CVE-2004-2154 - Vulnerability Details - OpenCVE

CUPS before 1.1.21rc1 treats a Location directive in cupsd.conf as case sensitive, which allows attackers to bypass intended ACLs via a printer name containing uppercase or lowercase letters that are different from what is specified in the directive.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Apple	Cups
Canonical	Ubuntu Linux
Redhat	Enterprise Linux

Configuration 1 [-]

OR	cpe:2.3:a:apple:cups::::::::
	cpe:2.3:a:apple:cups:1.1.21:-::::::

Configuration 2 [-]

cpe:2.3:o:canonical:ubuntu_linux:4.10:*:*:*:*:*:*:*

Package	CPE	Advisory	Released Date
Red Hat Enterprise Linux 3
cups-1:1.1.17-13.3.29	cpe:/o:redhat:enterprise_linux:3	RHSA-2005:571	2005-07-14T00:00:00Z

References

Link	Providers
http://www.cups.org/str.php?L700
http://www.novell.com/linux/security/advisories/2005_18_sr.html
http://www.redhat.com/support/errata/RHSA-2005-571.html
http://www.ubuntu.com/usn/usn-185-1
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=162405
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=163274
https://nvd.nist.gov/vuln/detail/CVE-2004-2154
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9940
https://www.cve.org/CVERecord?id=CVE-2004-2154

History

Thu, 08 Aug 2024 02:30:00 +0000

Type	Values Removed	Values Added
CPEs	cpe:2.3:a:apple:cups:-:::::::*
Metrics	ssvc `{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2005-07-05T04:00:00

