CVE Vulnerabilities

CVE-2004-2154

Published: Dec 31, 2004 | Modified: Oct 11, 2017
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
7.5 HIGH
AV:N/AC:L/Au:N/C:P/I:P/A:P
RedHat/V2
RedHat/V3
Ubuntu

CUPS before 1.1.21rc1 treats a Location directive in cupsd.conf as case sensitive, which allows attackers to bypass intended ACLs via a printer name containing uppercase or lowercase letters that are different from what is specified in the directive.

Affected Software

Name Vendor Start Version End Version
Cups Easy_software_products 1.0.4 1.0.4
Cups Easy_software_products 1.0.4_8 1.0.4_8
Cups Easy_software_products 1.1.1 1.1.1
Cups Easy_software_products 1.1.4 1.1.4
Cups Easy_software_products 1.1.4_2 1.1.4_2
Cups Easy_software_products 1.1.4_3 1.1.4_3
Cups Easy_software_products 1.1.4_5 1.1.4_5
Cups Easy_software_products 1.1.6 1.1.6
Cups Easy_software_products 1.1.7 1.1.7
Cups Easy_software_products 1.1.10 1.1.10
Cups Easy_software_products 1.1.12 1.1.12
Cups Easy_software_products 1.1.13 1.1.13
Cups Easy_software_products 1.1.14 1.1.14
Cups Easy_software_products 1.1.15 1.1.15
Cups Easy_software_products 1.1.16 1.1.16
Cups Easy_software_products 1.1.17 1.1.17
Cups Easy_software_products 1.1.18 1.1.18
Cups Easy_software_products 1.1.19 1.1.19
Cups Easy_software_products 1.1.19_rc5 1.1.19_rc5
Cups Easy_software_products 1.1.20 1.1.20
Red Hat Enterprise Linux 3 RedHat cups-1:1.1.17-13.3.29 *

References