Django REST framework

Vulnerability Instance

Lookup for vulnerabilities affecting packages.

Vulnerability_idVCID-yfjg-mawt-hkcy
SummaryThe web interface in CUPS before 1.4.2, as used on Apple Mac OS X before 10.6.2 and other platforms, does not properly handle (1) HTTP headers and (2) HTML templates, which allows remote attackers to conduct cross-site scripting (XSS) attacks and HTTP response splitting attacks via vectors related to (a) the product's web interface, (b) the configuration of the print system, and (c) the titles of printed jobs, as demonstrated by an XSS attack that uses the kerberos parameter to the admin program, and leverages attribute injection and HTTP Parameter Pollution (HPP) issues.
Aliases
0
alias CVE-2009-2820
Fixed_packages
0
url pkg:deb/debian/cups@1.4.2-1?distro=trixie
purl pkg:deb/debian/cups@1.4.2-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/cups@1.4.2-1%3Fdistro=trixie
1
url pkg:deb/debian/cups@1.4.4-7%2Bsqueeze5
purl pkg:deb/debian/cups@1.4.4-7%2Bsqueeze5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2pns-khqf-m3g3
1
vulnerability VCID-2w75-h65s-nkbc
2
vulnerability VCID-3na7-ak18-sufk
3
vulnerability VCID-3z26-qnhg-d3ex
4
vulnerability VCID-65vx-vzek-jfb5
5
vulnerability VCID-6fks-3fbm-fkaz
6
vulnerability VCID-6waw-tzdb-6fe6
7
vulnerability VCID-6zuq-hcpp-xkhz
8
vulnerability VCID-78sk-g5em-xkge
9
vulnerability VCID-7b52-a33c-7fb3
10
vulnerability VCID-89yf-5kdc-x3g1
11
vulnerability VCID-8d67-sdc6-huh8
12
vulnerability VCID-8wxp-wnz9-8kep
13
vulnerability VCID-92c6-q1su-3bgm
14
vulnerability VCID-ad9y-4z3d-gqff
15
vulnerability VCID-azay-6yce-7bf8
16
vulnerability VCID-c66p-r26a-w3b8
17
vulnerability VCID-cf1k-425s-ukgm
18
vulnerability VCID-ch13-7sdk-1ye8
19
vulnerability VCID-cqee-j8e7-dqfr
20
vulnerability VCID-d44d-x1bc-jfac
21
vulnerability VCID-dhrf-zkxe-y3e9
22
vulnerability VCID-dyt5-ajvs-vqej
23
vulnerability VCID-ggxp-3bj1-tkbk
24
vulnerability VCID-grgq-97yz-rbes
25
vulnerability VCID-hpx5-xb2x-tbg1
26
vulnerability VCID-jrqa-uy18-87ed
27
vulnerability VCID-k3ya-xc55-sbgy
28
vulnerability VCID-kf14-26wr-6fab
29
vulnerability VCID-p75b-3wga-6ybw
30
vulnerability VCID-qmja-ss59-27h9
31
vulnerability VCID-qq1w-9m75-6uc7
32
vulnerability VCID-s98d-7ca8-7ka5
33
vulnerability VCID-sn67-jhjs-a3dv
34
vulnerability VCID-sy19-kx8y-37fv
35
vulnerability VCID-tu2d-2abd-47b4
36
vulnerability VCID-ujcs-9wz2-3bg8
37
vulnerability VCID-vudj-r1dv-9kh8
38
vulnerability VCID-w73k-hnmr-tug5
39
vulnerability VCID-zn5k-hjzj-v3b6
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/cups@1.4.4-7%252Bsqueeze5
2
url pkg:deb/debian/cups@2.3.3op2-3%2Bdeb11u8?distro=trixie
purl pkg:deb/debian/cups@2.3.3op2-3%2Bdeb11u8?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-6cr7-fjxw-qbfz
1
vulnerability VCID-7qsd-uzcr-akfe
2
vulnerability VCID-9xa5-8s7g-pyfd
3
vulnerability VCID-c17v-rwj6-efey
4
vulnerability VCID-cnq9-g9af-sqgu
5
vulnerability VCID-ffxc-3xm1-kugg
6
vulnerability VCID-q5ny-vpyh-nyeq
7
vulnerability VCID-qav5-teu6-v3a5
8
vulnerability VCID-qcjb-spgs-rbdy
9
vulnerability VCID-wymn-vbbd-bygb
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/cups@2.3.3op2-3%252Bdeb11u8%3Fdistro=trixie
