製品・ソフトウェアに関する情報

JVN脆弱性詳細

CUPS の Web インターフェースにおけるクロスサイトリクエストフォージェリ攻撃を実行される脆弱性

Title	CUPS の Web インターフェースにおけるクロスサイトリクエストフォージェリ攻撃を実行される脆弱性
Summary	CUPS の Web インターフェース (cgi-bin/admin.c) は、ユーザが Web サーバにログオンしていない際、guest ユーザ名を使用するため、ポリシを回避され、クロスサイトリクエストフォージェリ攻撃を実行される脆弱性が存在します。
Possible impacts	第三者により、(1) add および (2) cancel RSS サブスクリプション関数を介して、ポリシを回避され、クロスサイトリクエストフォージェリ攻撃を実行される可能性があります。
Solution	ベンダ情報および参考情報を参照して適切な対策を実施してください。
Publication Date	Nov. 20, 2008, midnight
Registration Date	June 26, 2012, 4:03 p.m.
Last Update	June 26, 2012, 4:03 p.m.

CVSS2.0 : 危険
Score	10
Vector	AV:N/AC:L/Au:N/C:C/I:C/A:C

Affected System

アップル

CUPS 1.3.8 未満

CVE (情報セキュリティ共通脆弱性識別子)

No	Name	URL
Common Vulnerabilities and Exposures (CVE)
1	CVE-2008-5184	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5184
National Vulnerability Database (NVD)
2	CVE-2008-5184	http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5184

CWE (共通脆弱性タイプ一覧)

No	Name	URL
JVNDB
1	CWE-255	https://jvndb.jvn.jp/ja/cwe/CWE-255.html

ベンダー情報

No	Name	URL
Apple
1	Top Page	http://www.apple.com/

Change Log

No	Changed Details	Date of change
0	[2012年06月26日] 掲載	Feb. 17, 2018, 10:37 a.m.

NVD Vulnerability Information

CVE-2008-5184

Summary	The web interface (cgi-bin/admin.c) in CUPS before 1.3.8 uses the guest username when a user is not logged on to the web server, which makes it easier for remote attackers to bypass intended policy and conduct CSRF attacks via the (1) add and (2) cancel RSS subscription functions.
Publication Date	Nov. 21, 2008, 11:30 a.m.
Registration Date	Jan. 29, 2021, 1:45 p.m.
Last Update	Jan. 29, 2009, 3:58 p.m.

