CUPS < 1.7.2 is_path_absolute Function XSS

This script is Copyright (C) 2014-2015 Tenable Network Security, Inc.

Synopsis :

The remote print service is affected by a cross-site scripting

Description :

According to its banner, the version of CUPS installed on the remote
host is prior to version 1.7.2. It is, therefore, affected by a
cross-site scripting vulnerability.

A flaw exists with the is_path_absolute function within the
scheduler/client.cscript. This could allow a context-dependent
attacker, with a specially crafted request, to execute arbitrary
script code within the browser and server trust relationship.

Note that Nessus has not tested for this issue but has instead relied
only on the application's self-reported version number.

See also :

Solution :

Upgrade to CUPS version 1.7.2 or later, or apply the vendor patch.

Risk factor :

Medium / CVSS Base Score : 4.3
CVSS Temporal Score : 3.7
Public Exploit Available : true

Family: Misc.

Nessus Plugin ID: 73734 ()

Bugtraq ID: 66788

CVE ID: CVE-2014-2856

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now