3
url pkg:deb/debian/cups@2.4.2-3%2Bdeb12u9?distro=trixie
purl pkg:deb/debian/cups@2.4.2-3%2Bdeb12u9?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-6cr7-fjxw-qbfz
1
vulnerability VCID-7qsd-uzcr-akfe
2
vulnerability VCID-9xa5-8s7g-pyfd
3
vulnerability VCID-c17v-rwj6-efey
4
vulnerability VCID-cnq9-g9af-sqgu
5
vulnerability VCID-ffxc-3xm1-kugg
6
vulnerability VCID-q5ny-vpyh-nyeq
7
vulnerability VCID-qav5-teu6-v3a5
8
vulnerability VCID-qcjb-spgs-rbdy
9
vulnerability VCID-wymn-vbbd-bygb
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/cups@2.4.2-3%252Bdeb12u9%3Fdistro=trixie
4
url pkg:deb/debian/cups@2.4.10-3%2Bdeb13u2?distro=trixie
purl pkg:deb/debian/cups@2.4.10-3%2Bdeb13u2?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-6cr7-fjxw-qbfz
1
vulnerability VCID-7qsd-uzcr-akfe
2
vulnerability VCID-9xa5-8s7g-pyfd
3
vulnerability VCID-c17v-rwj6-efey
4
vulnerability VCID-cnq9-g9af-sqgu
5
vulnerability VCID-ffxc-3xm1-kugg
6
vulnerability VCID-q5ny-vpyh-nyeq
7
vulnerability VCID-qav5-teu6-v3a5
8
vulnerability VCID-qcjb-spgs-rbdy
9
vulnerability VCID-wymn-vbbd-bygb
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/cups@2.4.10-3%252Bdeb13u2%3Fdistro=trixie
5
url pkg:deb/debian/cups@2.4.18-1?distro=trixie
purl pkg:deb/debian/cups@2.4.18-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/cups@2.4.18-1%3Fdistro=trixie
Affected_packages
0
url pkg:deb/debian/cups@1.3.8-1%2Blenny10
purl pkg:deb/debian/cups@1.3.8-1%2Blenny10
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2pns-khqf-m3g3
1
vulnerability VCID-2w75-h65s-nkbc
2
vulnerability VCID-3na7-ak18-sufk
3
vulnerability VCID-3z26-qnhg-d3ex
4
vulnerability VCID-65vx-vzek-jfb5
5
vulnerability VCID-6fks-3fbm-fkaz
6
vulnerability VCID-6waw-tzdb-6fe6
7
vulnerability VCID-6zuq-hcpp-xkhz
8
vulnerability VCID-73cz-jrz1-53ar
9
vulnerability VCID-78sk-g5em-xkge
10
vulnerability VCID-7b52-a33c-7fb3
11
vulnerability VCID-89yf-5kdc-x3g1
12
vulnerability VCID-8d67-sdc6-huh8
13
vulnerability VCID-8wxp-wnz9-8kep
14
vulnerability VCID-92c6-q1su-3bgm
15
vulnerability VCID-ad9y-4z3d-gqff
16
vulnerability VCID-aun7-d9wm-m3bf
17
vulnerability VCID-azay-6yce-7bf8
18
vulnerability VCID-b8zh-s3ez-zqdg
19
vulnerability VCID-bh3k-c3kh-3faa
20
vulnerability VCID-c66p-r26a-w3b8
21
vulnerability VCID-cf1k-425s-ukgm
22
vulnerability VCID-ch13-7sdk-1ye8
23
vulnerability VCID-cqee-j8e7-dqfr
24
vulnerability VCID-d44d-x1bc-jfac
25
vulnerability VCID-dhrf-zkxe-y3e9
26
vulnerability VCID-dyt5-ajvs-vqej
27
vulnerability VCID-f73f-ydyk-6yac
28
vulnerability VCID-fjrd-me3a-xbfn
29
vulnerability VCID-ggxp-3bj1-tkbk
30
vulnerability VCID-grgq-97yz-rbes
31
vulnerability VCID-h49d-ngp8-x7b2
32
vulnerability VCID-hfj6-t5x9-5yc5
33
vulnerability VCID-hpx5-xb2x-tbg1
34
vulnerability VCID-je74-qrqt-t3aq
35
vulnerability VCID-jrqa-uy18-87ed
36
vulnerability VCID-jt75-9nqm-qudj
37
vulnerability VCID-k3ya-xc55-sbgy
38
vulnerability VCID-kf14-26wr-6fab
39
vulnerability VCID-n51a-m6uc-gfak
40
vulnerability VCID-p75b-3wga-6ybw
41
vulnerability VCID-pj56-r1jz-13e3
42
vulnerability VCID-qmja-ss59-27h9
43
vulnerability VCID-qq1w-9m75-6uc7
44