Affected software configurations

Configuration1	or higher	or less	more than	less than
cpe:2.3:a:apple:cups:1.1:::::::*
cpe:2.3:a:apple:cups:1.1.1:::::::*
cpe:2.3:a:apple:cups:1.1.2:::::::*
cpe:2.3:a:apple:cups:1.1.3:::::::*
cpe:2.3:a:apple:cups:1.1.4:::::::*
cpe:2.3:a:apple:cups:1.1.5:::::::*
cpe:2.3:a:apple:cups:1.1.5-1:::::::*
cpe:2.3:a:apple:cups:1.1.5-2:::::::*
cpe:2.3:a:apple:cups:1.1.6:::::::*
cpe:2.3:a:apple:cups:1.1.6-1:::::::*
cpe:2.3:a:apple:cups:1.1.6-2:::::::*
cpe:2.3:a:apple:cups:1.1.6-3:::::::*
cpe:2.3:a:apple:cups:1.1.7:::::::*
cpe:2.3:a:apple:cups:1.1.8:::::::*
cpe:2.3:a:apple:cups:1.1.9:::::::*
cpe:2.3:a:apple:cups:1.1.9-1:::::::*
cpe:2.3:a:apple:cups:1.1.10:::::::*
cpe:2.3:a:apple:cups:1.1.10-1:::::::*
cpe:2.3:a:apple:cups:1.1.11:::::::*
cpe:2.3:a:apple:cups:1.1.12:::::::*
cpe:2.3:a:apple:cups:1.1.13:::::::*
cpe:2.3:a:apple:cups:1.1.14:::::::*
cpe:2.3:a:apple:cups:1.1.15:::::::*
cpe:2.3:a:apple:cups:1.1.16:::::::*
cpe:2.3:a:apple:cups:1.1.17:::::::*
cpe:2.3:a:apple:cups:1.1.18:::::::*
cpe:2.3:a:apple:cups:1.1.19:::::::*
cpe:2.3:a:apple:cups:1.1.19:rc1::::::
cpe:2.3:a:apple:cups:1.1.19:rc2::::::
cpe:2.3:a:apple:cups:1.1.19:rc3::::::
cpe:2.3:a:apple:cups:1.1.19:rc4::::::
cpe:2.3:a:apple:cups:1.1.19:rc5::::::
cpe:2.3:a:apple:cups:1.1.20:::::::*
cpe:2.3:a:apple:cups:1.1.20:rc1::::::
cpe:2.3:a:apple:cups:1.1.20:rc2::::::
cpe:2.3:a:apple:cups:1.1.20:rc3::::::
cpe:2.3:a:apple:cups:1.1.20:rc4::::::
cpe:2.3:a:apple:cups:1.1.20:rc5::::::
cpe:2.3:a:apple:cups:1.1.20:rc6::::::
cpe:2.3:a:apple:cups:1.1.21:::::::*
cpe:2.3:a:apple:cups:1.1.21:rc1::::::
cpe:2.3:a:apple:cups:1.1.21:rc2::::::
cpe:2.3:a:apple:cups:1.1.22:::::::*
cpe:2.3:a:apple:cups:1.1.22:rc1::::::
cpe:2.3:a:apple:cups:1.1.22:rc2::::::
cpe:2.3:a:apple:cups:1.1.23:::::::*
cpe:2.3:a:apple:cups:1.1.23:rc1::::::
cpe:2.3:a:apple:cups:1.2:b1::::::
cpe:2.3:a:apple:cups:1.2:b2::::::
cpe:2.3:a:apple:cups:1.2:rc1::::::
cpe:2.3:a:apple:cups:1.2:rc2::::::
cpe:2.3:a:apple:cups:1.2:rc3::::::
cpe:2.3:a:apple:cups:1.2.0:::::::*
cpe:2.3:a:apple:cups:1.2.1:::::::*
cpe:2.3:a:apple:cups:1.2.2:::::::*
cpe:2.3:a:apple:cups:1.2.3:::::::*
cpe:2.3:a:apple:cups:1.2.4:::::::*
cpe:2.3:a:apple:cups:1.2.5:::::::*
cpe:2.3:a:apple:cups:1.2.6:::::::*
cpe:2.3:a:apple:cups:1.2.7:::::::*
cpe:2.3:a:apple:cups:1.2.8:::::::*
cpe:2.3:a:apple:cups:1.2.9:::::::*
cpe:2.3:a:apple:cups:1.2.10:::::::*
cpe:2.3:a:apple:cups:1.2.11:::::::*
cpe:2.3:a:apple:cups:1.2.12:::::::*
cpe:2.3:a:apple:cups:1.3:b1::::::
cpe:2.3:a:apple:cups:1.3:rc1::::::
cpe:2.3:a:apple:cups:1.3:rc2::::::
cpe:2.3:a:apple:cups:1.3.0:::::::*
cpe:2.3:a:apple:cups:1.3.1:::::::*
cpe:2.3:a:apple:cups:1.3.2:::::::*
cpe:2.3:a:apple:cups:1.3.3:::::::*
cpe:2.3:a:apple:cups:1.3.4:::::::*
cpe:2.3:a:apple:cups:1.3.5:::::::*
cpe:2.3:a:apple:cups:1.3.6:::::::*
cpe:2.3:a:apple:cups::::::::		1.3.7

Related information, measures and tools

No	URL	refsource	タグ
1	http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00002.html	SUSE
2	http://www.cups.org/str.php?L2774	CONFIRM
3	http://www.gnucitizen.org/blog/pwning-ubuntu-via-cups/	MISC	Exploit
4	http://www.mandriva.com/security/advisories?name=MDVSA-2009:028	MANDRIVA
5	http://www.openwall.com/lists/oss-security/2008/11/19/3	MLIST

Common Vulnerabilities List

No	CWE	Name	URL
1	CWE-255	証明書・パスワード管理	https://cwe.mitre.org/data/definitions/255.html

