CVE-2009-2820

Name of the Vulnerable Software and Affected Versions CUPS versions prior to 1.4.2

Description The issue concerns the web interface of CUPS, which does not properly handle HTTP headers and HTML templates. This allows remote attackers to conduct cross-site scripting (XSS) attacks and HTTP response splitting attacks. The attacks can be conducted via various vectors, including the product's web interface, the configuration of the print system, and the titles of printed jobs. An example of such an attack is an XSS attack that uses the kerberos parameter to the admin program, leveraging attribute injection and HTTP Parameter Pollution (HPP) issues.

Recommendations For CUPS versions prior to 1.4.2, update to version 1.4.2 or later to resolve the issue.