USN-856-1 -- cups, cupsys vulnerabilityID: oval:org.secpod.oval:def:700314 | Date: (C)2011-05-13 (M)2024-01-02 |
Class: PATCH | Family: unix |
Aaron Sigel discovered that the CUPS web interface incorrectly protected against cross-site scripting and cross-site request forgery attacks. If an authenticated user were tricked into visiting a malicious website while logged into CUPS, a remote attacker could modify the CUPS configuration and possibly steal confidential data.
Platform: |
Ubuntu 8.04 |
Ubuntu 8.10 |
Ubuntu 9.10 |
Ubuntu 6.06 |
Ubuntu 9.04 |