var-201404-0441
Vulnerability from variot

Cross-site scripting (XSS) vulnerability in scheduler/client.c in Common Unix Printing System (CUPS) before 1.7.2 allows remote attackers to inject arbitrary web script or HTML via the URL path, related to the is_path_absolute function. CUPS is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks. CUPS 1.6.4 is vulnerable; other versions may also be affected. The system is based on the Internet Printing Protocol (IPP) and provides most PostScript and raster printer services. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1

===================================================================== Red Hat Security Advisory

Synopsis: Moderate: cups security and bug fix update Advisory ID: RHSA-2014:1388-02 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2014-1388.html Issue date: 2014-10-14 CVE Names: CVE-2014-2856 CVE-2014-3537 CVE-2014-5029 CVE-2014-5030 CVE-2014-5031 =====================================================================

  1. Summary:

Updated cups packages that fix multiple security issues and several bugs are now available for Red Hat Enterprise Linux 6.

Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.

  1. Relevant releases/architectures:

Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64

  1. Description:

CUPS provides a portable printing layer for Linux, UNIX, and similar operating systems. An attacker could use this flaw to perform a cross-site scripting attack against users of the CUPS web interface. (CVE-2014-2856)

It was discovered that CUPS allowed certain users to create symbolic links in certain directories under /var/cache/cups/. A local user with the 'lp' group privileges could use this flaw to read the contents of arbitrary files on the system or, potentially, escalate their privileges on the system. (CVE-2014-3537, CVE-2014-5029, CVE-2014-5030, CVE-2014-5031)

The CVE-2014-3537 issue was discovered by Francisco Alonso of Red Hat Product Security.

These updated cups packages also include several bug fixes. Space precludes documenting all of these changes in this advisory. Users are directed to the Red Hat Enterprise Linux 6.6 Technical Notes, linked to in the References section, for information on the most significant of these changes.

All cups users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. After installing this update, the cupsd daemon will be restarted automatically.

  1. Solution:

Before applying this update, make sure all previously released errata relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/articles/11258

  1. Bugs fixed (https://bugzilla.redhat.com/):

978387 - Bad IPP responses with version 2.0 (collection handling bug) 1012482 - /etc/cron.daily/cups breaks rule GEN003080 in Red Hat security guide 1087122 - CVE-2014-2856 cups: cross-site scripting flaw fixed in the 1.7.2 release 1115576 - CVE-2014-3537 cups: insufficient checking leads to privilege escalation 1122600 - CVE-2014-5029 cups: Incomplete fix for CVE-2014-3537 1128764 - CVE-2014-5030 cups: allows local users to read arbitrary files via a symlink attack 1128767 - CVE-2014-5031 cups: world-readable permissions

  1. Package List:

Red Hat Enterprise Linux Desktop (v. 6):

Source: cups-1.4.2-67.el6.src.rpm

i386: cups-1.4.2-67.el6.i686.rpm cups-debuginfo-1.4.2-67.el6.i686.rpm cups-libs-1.4.2-67.el6.i686.rpm cups-lpd-1.4.2-67.el6.i686.rpm

x86_64: cups-1.4.2-67.el6.x86_64.rpm cups-debuginfo-1.4.2-67.el6.i686.rpm cups-debuginfo-1.4.2-67.el6.x86_64.rpm cups-libs-1.4.2-67.el6.i686.rpm cups-libs-1.4.2-67.el6.x86_64.rpm cups-lpd-1.4.2-67.el6.x86_64.rpm

Red Hat Enterprise Linux Desktop Optional (v. 6):

i386: cups-debuginfo-1.4.2-67.el6.i686.rpm cups-devel-1.4.2-67.el6.i686.rpm cups-php-1.4.2-67.el6.i686.rpm

x86_64: cups-debuginfo-1.4.2-67.el6.i686.rpm cups-debuginfo-1.4.2-67.el6.x86_64.rpm cups-devel-1.4.2-67.el6.i686.rpm cups-devel-1.4.2-67.el6.x86_64.rpm cups-php-1.4.2-67.el6.x86_64.rpm

Red Hat Enterprise Linux HPC Node (v. 6):

Source: cups-1.4.2-67.el6.src.rpm

x86_64: cups-1.4.2-67.el6.x86_64.rpm cups-debuginfo-1.4.2-67.el6.i686.rpm cups-debuginfo-1.4.2-67.el6.x86_64.rpm cups-libs-1.4.2-67.el6.i686.rpm cups-libs-1.4.2-67.el6.x86_64.rpm cups-lpd-1.4.2-67.el6.x86_64.rpm

Red Hat Enterprise Linux HPC Node Optional (v. 6):

x86_64: cups-debuginfo-1.4.2-67.el6.i686.rpm cups-debuginfo-1.4.2-67.el6.x86_64.rpm cups-devel-1.4.2-67.el6.i686.rpm cups-devel-1.4.2-67.el6.x86_64.rpm cups-php-1.4.2-67.el6.x86_64.rpm

Red Hat Enterprise Linux Server (v. 6):

Source: cups-1.4.2-67.el6.src.rpm

i386: cups-1.4.2-67.el6.i686.rpm cups-debuginfo-1.4.2-67.el6.i686.rpm cups-devel-1.4.2-67.el6.i686.rpm cups-libs-1.4.2-67.el6.i686.rpm cups-lpd-1.4.2-67.el6.i686.rpm

ppc64: cups-1.4.2-67.el6.ppc64.rpm cups-debuginfo-1.4.2-67.el6.ppc.rpm cups-debuginfo-1.4.2-67.el6.ppc64.rpm cups-devel-1.4.2-67.el6.ppc.rpm cups-devel-1.4.2-67.el6.ppc64.rpm cups-libs-1.4.2-67.el6.ppc.rpm cups-libs-1.4.2-67.el6.ppc64.rpm cups-lpd-1.4.2-67.el6.ppc64.rpm

s390x: cups-1.4.2-67.el6.s390x.rpm cups-debuginfo-1.4.2-67.el6.s390.rpm cups-debuginfo-1.4.2-67.el6.s390x.rpm cups-devel-1.4.2-67.el6.s390.rpm cups-devel-1.4.2-67.el6.s390x.rpm cups-libs-1.4.2-67.el6.s390.rpm cups-libs-1.4.2-67.el6.s390x.rpm cups-lpd-1.4.2-67.el6.s390x.rpm

x86_64: cups-1.4.2-67.el6.x86_64.rpm cups-debuginfo-1.4.2-67.el6.i686.rpm cups-debuginfo-1.4.2-67.el6.x86_64.rpm cups-devel-1.4.2-67.el6.i686.rpm cups-devel-1.4.2-67.el6.x86_64.rpm cups-libs-1.4.2-67.el6.i686.rpm cups-libs-1.4.2-67.el6.x86_64.rpm cups-lpd-1.4.2-67.el6.x86_64.rpm

