- Description
- The web interface in CUPS 1.7.4 allows local users in the lp group to read arbitrary files via a symlink attack on a file in /var/cache/cups/rss/ and language[0] set to null. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-3537.
- Source
- security@debian.org
- NVD status
- Modified
CVSS 2.0
- Type
- Primary
- Base score
- 1.5
- Impact score
- 2.9
- Exploitability score
- 2.7
- Vector string
- AV:L/AC:M/Au:S/C:P/I:N/A:N
- nvd@nist.gov
- CWE-59
- Hype score
- Not currently trending
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apple:cups:1.7.4:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "AD7E522C-3BB8-4F43-AFD5-5AFBAED8D4C2"
}
],
"operator": "OR"
}
]
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:lts:*:*:*",
"vulnerable": true,
"matchCriteriaId": "5D37DF0F-F863-45AC-853A-3E04F9FEC7CA"
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*",
"vulnerable": true,
"matchCriteriaId": "B6B7CAD7-9D4E-4FDB-88E3-1E583210A01F"
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*",
"vulnerable": true,
"matchCriteriaId": "B5A6F2F3-4894-4392-8296-3B8DD2679084"
}
],
"operator": "OR"
}
]
}
]