This script is Copyright (C) 2009-2014 Tenable Network Security, Inc.
The remote printer service is affected by a cross-site scripting
According to its banner, the version of CUPS installed on the remote
host is earlier than 1.4.2. The 'kerberos' parameter in such versions
is not properly sanitized before being used to generate dynamic HTML
An attacker can leverage this issue via a combination of attribute
injection and HTTP Parameter Pollution to inject arbitrary script code
into a user's browser to be executed within the security context of
the affected site.
See also :
Upgrade to CUPS version 1.4.2 or later.
Risk factor :
Medium / CVSS Base Score : 4.3
CVSS Temporal Score : 3.6
Public Exploit Available : true
Nessus Plugin ID: 42468 (cups_1_4_2.nasl)
Bugtraq ID: 36958
CVE ID: CVE-2009-2820
The cookie settings on this website are set to 'allow all cookies' to give you the very best website experience. If you continue without changing these settings, you consent to this - but if you want, you can opt out of all cookies by clicking below.