Launchpad CVE tracker

CVE 2009-0164

The web interface for CUPS before 1.3.10 does not validate the HTTP Host header in a client request, which makes it easier for remote attackers to conduct DNS rebinding attacks.

Related bugs and status

CVE-2009-0164 (Candidate) is related to these bugs:

Bug #357732: cups always prints with the default page size

		In	Importance	Status
357732	cups always prints with the default page size	cups (Ubuntu)	High	Fix Released
357732	cups always prints with the default page size	ghostscript (Ubuntu)	Undecided	Invalid
357732	cups always prints with the default page size	GS-GPL	High	Invalid
357732	cups always prints with the default page size	cups (Ubuntu Jaunty)	High	Fix Released
357732	cups always prints with the default page size	ghostscript (Ubuntu Jaunty)	Undecided	Invalid
357732	cups always prints with the default page size	cups (Ubuntu Intrepid)	Undecided	Invalid
357732	cups always prints with the default page size	ghostscript (Ubuntu Intrepid)	Undecided	Invalid

Bug #1086303: Cups server can't listen - accept connections to 127.0.1.1 ( Bad request )

Summary				In	Importance	Status
	1086303	Cups server can't listen - accept connections to 127.0.1.1 ( Bad request )		cups (Ubuntu)	Undecided	Incomplete

See the

CVE page on Mitre.org for more details.

Launchpad.net

CVE 2009-0164

References