CVE-2009-0164

EPSS 4.2%

Published: 4/24/2009Modified: 4/28/2026

Also known as:DEBIAN-CVE-2009-0164

Description

The web interface for CUPS before 1.3.10 does not validate the HTTP Host header in a client request, which makes it easier for remote attackers to conduct DNS rebinding attacks.

Affected packages (1)

Debian/cupsfrom 0, < 1.3.10-1

References (1)

ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2009-0164