Red Hat Enterprise Linux Server Optional (v. 6):

i386: cups-debuginfo-1.4.2-67.el6.i686.rpm cups-php-1.4.2-67.el6.i686.rpm

ppc64: cups-debuginfo-1.4.2-67.el6.ppc64.rpm cups-php-1.4.2-67.el6.ppc64.rpm

s390x: cups-debuginfo-1.4.2-67.el6.s390x.rpm cups-php-1.4.2-67.el6.s390x.rpm

x86_64: cups-debuginfo-1.4.2-67.el6.x86_64.rpm cups-php-1.4.2-67.el6.x86_64.rpm

Red Hat Enterprise Linux Workstation (v. 6):

Source: cups-1.4.2-67.el6.src.rpm

i386: cups-1.4.2-67.el6.i686.rpm cups-debuginfo-1.4.2-67.el6.i686.rpm cups-devel-1.4.2-67.el6.i686.rpm cups-libs-1.4.2-67.el6.i686.rpm cups-lpd-1.4.2-67.el6.i686.rpm

x86_64: cups-1.4.2-67.el6.x86_64.rpm cups-debuginfo-1.4.2-67.el6.i686.rpm cups-debuginfo-1.4.2-67.el6.x86_64.rpm cups-devel-1.4.2-67.el6.i686.rpm cups-devel-1.4.2-67.el6.x86_64.rpm cups-libs-1.4.2-67.el6.i686.rpm cups-libs-1.4.2-67.el6.x86_64.rpm cups-lpd-1.4.2-67.el6.x86_64.rpm

Red Hat Enterprise Linux Workstation Optional (v. 6):

i386: cups-debuginfo-1.4.2-67.el6.i686.rpm cups-php-1.4.2-67.el6.i686.rpm

x86_64: cups-debuginfo-1.4.2-67.el6.x86_64.rpm cups-php-1.4.2-67.el6.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package

  1. References:

https://www.redhat.com/security/data/cve/CVE-2014-2856.html https://www.redhat.com/security/data/cve/CVE-2014-3537.html https://www.redhat.com/security/data/cve/CVE-2014-5029.html https://www.redhat.com/security/data/cve/CVE-2014-5030.html https://www.redhat.com/security/data/cve/CVE-2014-5031.html https://access.redhat.com/security/updates/classification/#moderate https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/6.6_Technical_Notes/cups.html#RHSA-2014-1388

  1. Contact:

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/

Copyright 2014 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1

iD8DBQFUPKsIXlSAg2UNWIIRApSvAJ9WxP5yQ+v5GDRGnSINYq0Pro0AoQCfXZqW WjIIQcBG+Sou8Is2vIFlLok= =5S/K -----END PGP SIGNATURE-----

-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce .

It was discovered that the web interface in CUPS incorrectly validated permissions on rss files and directory index files.

A malformed file with an invalid page header and compressed raster data can trigger a buffer overflow in cupsRasterReadPixels (CVE-2014-9679).


References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2856 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3537 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5029 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5030 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5031 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9679 http://advisories.mageia.org/MGASA-2014-0193.html http://advisories.mageia.org/MGASA-2014-0313.html http://advisories.mageia.org/MGASA-2015-0067.html


Updated Packages:

Mandriva Business Server 2/X86_64: 0d1f31885b6c118b63449f2fdd821666 mbs2/x86_64/cups-1.7.0-8.1.mbs2.x86_64.rpm b5337600a386f902763653796a2cefdf mbs2/x86_64/cups-common-1.7.0-8.1.mbs2.x86_64.rpm 7b1513d85b5f22cd90bed23a35e44f51 mbs2/x86_64/cups-filesystem-1.7.0-8.1.mbs2.noarch.rpm c25fa9b9bba101274984fa2b7a62f7a3 mbs2/x86_64/lib64cups2-1.7.0-8.1.mbs2.x86_64.rpm df24a6b84fdafffaadf961ab4aa3640b mbs2/x86_64/lib64cups2-devel-1.7.0-8.1.mbs2.x86_64.rpm 5c172624c992de8ebb2bf8a2b232ee3a mbs2/SRPMS/cups-1.7.0-8.1.mbs2.src.rpm


To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. You can obtain the GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/en/support/security/advisories/

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com


Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux)

iD8DBQFVF6q1mqjQ0CJFipgRAuxXAKDq8A/WlNzp54yRN7xnKy8ZBaRZQwCfSAh0 n7hHPzmYVzh2wFP6PffIl0E= =ykhv -----END PGP SIGNATURE----- . ============================================================================ Ubuntu Security Notice USN-2172-1 April 24, 2014

cups vulnerability

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 13.10
  • Ubuntu 12.10
  • Ubuntu 12.04 LTS
  • Ubuntu 10.04 LTS

Summary:

CUPS could be made to expose sensitive information over the network. If an authenticated user were tricked into visiting a malicious website while logged into CUPS, a remote attacker could modify the CUPS configuration and possibly steal confidential data.

