CVE-2008-5184

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2008-5184

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2008-5184.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2008-5184

Downstream

DEBIAN-CVE-2008-5184

Published

2008-11-21T02:30:00Z

Modified

2025-08-09T20:01:25Z

Summary

[none]

Details

The web interface (cgi-bin/admin.c) in CUPS before 1.3.8 uses the guest username when a user is not logged on to the web server, which makes it easier for remote attackers to bypass intended policy and conduct CSRF attacks via the (1) add and (2) cancel RSS subscription functions.

References

http://www.mandriva.com/security/advisories?name=MDVSA-2009:028
http://www.gnucitizen.org/blog/pwning-ubuntu-via-cups/
http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00002.html
http://www.cups.org/str.php?L2774
http://www.openwall.com/lists/oss-security/2008/11/19/3

CVE-2008-5184

Affected packages