Configuration1	or higher	or less	more than	less than
cpe:2.3:a:apple:cups:1.1:::::::*
cpe:2.3:a:apple:cups:1.1.1:::::::*
cpe:2.3:a:apple:cups:1.1.2:::::::*
cpe:2.3:a:apple:cups:1.1.3:::::::*
cpe:2.3:a:apple:cups:1.1.4:::::::*
cpe:2.3:a:apple:cups:1.1.5:::::::*
cpe:2.3:a:apple:cups:1.1.5-1:::::::*
cpe:2.3:a:apple:cups:1.1.5-2:::::::*
cpe:2.3:a:apple:cups:1.1.6:::::::*
cpe:2.3:a:apple:cups:1.1.6-1:::::::*
cpe:2.3:a:apple:cups:1.1.6-2:::::::*
cpe:2.3:a:apple:cups:1.1.6-3:::::::*
cpe:2.3:a:apple:cups:1.1.7:::::::*
cpe:2.3:a:apple:cups:1.1.8:::::::*
cpe:2.3:a:apple:cups:1.1.9:::::::*
cpe:2.3:a:apple:cups:1.1.9-1:::::::*
cpe:2.3:a:apple:cups:1.1.10:::::::*
cpe:2.3:a:apple:cups:1.1.10-1:::::::*
cpe:2.3:a:apple:cups:1.1.11:::::::*
cpe:2.3:a:apple:cups:1.1.12:::::::*
cpe:2.3:a:apple:cups:1.1.13:::::::*
cpe:2.3:a:apple:cups:1.1.14:::::::*
cpe:2.3:a:apple:cups:1.1.15:::::::*
cpe:2.3:a:apple:cups:1.1.16:::::::*
cpe:2.3:a:apple:cups:1.1.17:::::::*
cpe:2.3:a:apple:cups:1.1.18:::::::*
cpe:2.3:a:apple:cups:1.1.19:::::::*
cpe:2.3:a:apple:cups:1.1.19:rc1::::::
cpe:2.3:a:apple:cups:1.1.19:rc2::::::
cpe:2.3:a:apple:cups:1.1.19:rc3::::::
cpe:2.3:a:apple:cups:1.1.19:rc4::::::
cpe:2.3:a:apple:cups:1.1.19:rc5::::::
cpe:2.3:a:apple:cups:1.1.20:::::::*
cpe:2.3:a:apple:cups:1.1.20:rc1::::::
cpe:2.3:a:apple:cups:1.1.20:rc2::::::
cpe:2.3:a:apple:cups:1.1.20:rc3::::::
cpe:2.3:a:apple:cups:1.1.20:rc4::::::
cpe:2.3:a:apple:cups:1.1.20:rc5::::::
cpe:2.3:a:apple:cups:1.1.20:rc6::::::
cpe:2.3:a:apple:cups:1.1.21:::::::*
cpe:2.3:a:apple:cups:1.1.21:rc1::::::
cpe:2.3:a:apple:cups:1.1.21:rc2::::::
cpe:2.3:a:apple:cups:1.1.22:::::::*
cpe:2.3:a:apple:cups:1.1.22:rc1::::::
cpe:2.3:a:apple:cups:1.1.22:rc2::::::
cpe:2.3:a:apple:cups:1.1.23:::::::*
cpe:2.3:a:apple:cups:1.1.23:rc1::::::
cpe:2.3:a:apple:cups:1.2:b1::::::
cpe:2.3:a:apple:cups:1.2:b2::::::
cpe:2.3:a:apple:cups:1.2:rc1::::::
cpe:2.3:a:apple:cups:1.2:rc2::::::
cpe:2.3:a:apple:cups:1.2:rc3::::::
cpe:2.3:a:apple:cups:1.2.0:::::::*
cpe:2.3:a:apple:cups:1.2.1:::::::*
cpe:2.3:a:apple:cups:1.2.2:::::::*
cpe:2.3:a:apple:cups:1.2.3:::::::*
cpe:2.3:a:apple:cups:1.2.4:::::::*
cpe:2.3:a:apple:cups:1.2.5:::::::*
cpe:2.3:a:apple:cups:1.2.6:::::::*
cpe:2.3:a:apple:cups:1.2.7:::::::*
cpe:2.3:a:apple:cups:1.2.8:::::::*
cpe:2.3:a:apple:cups:1.2.9:::::::*
cpe:2.3:a:apple:cups:1.2.10:::::::*
cpe:2.3:a:apple:cups:1.2.11:::::::*
cpe:2.3:a:apple:cups:1.2.12:::::::*
cpe:2.3:a:apple:cups:1.3:b1::::::
cpe:2.3:a:apple:cups:1.3:rc1::::::
cpe:2.3:a:apple:cups:1.3:rc2::::::
cpe:2.3:a:apple:cups:1.3.0:::::::*
cpe:2.3:a:apple:cups:1.3.1:::::::*
cpe:2.3:a:apple:cups:1.3.2:::::::*
cpe:2.3:a:apple:cups:1.3.3:::::::*
cpe:2.3:a:apple:cups:1.3.4:::::::*
cpe:2.3:a:apple:cups:1.3.5:::::::*
cpe:2.3:a:apple:cups:1.3.6:::::::*
cpe:2.3:a:apple:cups::::::::		1.3.7