Update instructions:

The problem can be corrected by updating your system to the following package versions:

Ubuntu 13.10: cups 1.7.0~rc1-0ubuntu5.3

Ubuntu 12.10: cups 1.6.1-0ubuntu11.6

Ubuntu 12.04 LTS: cups 1.5.3-0ubuntu8.2

Ubuntu 10.04 LTS: cups 1.4.3-1ubuntu1.11

In general, a standard system update will make all the necessary changes

Show details on source website


{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201404-0441",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "cups",
        "scope": "eq",
        "trust": 1.9,
        "vendor": "apple",
        "version": "1.6.4"
      },
      {
        "model": "cups",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "apple",
        "version": "1.7.0"
      },
      {
        "model": "cups",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "apple",
        "version": "1.6.1"
      },
      {
        "model": "cups",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "apple",
        "version": "1.6.2"
      },
      {
        "model": "cups",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "apple",
        "version": "1.7"
      },
      {
        "model": "cups",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "apple",
        "version": "1.7.1"
      },
      {
        "model": "cups",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "apple",
        "version": "1.6"
      },
      {
        "model": "cups",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "apple",
        "version": "1.6.3"
      },
      {
        "model": "cups",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apple",
        "version": "1.4"
      },
      {
        "model": "cups",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apple",
        "version": "1.3.0"
      },
      {
        "model": "cups",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apple",
        "version": "1.1.10-1"
      },
      {
        "model": "cups",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apple",
        "version": "1.1.21"
      },
      {
        "model": "cups",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apple",
        "version": "1.1.10"
      },
      {
        "model": "cups",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apple",
        "version": "1.1.20"
      },
      {
        "model": "cups",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apple",
        "version": "1.4.4"
      },
      {
        "model": "cups",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apple",
        "version": "1.2.1"
      },
      {
        "model": "cups",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apple",
        "version": "1.1.22"
      },
      {
        "model": "cups",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apple",
        "version": "1.1.3"
      },
      {
        "model": "cups",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apple",
        "version": "1.1.4"
      },
      {
        "model": "cups",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apple",
        "version": "1.1.9"
      },
      {
        "model": "cups",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apple",
        "version": "1.1.15"
      },
      {
        "model": "cups",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apple",
        "version": "1.1.5-1"
      },
      {
        "model": "cups",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apple",
        "version": "1.1.6-3"
      },
      {
        "model": "cups",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apple",
        "version": "1.1.5-2"
      },
      {
        "model": "cups",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apple",
        "version": "1.1.11"
      },
      {
        "model": "cups",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apple",
        "version": "1.2.3"
      },
      {
        "model": "cups",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apple",
        "version": "1.2.8"
      },
      {
        "model": "cups",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apple",
        "version": "1.3.6"
      },
      {
        "model": "cups",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apple",
        "version": "1.1.5"
      },
      {
        "model": "cups",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apple",
        "version": "1.1.18"
      },
      {
        "model": "cups",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apple",
        "version": "1.4.7"
      },
      {
        "model": "cups",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apple",
        "version": "1.2.9"
      },
      {
        "model": "cups",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apple",
        "version": "1.4.3"
      },
      {
        "model": "cups",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apple",
        "version": "1.1.8"
      },
      {
        "model": "cups",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apple",
        "version": "1.2.10"
      },
      {
        "model": "cups",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apple",
        "version": "1.1.6"
      },
      {
        "model": "cups",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apple",
        "version": "1.4.0"
      },
      {
        "model": "cups",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apple",
        "version": "1.4.2"
      },
      {
        "model": "cups",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apple",
        "version": "1.2"
      },
      {
        "model": "cups",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apple",
        "version": "1.1.6-1"
      },
      {
        "model": "cups",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apple",
        "version": "1.1.16"
      },
      {
        "model": "cups",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apple",
        "version": "1.2.0"
      },
      {
        "model": "cups",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apple",
        "version": "1.1.17"
      },
      {
        "model": "cups",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apple",
        "version": "1.3.10"
      },
      {
        "model": "cups",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apple",
        "version": "1.3.9"
      },
      {
        "model": "cups",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apple",
        "version": "1.4.6"
      },
      {
        "model": "cups",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apple",
        "version": "1.5.0"
      },
      {
        "model": "cups",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apple",
        "version": "1.5.2"
      },
      {
        "model": "cups",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apple",
        "version": "1.1.23"
      },
      {
        "model": "cups",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apple",
        "version": "1.3"
      },
      {
        "model": "cups",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apple",
        "version": "1.5.1"
      },
      {
        "model": "cups",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apple",
        "version": "1.1.14"
      },
      {
        "model": "cups",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apple",
        "version": "1.4.8"
      },
      {
        "model": "cups",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apple",
        "version": "1.3.7"
      },
      {
        "model": "cups",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apple",
        "version": "1.3.3"
      },
      {
        "model": "cups",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apple",
        "version": "1.3.2"
      },
      {
        "model": "cups",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apple",
        "version": "1.3.8"
      },
      {
        "model": "cups",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apple",
        "version": "1.1.2"
      },
      {
        "model": "cups",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apple",
        "version": "1.1.12"
      },
      {
