Vulnerability in Apple Cups
CVE-2014-5031
The web interface in CUPS before 2.0 does not check that files have world-readable permissions, which allows remote attackers to obtains sensitive information via unspecified vectors.
EPSS: 0.016 (82.2th percentile) — read the EPSS interpretation.
Affected products
- Apple Cups — versions 1.7, 1.7.0, 1.7.1
- Canonical Ubuntu_linux — versions 10.04, 12.04, 14.04
- N/a — versions n/a
Weakness classification (CWE)
References
- security@debian.org (x_refsource_CONFIRM, Patch, Vendor Advisory)
- USN-2341-1 (x_refsource_UBUNTU, vendor-advisory)
- [oss-security] 20140722 Re: CVE Request: cups: Incomplete fix for CVE-2014-3537 (mailing-list, x_refsource_MLIST)
- RHSA-2014:1388 (x_refsource_REDHAT, vendor-advisory)
- 60787 (x_refsource_SECUNIA, third-party-advisory)
- DSA-2990 (vendor-advisory, x_refsource_DEBIAN)
- [oss-security] 20140722 CVE Request: cups: Incomplete fix for CVE-2014-3537 (mailing-list, x_refsource_MLIST)
- security@debian.org (x_refsource_CONFIRM)
- 60509 (x_refsource_SECUNIA, third-party-advisory)
- MDVSA-2015:108 (vendor-advisory, x_refsource_MANDRIVA)