CVE-2008-5184

Impact:
Moderate
Public Date:
2008-03-27
Bugzilla:
473915: CVE-2008-5184 cups: improper use of the 'guest' username in the web UI, when user not logged on to the server

The MITRE CVE dictionary describes this issue as:

The web interface (cgi-bin/admin.c) in CUPS before 1.3.8 uses the guest username when a user is not logged on to the web server, which makes it easier for remote attackers to bypass intended policy and conduct CSRF attacks via the (1) add and (2) cancel RSS subscription functions.

Find out more about CVE-2008-5184 from the MITRE CVE dictionary dictionary and NIST NVD.

Statement

Not vulnerable. This issue did not affect the versions of CUPS as shipped with Red Hat Enterprise Linux 3, 4, or 5. Versions shipped do not support RSS subscriptions.

Last Modified

CVE description copyright © 2017, The MITRE Corporation

Close

Welcome! Check out the Getting Started with Red Hat page for quick tours and guides for common tasks.