Vulnerability Description
Cross-site scripting (XSS) vulnerability in the cgi_puts function in cgi-bin/template.c in the template engine in CUPS before 2.0.3 allows remote attackers to inject arbitrary web script or HTML via the QUERY parameter to help/.
CVSS Score
4.3
MEDIUM
AV:N/AC:M/Au:N/C:N/I:P/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Cups | Cups | <= 2.0.2 |
Related Weaknesses (CWE)
References
- http://googleprojectzero.blogspot.in/2015/06/owning-internet-printing-case-studyTechnical Description
- http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10702Third Party Advisory
- http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00003.html
- http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00006.html
- http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00010.html
- http://rhn.redhat.com/errata/RHSA-2015-1123.html
- http://www.cups.org/blog.php?L1082Vendor Advisory
- http://www.debian.org/security/2015/dsa-3283
- http://www.kb.cert.org/vuls/id/810572Third Party AdvisoryUS Government Resource
- http://www.securityfocus.com/bid/75106Third Party AdvisoryVDB Entry
- http://www.securitytracker.com/id/1032556
- http://www.ubuntu.com/usn/USN-2629-1
- https://bugzilla.opensuse.org/show_bug.cgi?id=924208Issue Tracking
- https://bugzilla.redhat.com/show_bug.cgi?id=1221642Issue Tracking
- https://code.google.com/p/google-security-research/issues/detail?id=455Exploit
FAQ
What is CVE-2015-1159?
CVE-2015-1159 is a vulnerability with a CVSS score of 4.3 (MEDIUM). Cross-site scripting (XSS) vulnerability in the cgi_puts function in cgi-bin/template.c in the template engine in CUPS before 2.0.3 allows remote attackers to inject arbitrary web script or HTML via t...
How severe is CVE-2015-1159?
CVE-2015-1159 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2015-1159?
Check the references section above for vendor advisories and patch information. Affected products include: Cups Cups.