        "model": "cups",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apple",
        "version": "1.1"
      },
      {
        "model": "cups",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apple",
        "version": "1.2.4"
      },
      {
        "model": "cups",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apple",
        "version": "1.2.7"
      },
      {
        "model": "cups",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apple",
        "version": "1.4.5"
      },
      {
        "model": "cups",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apple",
        "version": "1.5"
      },
      {
        "model": "cups",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apple",
        "version": "1.5.4"
      },
      {
        "model": "cups",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apple",
        "version": "1.2.5"
      },
      {
        "model": "cups",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apple",
        "version": "1.3.5"
      },
      {
        "model": "cups",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apple",
        "version": "1.1.7"
      },
      {
        "model": "cups",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apple",
        "version": "1.1.19"
      },
      {
        "model": "cups",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apple",
        "version": "1.1.6-2"
      },
      {
        "model": "cups",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apple",
        "version": "1.3.4"
      },
      {
        "model": "cups",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apple",
        "version": "1.1.9-1"
      },
      {
        "model": "cups",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apple",
        "version": "1.2.12"
      },
      {
        "model": "cups",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apple",
        "version": "1.2.2"
      },
      {
        "model": "cups",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apple",
        "version": "1.2.11"
      },
      {
        "model": "cups",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apple",
        "version": "1.4.1"
      },
      {
        "model": "cups",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apple",
        "version": "1.3.11"
      },
      {
        "model": "cups",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apple",
        "version": "1.1.13"
      },
      {
        "model": "cups",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apple",
        "version": "1.1.1"
      },
      {
        "model": "cups",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apple",
        "version": "1.3.1"
      },
      {
        "model": "cups",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apple",
        "version": "1.5.3"
      },
      {
        "model": "cups",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apple",
        "version": "1.2.6"
      },
      {
        "model": "cups",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "apple",
        "version": "1.7.1"
      },
      {
        "model": "cups",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "apple",
        "version": "1.7.2"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "13.10"
      },
      {
        "model": "linux i386",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "12.10"
      },
      {
        "model": "linux amd64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "12.10"
      },
      {
        "model": "linux lts i386",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "12.04"
      },
      {
        "model": "linux lts amd64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "12.04"
      },
      {
        "model": "linux sparc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "10.04"
      },
      {
        "model": "linux powerpc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "10.04"
      },
      {
        "model": "linux i386",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "10.04"
      },
      {
        "model": "linux arm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "10.04"
      },
      {
        "model": "linux amd64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "10.04"
      },
      {
        "model": "enterprise linux workstation optional",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "6"
      },
      {
        "model": "enterprise linux workstation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "6"
      },
      {
        "model": "enterprise linux server optional",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "6"
      },
      {
        "model": "enterprise linux server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "6"
      },
      {
        "model": "enterprise linux hpc node optional",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "6"
      },
      {
        "model": "enterprise linux hpc node",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "6"
      },
      {
        "model": "enterprise linux desktop optional",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "6"
      },
      {
        "model": "enterprise linux desktop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "6"
      },
      {
        "model": "solaris",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "11.2"
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "6.2"
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "6"
      },
      {
        "model": "business server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandriva",
        "version": "1x8664"
      },
      {
        "model": "business server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandriva",
        "version": "1"
      },
      {
        "model": "enterprise server x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandrakesoft",
        "version": "5"
      },
      {
        "model": "enterprise server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandrakesoft",
        "version": "5"
      },
      {
        "model": "solaris",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "11.2.4.6.0"
      },
      {
        "model": "cups",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "apple",
        "version": "1.7.2"
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "66788"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-002191"
      },
      {
        "db": "NVD",
        "id": "CVE-2014-2856"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201404-376"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:apple:cups:1.1.12:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apple:cups:1.1.13:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apple:cups:1.1.19:rc1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apple:cups:1.1.19:rc2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apple:cups:1.1.20:rc3:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apple:cups:1.1.20:rc4:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apple:cups:1.1.22:rc1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apple:cups:1.1.22:rc2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apple:cups:1.1.5-2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apple:cups:1.1.6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apple:cups:1.1.6-1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apple:cups:1.2:b1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apple:cups:1.2:b2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apple:cups:1.2.11:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apple:cups:1.2.12:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apple:cups:1.2.9:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apple:cups:1.3:b1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apple:cups:1.3.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apple:cups:1.3.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apple:cups:1.4:b1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apple:cups:1.4:b2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apple:cups:1.4.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apple:cups:1.4.6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apple:cups:1.5.