CVE-2014-2856

Impact:
Moderate
Public Date:
2014-01-30
CWE:
CWE-79
Bugzilla:
1087122: CVE-2014-2856 cups: cross-site scripting flaw fixed in the 1.7.2 release
A cross-site scripting (XSS) flaw was found in the CUPS web interface. An attacker could use this flaw to perform a cross-site scripting attack against users of the CUPS web interface.

Find out more about CVE-2014-2856 from the MITRE CVE dictionary dictionary and NIST NVD.

Statement

This issue is not planned to be fixed in Red Hat Enterprise Linux 5 as it is now in Production 3 Phase of the support and maintenance life cycle, https://access.redhat.com/support/policy/updates/errata/

CVSS v2 metrics

Base Score 4.3
Base Metrics AV:N/AC:M/Au:N/C:N/I:P/A:N
Access Vector Network
Access Complexity Medium
Authentication None
Confidentiality Impact None
Integrity Impact Partial
Availability Impact None

Find out more about Red Hat support for the Common Vulnerability Scoring System (CVSS).

Red Hat Security Errata

Platform Errata Release Date
Red Hat Enterprise Linux 7 (cups) RHBA-2015:0386 2015-03-05
Red Hat Enterprise Linux 6 (cups) RHSA-2014:1388 2014-10-13

Affected Packages State

Platform Package State
Red Hat Enterprise Linux 5 cups Will not fix

Last Modified
Close

Welcome! Check out the Getting Started with Red Hat page for quick tours and guides for common tasks.