CVE-2008-5184 SUSE CVE security@suse.de SUSE Security Team SUSE CVE-2008-5184 Interim 1 12 2023-12-09T02:07:24Z current 2021-05-30T12:44:37Z 2023-12-09T02:07:24Z cve-database/bin/generate-cvrf-cve.pl 2020-12-27T01:00:00Z CVE-2008-5184 The web interface (cgi-bin/admin.c) in CUPS before 1.3.8 uses the guest username when a user is not logged on to the web server, which makes it easier for remote attackers to bypass intended policy and conduct CSRF attacks via the (1) add and (2) cancel RSS subscription functions. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/BLYDQ2NBC4T3JBPATZ23TNPG4S2NAS4M/#BLYDQ2NBC4T3JBPATZ23TNPG4S2NAS4M E-Mail link for SUSE-SR:2008:026 https://www.suse.com/support/security/rating/ SUSE Security Ratings SUSE Linux Enterprise Module for Legacy 12 SUSE Linux Enterprise Module for Legacy 12 SUSE Linux Enterprise Module for Legacy 12 SUSE Linux Enterprise Module for Legacy 12 SUSE Linux Enterprise Module for Legacy 12 SUSE Linux Enterprise Module for Legacy 12 SUSE Linux Enterprise Module for Legacy 12 SUSE Linux Enterprise Module for Legacy 12 SUSE Linux Enterprise Module for Legacy 12 cups154 cups154-client cups154-filters cups154-libs cups154 as a component of SUSE Linux Enterprise Module for Legacy 12 cups154-client as a component of SUSE Linux Enterprise Module for Legacy 12 cups154-filters as a component of SUSE Linux Enterprise Module for Legacy 12 cups154-libs as a component of SUSE Linux Enterprise Module for Legacy 12 The web interface (cgi-bin/admin.c) in CUPS before 1.3.8 uses the guest username when a user is not logged on to the web server, which makes it easier for remote attackers to bypass intended policy and conduct CSRF attacks via the (1) add and (2) cancel RSS subscription functions. CVE-2008-5184 SUSE Linux Enterprise Module for Legacy 12:cups154 SUSE Linux Enterprise Module for Legacy 12:cups154-client SUSE Linux Enterprise Module for Legacy 12:cups154-filters SUSE Linux Enterprise Module for Legacy 12:cups154-libs critical 10 AV:N/AC:L/Au:N/C:C/I:C/A:C