CVE-2014-3537

critical

Description

The web interface in CUPS before 1.7.4 allows local users in the lp group to read arbitrary files via a symlink attack on a file in /var/cache/cups/rss/.

References

https://support.apple.com/kb/HT6535

https://bugzilla.redhat.com/show_bug.cgi?id=1115576

http://www.ubuntu.com/usn/USN-2293-1

http://www.securitytracker.com/id/1030611

http://www.securityfocus.com/bid/68788

http://www.mandriva.com/security/advisories?name=MDVSA-2015:108

http://www.cups.org/str.php?L4450

http://www.cups.org/blog.php?L724

http://secunia.com/advisories/60787

http://secunia.com/advisories/60273

http://secunia.com/advisories/59945

http://rhn.redhat.com/errata/RHSA-2014-1388.html

http://lists.fedoraproject.org/pipermail/package-announce/2014-July/135528.html

http://archives.neohapsis.com/archives/bugtraq/2014-10/0101.html

http://advisories.mageia.org/MGASA-2014-0313.html

Details

Source: Mitre, NVD

Published: 2014-07-23

Updated: 2025-04-12

Risk Information

CVSS v2

Base Score: 1.2

Vector: CVSS2#AV:L/AC:H/Au:N/C:P/I:N/A:N

Severity: Low

CVSS v3

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Severity: Critical

EPSS

EPSS: 0.00053

Detections

Analytics