3
ORapplecupsMatch1.1.7
ORapplecupsMatch1.1.8
ORapplecupsMatch1.1.9
ORapplecupsMatch1.1.9-1
ORapplecupsMatch1.1.10
ORapplecupsMatch1.1.10-1
ORapplecupsMatch1.1.11
ORapplecupsMatch1.1.12
ORapplecupsMatch1.1.13
ORapplecupsMatch1.1.14
ORapplecupsMatch1.1.15
ORapplecupsMatch1.1.16
ORapplecupsMatch1.1.17
ORapplecupsMatch1.1.18
ORapplecupsMatch1.1.19
ORapplecupsMatch1.1.19rc1
ORapplecupsMatch1.1.19rc2
ORapplecupsMatch1.1.19rc3
ORapplecupsMatch1.1.19rc4
ORapplecupsMatch1.1.19rc5
ORapplecupsMatch1.1.20
ORapplecupsMatch1.1.20rc1
ORapplecupsMatch1.1.20rc2
ORapplecupsMatch1.1.20rc3
ORapplecupsMatch1.1.20rc4
ORapplecupsMatch1.1.20rc5
ORapplecupsMatch1.1.20rc6
ORapplecupsMatch1.1.21
ORapplecupsMatch1.1.21rc1
ORapplecupsMatch1.1.21rc2
ORapplecupsMatch1.1.22
ORapplecupsMatch1.1.22rc1
ORapplecupsMatch1.1.22rc2
ORapplecupsMatch1.1.23
ORapplecupsMatch1.1.23rc1
ORapplecupsMatch1.2b1
ORapplecupsMatch1.2b2
ORapplecupsMatch1.2rc1
ORapplecupsMatch1.2rc2
ORapplecupsMatch1.2rc3
ORapplecupsMatch1.2.0
ORapplecupsMatch1.2.1
ORapplecupsMatch1.2.2
ORapplecupsMatch1.2.3
ORapplecupsMatch1.2.4
ORapplecupsMatch1.2.5
ORapplecupsMatch1.2.6
ORapplecupsMatch1.2.7
ORapplecupsMatch1.2.8
ORapplecupsMatch1.2.9
ORapplecupsMatch1.2.10
ORapplecupsMatch1.2.11
ORapplecupsMatch1.2.12
ORapplecupsMatch1.3b1
ORapplecupsMatch1.3rc1
ORapplecupsMatch1.3rc2
ORapplecupsMatch1.3.0
ORapplecupsMatch1.3.1
ORapplecupsMatch1.3.2
ORapplecupsMatch1.3.3
ORapplecupsMatch1.3.4
ORapplecupsMatch1.3.5
ORapplecupsMatch1.3.6
ORapplecupsMatch1.3.7
ORapplecupsMatch1.3.8
ORapplecupsMatch1.3.9
ORapplecupsMatch1.3.10
ORapplecupsMatch1.3.11
ORapplecupsMatch1.4.0
ORapplecupsMatch1.4.1
ORapplecupsMatch1.4.2
Related
cve
cve
CVE-2010-2432
2010-06-22 20:30:01
cvelist
cvelist
CVE-2010-2432
2010-06-22 20:24:00
debiancve
debiancve
CVE-2010-2432
2010-06-22 20:30:01
prion
prion
Authorization
2010-06-22 20:30:00
ubuntucve
ubuntucve
CVE-2010-2432
2010-06-22 00:00:00
openvas
openvas
CUPS < 1.4.4 Multiple DoS and Privilege Escalation Vulnerabilities
2010-06-21 00:00:00
Mandriva Update for cups MDVSA-2011:146 (cups)
2011-10-14 00:00:00
Mandriva Update for cups MDVSA-2011:146 (cups)
2011-10-14 00:00:00
nessus
nessus
SuSE 11.1 Security Update : CUPS (SAT Patch Number 5180)
2011-12-13 00:00:00
Mandriva Linux Security Advisory : cups (MDVSA-2011:146)
2011-10-11 00:00:00
CUPS < 1.4.4 Multiple Vulnerabilities
2010-07-08 00:00:00
osv
osv
cups - several
2011-03-02 00:00:00
debian
debian
[SECURITY] [DSA 2176-1] cups security update
2011-03-01 23:31:10
gentoo
gentoo
CUPS: Multiple vulnerabilities
2012-07-09 00:00:00
CVSS2
5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
AI Score
8.3
Confidence
High
EPSS
0.006
Percentile
78.4%
Related for NVD:CVE-2010-2432