vulnerability VCID-qsr2-8xaa-93fz
45
vulnerability VCID-s98d-7ca8-7ka5
46
vulnerability VCID-sn67-jhjs-a3dv
47
vulnerability VCID-sy19-kx8y-37fv
48
vulnerability VCID-tu2d-2abd-47b4
49
vulnerability VCID-ujcs-9wz2-3bg8
50
vulnerability VCID-vudj-r1dv-9kh8
51
vulnerability VCID-w73k-hnmr-tug5
52
vulnerability VCID-xya1-5tft-3qha
53
vulnerability VCID-yfjg-mawt-hkcy
54
vulnerability VCID-zn5k-hjzj-v3b6
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/cups@1.3.8-1%252Blenny10
1
url pkg:rpm/redhat/cups@1:1.3.7-11.el5_4?arch=4
purl pkg:rpm/redhat/cups@1:1.3.7-11.el5_4?arch=4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-je74-qrqt-t3aq
1
vulnerability VCID-yfjg-mawt-hkcy
resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/cups@1:1.3.7-11.el5_4%3Farch=4
References
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-2820.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-2820.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2009-2820
reference_id
reference_type
scores
0
value 0.01995
scoring_system epss
scoring_elements 0.84012
published_at 2026-06-11T12:55:00Z
1
value 0.01995
scoring_system epss
scoring_elements 0.84069
published_at 2026-06-12T12:55:00Z
2
value 0.01995
scoring_system epss
scoring_elements 0.84076
published_at 2026-06-13T12:55:00Z
3
value 0.01995
scoring_system epss
scoring_elements 0.84072
published_at 2026-06-14T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2009-2820
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2820
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2820
3
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=529833
reference_id 529833
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=529833
4
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=555666
reference_id 555666
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=555666
5
reference_url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/10001.txt
reference_id CVE-2009-2820;OSVDB-59854
reference_type exploit
scores
url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/10001.txt
6
reference_url https://www.securityfocus.com/bid/36958/info
reference_id CVE-2009-2820;OSVDB-59854
reference_type exploit
scores
url https://www.securityfocus.com/bid/36958/info
7
reference_url https://access.redhat.com/errata/RHSA-2009:1595
reference_id RHSA-2009:1595
reference_type
scores
url https://access.redhat.com/errata/RHSA-2009:1595
8
reference_url https://usn.ubuntu.com/856-1/
reference_id USN-856-1
reference_type
scores
url https://usn.ubuntu.com/856-1/
Weaknesses
0
cwe_id 79
name Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
description The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
Exploits
0
date_added 2009-11-10
description CUPS - 'kerberos' Cross-Site Scripting
required_action null
due_date null
notes null
known_ransomware_campaign_use true
source_date_published 2009-11-11
exploit_type remote
platform multiple
source_date_updated null
data_source Exploit-DB
source_url https://www.securityfocus.com/bid/36958/info
Severity_range_scorenull
Exploitability2.0
Weighted_severity0.0
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/vulnerabilities/VCID-yfjg-mawt-hkcy