Cross-site request forgery (CSRF) vulnerability in the web interface in CUPS before 1.4.4, as used on Apple Mac OS X 10.5.8, Mac OS X 10.6 before 10.6.4, and other platforms, allows remote attackers to hijack the authentication of administrators for requests that change settings.
The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Mac_os_x | Apple | 10.5.8 (including) | 10.5.8 (including) |
Mac_os_x | Apple | 10.6.0 (including) | 10.6.0 (including) |
Mac_os_x | Apple | 10.6.1 (including) | 10.6.1 (including) |
Mac_os_x | Apple | 10.6.2 (including) | 10.6.2 (including) |
Mac_os_x | Apple | 10.6.3 (including) | 10.6.3 (including) |
Mac_os_x_server | Apple | 10.5.8 (including) | 10.5.8 (including) |
Mac_os_x_server | Apple | 10.6.0 (including) | 10.6.0 (including) |
Mac_os_x_server | Apple | 10.6.1 (including) | 10.6.1 (including) |
Mac_os_x_server | Apple | 10.6.2 (including) | 10.6.2 (including) |
Mac_os_x_server | Apple | 10.6.3 (including) | 10.6.3 (including) |
Cups | Ubuntu | jaunty | * |
Cups | Ubuntu | karmic | * |
Cups | Ubuntu | lucid | * |
Cups | Ubuntu | upstream | * |
Cupsys | Ubuntu | dapper | * |
Cupsys | Ubuntu | hardy | * |
Cupsys | Ubuntu | upstream | * |
Red Hat Enterprise Linux 3 | RedHat | cups-1:1.1.17-13.3.65 | * |
Red Hat Enterprise Linux 4 | RedHat | cups-1:1.1.22-0.rc1.9.32.el4_8.6 | * |
Red Hat Enterprise Linux 5 | RedHat | cups-1:1.3.7-18.el5_5.4 | * |