CUPS < 1.4.2 kerberos Parameter XSS

This script is Copyright (C) 2009-2016 Tenable Network Security, Inc.

Synopsis :

The remote printer service is affected by a cross-site scripting

Description :

According to its banner, the version of CUPS installed on the remote
host is earlier than 1.4.2. The 'kerberos' parameter in such versions
is not properly sanitized before being used to generate dynamic HTML

An attacker can leverage this issue via a combination of attribute
injection and HTTP Parameter Pollution to inject arbitrary script code
into a user's browser to be executed within the security context of
the affected site.

See also :

Solution :

Upgrade to CUPS version 1.4.2 or later.

Risk factor :

Medium / CVSS Base Score : 4.3
CVSS Temporal Score : 3.7
Public Exploit Available : true

Family: Misc.

Nessus Plugin ID: 42468 (cups_1_4_2.nasl)

Bugtraq ID: 36958

CVE ID: CVE-2009-2820

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now