Updated: 2024-08-08T01:15:01.684Z

Reserved: 2005-07-05T00:00:00

Link: CVE-2004-2154

Vulnrichment

Updated: 2024-08-08T01:15:01.684Z

NVD

Status : Deferred

Published: 2004-12-31T05:00:00.000

Modified: 2025-04-03T01:03:51.193

Link: CVE-2004-2154

Redhat

Severity : Moderate

Publid Date: 2004-05-05T00:00:00Z

Links: CVE-2004-2154 - Bugzilla

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2004-05-13T00:00:00", "descriptions": [{"lang": "en", "value": "CUPS before 1.1.21rc1 treats a Location directive in cupsd.conf as case sensitive, which allows attackers to bypass intended ACLs via a printer name containing uppercase or lowercase letters that are different from what is specified in the directive."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-10-10T00:57:01", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"name": "SUSE-SR:2005:018", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://www.novell.com/linux/security/advisories/2005_18_sr.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.cups.org/str.php?L700"}, {"name": "RHSA-2005:571", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://www.redhat.com/support/errata/RHSA-2005-571.html"}, {"name": "FLSA:163274", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=163274"}, {"name": "USN-185-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "http://www.ubuntu.com/usn/usn-185-1"}, {"name": "oval:org.mitre.oval:def:9940", "tags": ["vdb-entry", "signature", "x_refsource_OVAL"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9940"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=162405"}]}, "adp": [{"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-178", "lang": "en", "description": "CWE-178 Improper Handling of Case Sensitivity"}]}], "affected": [{"vendor": "apple", "product": "cups", "cpes": ["cpe:2.3:a:apple:cups:-:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThan": "1.1.21", "versionType": "custom"}]}, {"vendor": "canonical", "product": "ubuntu_linux", "cpes": ["cpe:2.3:o:canonical:ubuntu_linux:4.10:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "4.10", "status": "affected"}]}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2024-07-16T14:59:33.852643Z", "id": "CVE-2004-2154", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-07-16T15:10:00.201Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-08T01:15:01.684Z"}, "title": "CVE Program Container", "references": [{"name": "SUSE-SR:2005:018", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://www.novell.com/linux/security/advisories/2005_18_sr.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.cups.org/str.php?L700"}, {"name": "RHSA-2005:571", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://www.redhat.com/support/errata/RHSA-2005-571.html"}, {"name": "FLSA:163274", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=163274"}, {"name": "USN-185-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "http://www.ubuntu.com/usn/usn-185-1"}, {"name": "oval:org.mitre.oval:def:9940", "tags": ["vdb-entry", "signature", "x_refsource_OVAL", "x_transferred"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9940"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=162405"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2004-2154", "datePublished": "2005-07-05T04:00:00", "dateReserved": "2005-07-05T00:00:00", "dateUpdated": "2024-08-08T01:15:01.684Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "http://www.novell.com/linux/security/advisories/2005_18_sr.html", "name": "SUSE-SR:2005:018", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"]}, {"url": "http://www.cups.org/str.php?L700", "tags": ["x_refsource_CONFIRM", "x_transferred"]}, {"url": "http://www.redhat.com/support/errata/RHSA-2005-571.html", "name": "RHSA-2005:571", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=163274", "name": "FLSA:163274", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"]}, {"url": "http://www.ubuntu.com/usn/usn-185-1", "name": "USN-185-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"]}, {"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9940", "name": "oval:org.mitre.oval:def:9940", "tags": ["vdb-entry", "signature", "x_refsource_OVAL", "x_transferred"]}, {"url": "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=162405", "tags": ["x_refsource_CONFIRM", "x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-08T01:15:01.684Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2004-2154", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-07-16T14:59:33.852643Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:apple:cups:-:*:*:*:*:*:*:*"], "vendor": "apple", "product": "cups", "versions": [{"status": "affected", "version": "0", "lessThan": "1.1.21", "versionType": "custom"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:o:canonical:ubuntu_linux:4.10:*:*:*:*:*:*:*"], "vendor": "canonical", "product": "ubuntu_linux", "versions": [{"status": "affected", "version": "4.10"}], "defaultStatus": "unknown"}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-178", "description": "CWE-178 Improper Handling of Case Sensitivity"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-07-16T15:00:32.347Z"}}], "cna": {"affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2004-05-13T00:00:00", "references": [{"url": "http://www.novell.com/linux/security/advisories/2005_18_sr.html", "name": "SUSE-SR:2005:018", "tags": ["vendor-advisory", "x_refsource_SUSE"]}, {"url": "http://www.cups.org/str.php?L700", "tags": ["x_refsource_CONFIRM"]}, {"url": "http://www.redhat.com/support/errata/RHSA-2005-571.html", "name": "RHSA-2005:571", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=163274", "name": "FLSA:163274", "tags": ["vendor-advisory", "x_refsource_FEDORA"]}, {"url": "http://www.ubuntu.com/usn/usn-185-1", "name": "USN-185-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"]}, {"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9940", "name": "oval:org.mitre.oval:def:9940", "tags": ["vdb-entry", "signature", "x_refsource_OVAL"]}, {"url": "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=162405", "tags": ["x_refsource_CONFIRM"]}], "descriptions": [{"lang": "en", "value": "CUPS before 1.1.21rc1 treats a Location directive in cupsd.conf as case sensitive, which allows attackers to bypass intended ACLs via a printer name containing uppercase or lowercase letters that are different from what is specified in the directive."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "text", "description": "n/a"}]}], "providerMetadata": {"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat", "dateUpdated": "2017-10-10T00:57:01"}}}, "cveMetadata": {"cveId": "CVE-2004-2154", "state": "PUBLISHED", "dateUpdated": "2024-08-08T01:15:01.684Z", "dateReserved": "2005-07-05T00:00:00", "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "datePublished": "2005-07-05T04:00:00", "assignerShortName": "redhat"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:apple:cups:*:*:*:*:*:*:*:*", "matchCriteriaId": "5F835149-D8DC-4086-8A1A-6DA6F0B1641F", "versionEndExcluding": "1.1.21", "vulnerable": true}, {"criteria": "cpe:2.3:a:apple:cups:1.1.21:-:*:*:*:*:*:*", "matchCriteriaId": "1AE87AA4-1F4C-46CC-8365-6390B5E9C2D7", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:canonical:ubuntu_linux:4.10:*:*:*:*:*:*:*", "matchCriteriaId": "778A6957-455B-420A-BAAF-E7F88FF4FB1E", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "CUPS before 1.1.21rc1 treats a Location directive in cupsd.conf as case sensitive, which allows attackers to bypass intended ACLs via a printer name containing uppercase or lowercase letters that are different from what is specified in the directive."}], "id": "CVE-2004-2154", "lastModified": "2025-04-03T01:03:51.193", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2004-12-31T05:00:00.000", "references": [{"source": "secalert@redhat.com", "tags": ["Broken Link", "Patch"], "url": "http://www.cups.org/str.php?L700"}, {"source": "secalert@redhat.com", "tags": ["Broken Link"], "url": "http://www.novell.com/linux/security/advisories/2005_18_sr.html"}, {"source": "secalert@redhat.com", "tags": ["Broken Link"], "url": "http://www.redhat.com/support/errata/RHSA-2005-571.html"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://www.ubuntu.com/usn/usn-185-1"}, {"source": "secalert@redhat.com", "tags": ["Issue Tracking", "Vendor Advisory"], "url": "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=162405"}, {"source": "secalert@redhat.com", "tags": ["Issue Tracking"], "url": "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=163274"}, {"source": "secalert@redhat.com", "tags": ["Broken Link"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9940"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link", "Patch"], "url": "http://www.cups.org/str.php?L700"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link"], "url": "http://www.novell.com/linux/security/advisories/2005_18_sr.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link"], "url": "http://www.redhat.com/support/errata/RHSA-2005-571.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://www.ubuntu.com/usn/usn-185-1"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Issue Tracking", "Vendor Advisory"], "url": "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=162405"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Issue Tracking"], "url": "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=163274"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9940"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-178"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-178"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}