CVE-2004-2154

Name of the Vulnerable Software and Affected Versions CUPS versions prior to 1.1.21rc1

Description The issue allows attackers to bypass intended Access Control Lists (ACLs) due to the case-sensitive treatment of a Location directive in cupsd.conf. This can be exploited via a printer name containing uppercase or lowercase letters that differ from what is specified in the directive.

Recommendations For versions prior to 1.1.21rc1, update to version 1.1.21rc1 or later to resolve the issue. As a temporary workaround, consider ensuring that all printer names and Location directives in cupsd.conf are specified with consistent case to minimize the risk of exploitation.