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apple:cups:1.5:rc1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apple:cups:1.6:rc1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apple:cups:1.6:b1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apple:cups:1.1.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apple:cups:1.1.10:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apple:cups:1.1.16:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apple:cups:1.1.17:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apple:cups:1.1.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apple:cups:1.1.20:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apple:cups:1.1.21:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apple:cups:1.1.21:rc1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apple:cups:1.1.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apple:cups:1.1.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apple:cups:1.1.7:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apple:cups:1.1.8:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apple:cups:1.2:rc3:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apple:cups:1.2.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apple:cups:1.2.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apple:cups:1.2.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apple:cups:1.3.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apple:cups:1.3.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apple:cups:1.3.6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apple:cups:1.3.7:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apple:cups:1.4.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apple:cups:1.4.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apple:cups:1.4.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apple:cups:1.5.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apple:cups:1.5.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apple:cups:1.6.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apple:cups:1.6.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apple:cups:1.7:rc1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apple:cups:1.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apple:cups:1.1.14:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apple:cups:1.1.15:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apple:cups:1.1.19:rc3:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apple:cups:1.1.19:rc4:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apple:cups:1.1.19:rc5:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apple:cups:1.1.20:rc5:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apple:cups:1.1.20:rc6:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apple:cups:1.1.23:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apple:cups:1.1.23:rc1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apple:cups:1.1.6-2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apple:cups:1.1.6-3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apple:cups:1.2:rc1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apple:cups:1.2:rc2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apple:cups:1.2.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apple:cups:1.2.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apple:cups:1.3:rc1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apple:cups:1.3:rc2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apple:cups:1.3.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apple:cups:1.3.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apple:cups:1.4:b3:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apple:cups:1.4:rc1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apple:cups:1.4.7:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apple:cups:1.4.8:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apple:cups:1.5:b2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apple:cups:1.5:b1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apple:cups:1.7.1:b1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apple:cups:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "1.7.1",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apple:cups:1.7.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apple:cups:1.1.10-1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apple:cups:1.1.11:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apple:cups:1.1.18:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apple:cups:1.1.19:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apple:cups:1.1.20:rc1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apple:cups:1.1.20:rc2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apple:cups:1.1.21:rc2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apple:cups:1.1.22:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apple:cups:1.1.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apple:cups:1.1.5-1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apple:cups:1.1.9:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apple:cups:1.1.9-1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apple:cups:1.2.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apple:cups:1.2.10:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apple:cups:1.2.6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apple:cups:1.2.7:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apple:cups:1.2.8:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apple:cups:1.3.10:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apple:cups:1.3.11:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apple:cups:1.3.8:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apple:cups:1.3.9:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apple:cups:1.4.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apple:cups:1.4.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apple:cups:1.5.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apple:cups:1.5.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apple:cups:1.6.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apple:cups:1.6.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2014-2856"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Alex Korobkin",
    "sources": [
      {
        "db": "BID",
        "id": "66788"
      }
    ],
    "trust": 0.3
  },
  "cve": "CVE-2014-2856",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 8.6,
            "impactScore": 2.9,
            "integrityImpact": "PARTIAL",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "MEDIUM",
            "trust": 1.0,
            "userInteractionRequired": true,
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Medium",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "None",
            "baseScore": 4.3,
            "confidentialityImpact": "None",
            "exploitabilityScore": null,
            "id": "CVE-2014-2856",
            "impactScore": null,
            "integrityImpact": "Partial",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Medium",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
            "version": "2.0"
          },
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 8.6,
            "id": "VHN-70795",
            "impactScore": 2.9,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 0.1,
            "vectorString": "AV:N/AC:M/AU:N/C:N/I:P/A:N",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2014-2856",
            "trust": 1.8,
            "value": "MEDIUM"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201404-376",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "VULHUB",
            "id": "VHN-70795",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-70795"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-002191"
      },
      {
        "db": "NVD",
        "id": "CVE-2014-2856"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201404-376"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Cross-site scripting (XSS) vulnerability in scheduler/client.c in Common Unix Printing System (CUPS) before 1.7.2 allows remote attackers to inject arbitrary web script or HTML via the URL path, related to the is_path_absolute function. CUPS is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied input. \nAn attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks. \nCUPS 1.6.4 is vulnerable; other versions may also be affected. The system is based on the Internet Printing Protocol (IPP) and provides most PostScript and raster printer services. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n=====================================================================\n                   Red Hat Security Advisory\n\nSynopsis:          Moderate: cups security and bug fix update\nAdvisory ID:       RHSA-2014:1388-02\nProduct:           Red Hat Enterprise Linux\nAdvisory URL:      https://rhn.redhat.com/errata/RHSA-2014-1388.html\nIssue date:        2014-10-14\nCVE Names:         CVE-2014-2856 CVE-2014-3537 CVE-2014-5029 \n                   CVE-2014-5030 CVE-2014-5031 \n=====================================================================\n\n1. Summary:\n\nUpdated cups packages that fix multiple security issues and several bugs\nare now available for Red Hat Enterprise Linux 6. \n\nRed Hat Product Security has rated this update as having Moderate security\nimpact. Common Vulnerability Scoring System (CVSS) base scores, which give\ndetailed severity ratings, are available for each vulnerability from the\nCVE links in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Enterprise Linux Desktop (v. 6) - i386, x86_64\nRed Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64\nRed Hat Enterprise Linux HPC Node (v. 6) - x86_64\nRed Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64\nRed Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64\nRed Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64\nRed Hat Enterprise Linux Workstation (v. 6) - i386, x86_64\nRed Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64\n\n3. Description:\n\nCUPS provides a portable printing layer for Linux, UNIX, and similar\noperating systems. \nAn attacker could use this flaw to perform a cross-site scripting attack\nagainst users of the CUPS web interface. (CVE-2014-2856)\n\nIt was discovered that CUPS allowed certain users to create symbolic links\nin certain directories under /var/cache/cups/. A local user with the \u0027lp\u0027\ngroup privileges could use this flaw to read the contents of arbitrary\nfiles on the system or, potentially, escalate their privileges on the\nsystem. (CVE-2014-3537, CVE-2014-5029, CVE-2014-5030, CVE-2014-5031)\n\nThe CVE-2014-3537 issue was discovered by Francisco Alonso of Red Hat\nProduct Security. \n\nThese updated cups packages also include several bug fixes. Space precludes\ndocumenting all of these changes in this advisory. Users are directed to\nthe Red Hat Enterprise Linux 6.6 Technical Notes, linked to in the\nReferences section, for information on the most significant of these\nchanges. \n\nAll cups users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues. After installing this\nupdate, the cupsd daemon will be restarted automatically. \n\n4. Solution:\n\nBefore applying this update, make sure all previously released errata\nrelevant to your system have been applied. \n\nThis update is available via the Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttps://access.redhat.com/articles/11258\n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n978387 - Bad IPP responses with version 2.0 (collection handling bug)\n1012482 - /etc/cron.daily/cups breaks rule GEN003080 in Red Hat security guide\n1087122 - CVE-2014-2856 cups: cross-site scripting flaw fixed in the 1.7.2 release\n1115576 - CVE-2014-3537 cups: insufficient checking leads to privilege escalation\n1122600 - CVE-2014-5029 cups: Incomplete fix for CVE-2014-3537\n1128764 - CVE-2014-5030 cups: allows local users to read arbitrary files via a symlink attack\n1128767 - CVE-2014-5031 cups: world-readable permissions\n\n6. Package List:\n\nRed Hat Enterprise Linux Desktop (v. 6):\n\nSource:\ncups-1.4.2-67.el6.src.rpm\n\ni386:\ncups-1.4.2-67.el6.i686.rpm\ncups-debuginfo-1.4.2-67.el6.i686.rpm\ncups-libs-1.4.2-67.el6.i686.rpm\ncups-lpd-1.4.2-67.el6.i686.rpm\n\nx86_64:\ncups-1.4.2-67.el6.x86_64.rpm\ncups-debuginfo-1.4.2-67.el6.i686.rpm\ncups-debuginfo-1.4.2-67.el6.x86_64.rpm\ncups-libs-1.4.2-67.el6.i686.rpm\ncups-libs-1.4.2-67.el6.x86_64.rpm\ncups-lpd-1.4.2-67.el6.x86_64.rpm\n\nRed Hat Enterprise Linux Desktop Optional (v. 6):\n\ni386:\ncups-debuginfo-1.4.2-67.el6.i686.rpm\ncups-devel-1.4.2-67.el6.i686.rpm\ncups-php-1.4.2-67.el6.i686.rpm\n\nx86_64:\ncups-debuginfo-1.4.2-67.el6.i686.rpm\ncups-debuginfo-1.4.2-67.el6.x86_64.rpm\ncups-devel-1.4.2-67.el6.i686.rpm\ncups-devel-1.4.2-67.el6.x86_64.rpm\ncups-php-1.4.2-67.el6.x86_64.rpm\n\nRed Hat Enterprise Linux HPC Node (v. 6):\n\nSource:\ncups-1.4.2-67.el6.src.rpm\n\nx86_64:\ncups-1.4.2-67.el6.x86_64.rpm\ncups-debuginfo-1.4.2-67.el6.i686.rpm\ncups-debuginfo-1.4.2-67.el6.x86_64.rpm\ncups-libs-1.4.2-67.el6.i686.rpm\ncups-libs-1.4.2-67.el6.x86_64.rpm\ncups-lpd-1.4.2-67.el6.x86_64.rpm\n\nRed Hat Enterprise Linux HPC Node Optional (v. 6):\n\nx86_64:\ncups-debuginfo-1.4.2-67.el6.i686.rpm\ncups-debuginfo-1.4.2-67.el6.x86_64.rpm\ncups-devel-1.4.2-67.el6.i686.rpm\ncups-devel-1.4.2-67.el6.x86_64.rpm\ncups-php-1.4.2-67.el6.x86_64.rpm\n\nRed Hat Enterprise Linux Server (v. 6):\n\nSource:\ncups-1.4.2-67.el6.src.rpm\n\ni386:\ncups-1.4.2-67.el6.i686.rpm\ncups-debuginfo-1.4.2-67.el6.i686.rpm\ncups-devel-1.4.2-67.el6.i686.rpm\ncups-libs-1.4.2-67.el6.i686.rpm\ncups-lpd-1.4.2-67.el6.i686.rpm\n\nppc64:\ncups-1.4.2-67.el6.ppc64.rpm\ncups-debuginfo-1.4.2-67.el6.ppc.rpm\ncups-debuginfo-1.4.2-67.el6.ppc64.rpm\ncups-devel-1.4.2-67.el6.ppc.rpm\ncups-devel-1.4.2-67.el6.ppc64.rpm\ncups-libs-1.4.2-67.el6.ppc.rpm\ncups-libs-1.4.2-67.el6.ppc64.rpm\ncups-lpd-1.4.2-67.el6.ppc64.rpm\n\ns390x:\ncups-1.4.2-67.el6.s390x.rpm\ncups-debuginfo-1.4.2-67.el6.s390.rpm\ncups-debuginfo-1.4.2-67.el6.s390x.rpm\ncups-devel-1.4.2-67.el6.s390.rpm\ncups-devel-1.4.2-67.el6.s390x.rpm\ncups-libs-1.4.2-67.el6.s390.rpm\ncups-libs-1.4.2-67.el6.s390x.rpm\ncups-lpd-1.4.2-67.el6.s390x.rpm\n\nx86_64:\ncups-1.4.2-67.el6.x86_64.rpm\ncups-debuginfo-1.4.2-67.el6.i686.rpm\ncups-debuginfo-1.4.2-67.el6.x86_64.rpm\ncups-devel-1.4.2-67.el6.i686.rpm\ncups-devel-1.4.2-67.el6.x86_64.rpm\ncups-libs-1.4.2-67.el6.i686.rpm\ncups-libs-1.4.2-67.el6.x86_64.rpm\ncups-lpd-1.4.2-67.el6.x86_64.rpm\n\nRed Hat Enterprise Linux Server Optional (v. 6):\n\ni386:\ncups-debuginfo-1.4.2-67.el6.i686.rpm\ncups-php-1.4.2-67.el6.i686.rpm\n\nppc64:\ncups-debuginfo-1.4.2-67.el6.ppc64.rpm\ncups-php-1.4.2-67.el6.ppc64.rpm\n\ns390x:\ncups-debuginfo-1.4.2-67.el6.s390x.rpm\ncups-php-1.4.2-67.el6.s390x.rpm\n\nx86_64:\ncups-debuginfo-1.4.2-67.el6.x86_64.rpm\ncups-php-1.4.2-67.el6.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation (v. 6):\n\nSource:\ncups-1.4.2-67.el6.src.rpm\n\ni386:\ncups-1.4.2-67.el6.i686.rpm\ncups-debuginfo-1.4.2-67.el6.i686.rpm\ncups-devel-1.4.2-67.el6.i686.rpm\ncups-libs-1.4.2-67.el6.i686.rpm\ncups-lpd-1.4.2-67.el6.i686.rpm\n\nx86_64:\ncups-1.4.2-67.el6.x86_64.rpm\ncups-debuginfo-1.4.2-67.el6.i686.rpm\ncups-debuginfo-1.4.2-67.el6.x86_64.rpm\ncups-devel-1.4.2-67.el6.i686.rpm\ncups-devel-1.4.2-67.el6.x86_64.rpm\ncups-libs-1.4.2-67.el6.i686.rpm\ncups-libs-1.4.2-67.el6.x86_64.rpm\ncups-lpd-1.4.2-67.el6.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation Optional (v. 6):\n\ni386:\ncups-debuginfo-1.4.2-67.el6.i686.rpm\ncups-php-1.4.2-67.el6.i686.rpm\n\nx86_64:\ncups-debuginfo-1.4.2-67.el6.x86_64.rpm\ncups-php-1.4.2-67.el6.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security.  Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/#package\n\n7. References:\n\nhttps://www.redhat.com/security/data/cve/CVE-2014-2856.html\nhttps://www.redhat.com/security/data/cve/CVE-2014-3537.html\nhttps://www.redhat.com/security/data/cve/CVE-2014-5029.html\nhttps://www.redhat.com/security/data/cve/CVE-2014-5030.html\nhttps://www.redhat.com/security/data/cve/CVE-2014-5031.html\nhttps://access.redhat.com/security/updates/classification/#moderate\nhttps://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/6.6_Technical_Notes/cups.html#RHSA-2014-1388\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e.  More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2014 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niD8DBQFUPKsIXlSAg2UNWIIRApSvAJ9WxP5yQ+v5GDRGnSINYq0Pro0AoQCfXZqW\nWjIIQcBG+Sou8Is2vIFlLok=\n=5S/K\n-----END PGP SIGNATURE-----\n\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n. \n \n It was discovered that the web interface in CUPS incorrectly\n validated permissions on rss files and directory index files. \n \n A malformed file with an invalid page header and compressed raster data\n can trigger a buffer overflow in cupsRasterReadPixels (CVE-2014-9679). \n _______________________________________________________________________\n\n References:\n\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2856\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3537\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5029\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5030\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5031\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9679\n http://advisories.mageia.org/MGASA-2014-0193.html\n http://advisories.mageia.org/MGASA-2014-0313.html\n http://advisories.mageia.org/MGASA-2015-0067.html\n _______________________________________________________________________\n\n Updated Packages:\n\n Mandriva Business Server 2/X86_64:\n 0d1f31885b6c118b63449f2fdd821666  mbs2/x86_64/cups-1.7.0-8.1.mbs2.x86_64.rpm\n b5337600a386f902763653796a2cefdf  mbs2/x86_64/cups-common-1.7.0-8.1.mbs2.x86_64.rpm\n 7b1513d85b5f22cd90bed23a35e44f51  mbs2/x86_64/cups-filesystem-1.7.0-8.1.mbs2.noarch.rpm\n c25fa9b9bba101274984fa2b7a62f7a3  mbs2/x86_64/lib64cups2-1.7.0-8.1.mbs2.x86_64.rpm\n df24a6b84fdafffaadf961ab4aa3640b  mbs2/x86_64/lib64cups2-devel-1.7.0-8.1.mbs2.x86_64.rpm \n 5c172624c992de8ebb2bf8a2b232ee3a  mbs2/SRPMS/cups-1.7.0-8.1.mbs2.src.rpm\n _______________________________________________________________________\n\n To upgrade automatically use MandrivaUpdate or urpmi.  The verification\n of md5 checksums and GPG signatures is performed automatically for you.  You can obtain the\n GPG public key of the Mandriva Security Team by executing:\n\n  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98\n\n You can view other update advisories for Mandriva Linux at:\n\n  http://www.mandriva.com/en/support/security/advisories/\n\n If you want to report vulnerabilities, please contact\n\n  security_(at)_mandriva.com\n _______________________________________________________________________\n\n Type Bits/KeyID     Date       User ID\n pub  1024D/22458A98 2000-07-10 Mandriva Security Team\n  \u003csecurity*mandriva.com\u003e\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.12 (GNU/Linux)\n\niD8DBQFVF6q1mqjQ0CJFipgRAuxXAKDq8A/WlNzp54yRN7xnKy8ZBaRZQwCfSAh0\nn7hHPzmYVzh2wFP6PffIl0E=\n=ykhv\n-----END PGP SIGNATURE-----\n. ============================================================================\nUbuntu Security Notice USN-2172-1\nApril 24, 2014\n\ncups vulnerability\n============================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 13.10\n- Ubuntu 12.10\n- Ubuntu 12.04 LTS\n- Ubuntu 10.04 LTS\n\nSummary:\n\nCUPS could be made to expose sensitive information over the network. If an authenticated user were\ntricked into visiting a malicious website while logged into CUPS, a remote\nattacker could modify the CUPS configuration and possibly steal\nconfidential data. \n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 13.10:\n  cups                            1.7.0~rc1-0ubuntu5.3\n\nUbuntu 12.10:\n  cups                            1.6.1-0ubuntu11.6\n\nUbuntu 12.04 LTS:\n  cups                            1.5.3-0ubuntu8.2\n\nUbuntu 10.04 LTS:\n  cups                            1.4.3-1ubuntu1.11\n\nIn general, a standard system update will make all the necessary changes",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2014-2856"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-002191"
      },
      {
        "db": "BID",
        "id": "66788"
      },
      {
        "db": "VULHUB",
        "id": "VHN-70795"
      },
      {
        "db": "PACKETSTORM",
        "id": "126666"
      },
      {
        "db": "PACKETSTORM",
        "id": "128661"
      },
      {
        "db": "PACKETSTORM",
        "id": "131116"
      },
      {
        "db": "PACKETSTORM",
        "id": "126294"
      },
      {
        "db": "PACKETSTORM",
        "id": "126691"
      }
    ],
    "trust": 2.43
  },
  "exploit_availability": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "reference": "https://www.scap.org.cn/vuln/vhn-70795",
        "trust": 0.1,
        "type": "unknown"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-70795"
      }
    ]
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2014-2856",
        "trust": 3.3
      },
      {
        "db": "OPENWALL",
        "id": "OSS-SECURITY/2014/04/15/3",
        "trust": 1.7
      },
      {
        "db": "OPENWALL",
        "id": "OSS-SECURITY/2014/04/14/2",
        "trust": 1.7
      },
      {
        "db": "SECUNIA",
        "id": "57880",
        "trust": 1.7
      },
      {
        "db": "BID",
        "id": "66788",
        "trust": 1.4
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-002191",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201404-376",
        "trust": 0.7
      },
      {
        "db": "MLIST",
        "id": "[OSS-SECURITY] 20140415 RE: CVE REQUEST: CROSS-SITE SCRIPTING ISSUE FIXED IN CUPS 1.7.2",
        "trust": 0.6
      },
      {
        "db": "MLIST",
        "id": "[OSS-SECURITY] 20140414 CVE REQUEST: CROSS-SITE SCRIPTING ISSUE FIXED IN CUPS 1.7.2",
        "trust": 0.6
      },
      {
        "db": "PACKETSTORM",
        "id": "128661",
        "trust": 0.2
      },
      {
        "db": "PACKETSTORM",
        "id": "126294",
        "trust": 0.2
      },
      {
        "db": "PACKETSTORM",
        "id": "131116",
        "trust": 0.2
      },
      {
        "db": "PACKETSTORM",
        "id": "126666",
        "trust": 0.2
      },
      {
        "db": "VULHUB",
        "id": "VHN-70795",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "126691",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-70795"
      },
      {
        "db": "BID",
        "id": "66788"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-002191"
      },
      {
        "db": "PACKETSTORM",
        "id": "126666"
      },
      {
        "db": "PACKETSTORM",
        "id": "128661"
      },
      {
        "db": "PACKETSTORM",
        "id": "131116"
      },
      {
        "db": "PACKETSTORM",
        "id": "126294"
      },
      {
        "db": "PACKETSTORM",
        "id": "126691"
      },
      {
        "db": "NVD",
        "id": "CVE-2014-2856"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201404-376"
      }
    ]
  },
  "id": "VAR-201404-0441",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-70795"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2023-12-18T11:03:11.201000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "STR #4356 XSS in CUPS 1.6.4 web interface",
        "trust": 0.8,
        "url": "http://www.cups.org/str.php?l4356"
      },
      {
        "title": "Release Notes",
        "trust": 0.8,
        "url": "http://www.cups.org/documentation.php/relnotes.html"
      },
      {
        "title": "RHSA-2014:1388",
        "trust": 0.8,
        "url": "https://rhn.redhat.com/errata/rhsa-2014-1388.html"
      },
      {
        "title": "CVE-2014-2856 Cross-site scripting (XSS) vulnerability in CUPS",
        "trust": 0.8,
        "url": "https://blogs.oracle.com/sunsecurity/entry/cve_2014_2856_cross_site"
      },
      {
        "title": "cups-1.7.2-source",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=49422"
      },
      {
        "title": "cups-1.7.2-source",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=49421"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-002191"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201404-376"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-79",
        "trust": 1.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-70795"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-002191"
      },
      {
        "db": "NVD",
        "id": "CVE-2014-2856"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.1,
        "url": "http://advisories.mageia.org/mgasa-2014-0193.html"
      },
      {
        "trust": 2.0,
        "url": "http://www.cups.org/documentation.php/relnotes.html"
      },
      {
        "trust": 2.0,
        "url": "http://www.cups.org/str.php?l4356"
      },
      {
        "trust": 1.7,
        "url": "http://www.openwall.com/lists/oss-security/2014/04/14/2"
      },
      {
        "trust": 1.7,
        "url": "http://www.openwall.com/lists/oss-security/2014/04/15/3"
      },
      {
        "trust": 1.7,
        "url": "http://secunia.com/advisories/57880"
      },
      {
        "trust": 1.2,
        "url": "http://rhn.redhat.com/errata/rhsa-2014-1388.html"
      },
      {
        "trust": 1.2,
        "url": "http://www.ubuntu.com/usn/usn-2172-1"
      },
      {
        "trust": 1.1,
        "url": "http://www.securityfocus.com/bid/66788"
      },
      {
        "trust": 1.1,
        "url": "http://www.mandriva.com/security/advisories?name=mdvsa-2015:108"
      },
      {
        "trust": 1.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-2856"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-2856"
      },
      {
        "trust": 0.5,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-2856"
      },
      {
        "trust": 0.3,
        "url": "http://www.cups.org/"
      },
      {
        "trust": 0.3,
        "url": "https://blogs.oracle.com/sunsecurity/entry/cve_2014_2856_cross_site"
      },
      {
        "trust": 0.3,
        "url": "http://www.mandriva.com/en/support/security/"
      },
      {
        "trust": 0.3,
        "url": "http://www.mandriva.com/en/support/security/advisories/"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-5029"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3537"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-5030"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-5031"
      },
      {
        "trust": 0.1,
        "url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/6/html/6.6_technical_notes/cups.html#rhsa-2014-1388"
      },
      {
        "trust": 0.1,
        "url": "https://www.redhat.com/security/data/cve/cve-2014-2856.html"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/team/key/#package"
      },
      {
        "trust": 0.1,
        "url": "https://www.redhat.com/security/data/cve/cve-2014-5029.html"
      },
      {
        "trust": 0.1,
        "url": "https://www.redhat.com/security/data/cve/cve-2014-5031.html"
      },
      {
        "trust": 0.1,
        "url": "https://bugzilla.redhat.com/):"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/articles/11258"
      },
      {
        "trust": 0.1,
        "url": "https://www.redhat.com/security/data/cve/cve-2014-5030.html"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/updates/classification/#moderate"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/team/contact/"
      },
      {
        "trust": 0.1,
        "url": "https://www.redhat.com/security/data/cve/cve-2014-3537.html"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-5031"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-9679"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3537"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-5029"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-5030"
      },
      {
        "trust": 0.1,
        "url": "http://advisories.mageia.org/mgasa-2015-0067.html"
      },
      {
        "trust": 0.1,
        "url": "http://advisories.mageia.org/mgasa-2014-0313.html"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-9679"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/cups/1.4.3-1ubuntu1.11"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/cups/1.7.0~rc1-0ubuntu5.3"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/cups/1.6.1-0ubuntu11.6"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/cups/1.5.3-0ubuntu8.2"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2013-6891"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-6891"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-70795"
      },
      {
        "db": "BID",
        "id": "66788"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-002191"
      },
      {
        "db": "PACKETSTORM",
        "id": "126666"
      },
      {
        "db": "PACKETSTORM",
        "id": "128661"
      },
      {
        "db": "PACKETSTORM",
        "id": "131116"
      },
      {
        "db": "PACKETSTORM",
        "id": "126294"
      },
      {
        "db": "PACKETSTORM",
        "id": "126691"
      },
      {
        "db": "NVD",
        "id": "CVE-2014-2856"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201404-376"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-70795"
      },
      {
        "db": "BID",
        "id": "66788"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-002191"
      },
      {
        "db": "PACKETSTORM",
        "id": "126666"
      },
      {
        "db": "PACKETSTORM",
        "id": "128661"
      },
      {
        "db": "PACKETSTORM",
        "id": "131116"
      },
      {
        "db": "PACKETSTORM",
        "id": "126294"
      },
      {
        "db": "PACKETSTORM",
        "id": "126691"
      },
      {
        "db": "NVD",
        "id": "CVE-2014-2856"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201404-376"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2014-04-18T00:00:00",
        "db": "VULHUB",
        "id": "VHN-70795"
      },
      {
        "date": "2014-01-30T00:00:00",
        "db": "BID",
        "id": "66788"
      },
      {
        "date": "2014-04-23T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2014-002191"
      },
      {
        "date": "2014-05-19T03:14:21",
        "db": "PACKETSTORM",
        "id": "126666"
      },
      {
        "date": "2014-10-14T23:04:56",
        "db": "PACKETSTORM",
        "id": "128661"
      },
      {
        "date": "2015-03-30T21:33:02",
        "db": "PACKETSTORM",
        "id": "131116"
      },
      {
        "date": "2014-04-24T22:17:43",
        "db": "PACKETSTORM",
        "id": "126294"
      },
      {
        "date": "2014-05-19T03:19:36",
        "db": "PACKETSTORM",
        "id": "126691"
      },
      {
        "date": "2014-04-18T14:55:26.040000",
        "db": "NVD",
        "id": "CVE-2014-2856"
      },
      {
        "date": "2014-04-23T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201404-376"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2017-12-16T00:00:00",
        "db": "VULHUB",
        "id": "VHN-70795"
      },
      {
        "date": "2015-04-13T21:37:00",
        "db": "BID",
        "id": "66788"
      },
      {
        "date": "2015-06-23T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2014-002191"
      },
      {
        "date": "2017-12-16T02:29:06.777000",
        "db": "NVD",
        "id": "CVE-2014-2856"
      },
      {
        "date": "2014-04-23T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201404-376"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "126666"
      },
      {
        "db": "PACKETSTORM",
        "id": "126294"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201404-376"
      }
    ],
    "trust": 0.8
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Common Unix Printing System of  scheduler/client.c Vulnerable to cross-site scripting",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-002191"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "xss",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "126294"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201404-376"
      }
    ],
    "trust": 0.7
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.


Loading...

Loading...

Loading...

Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.