Vulnerability Instance
Lookup for vulnerabilities affecting packages.
GET /api/vulnerabilities/201499?format=api
{ "url": "http://public2.vulnerablecode.io/api/vulnerabilities/201499?format=api", "vulnerability_id": "VCID-yfjg-mawt-hkcy", "summary": "The web interface in CUPS before 1.4.2, as used on Apple Mac OS X before 10.6.2 and other platforms, does not properly handle (1) HTTP headers and (2) HTML templates, which allows remote attackers to conduct cross-site scripting (XSS) attacks and HTTP response splitting attacks via vectors related to (a) the product's web interface, (b) the configuration of the print system, and (c) the titles of printed jobs, as demonstrated by an XSS attack that uses the kerberos parameter to the admin program, and leverages attribute injection and HTTP Parameter Pollution (HPP) issues.", "aliases": [ { "alias": "CVE-2009-2820" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/35992?format=api", "purl": "pkg:deb/debian/cups@1.4.2-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/cups@1.4.2-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1072660?format=api", "purl": "pkg:deb/debian/cups@1.4.4-7%2Bsqueeze5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2pns-khqf-m3g3" }, { "vulnerability": "VCID-2w75-h65s-nkbc" }, { "vulnerability": "VCID-3na7-ak18-sufk" }, { "vulnerability": "VCID-3z26-qnhg-d3ex" }, { "vulnerability": "VCID-65vx-vzek-jfb5" }, { "vulnerability": "VCID-6fks-3fbm-fkaz" }, { "vulnerability": "VCID-6waw-tzdb-6fe6" }, { "vulnerability": "VCID-6zuq-hcpp-xkhz" }, { "vulnerability": "VCID-78sk-g5em-xkge" }, { "vulnerability": "VCID-7b52-a33c-7fb3" }, { "vulnerability": "VCID-89yf-5kdc-x3g1" }, { "vulnerability": "VCID-8d67-sdc6-huh8" }, { "vulnerability": "VCID-8wxp-wnz9-8kep" }, { "vulnerability": "VCID-92c6-q1su-3bgm" }, { "vulnerability": "VCID-ad9y-4z3d-gqff" }, { "vulnerability": "VCID-azay-6yce-7bf8" }, { "vulnerability": "VCID-c66p-r26a-w3b8" }, { "vulnerability": "VCID-cf1k-425s-ukgm" }, { "vulnerability": "VCID-ch13-7sdk-1ye8" }, { "vulnerability": "VCID-cqee-j8e7-dqfr" }, { "vulnerability": "VCID-d44d-x1bc-jfac" }, { "vulnerability": "VCID-dhrf-zkxe-y3e9" }, { "vulnerability": "VCID-dyt5-ajvs-vqej" }, { "vulnerability": "VCID-ggxp-3bj1-tkbk" }, { "vulnerability": "VCID-grgq-97yz-rbes" }, { "vulnerability": "VCID-hpx5-xb2x-tbg1" }, { "vulnerability": "VCID-jrqa-uy18-87ed" }, { "vulnerability": "VCID-k3ya-xc55-sbgy" }, { "vulnerability": "VCID-kf14-26wr-6fab" }, { "vulnerability": "VCID-p75b-3wga-6ybw" }, { "vulnerability": "VCID-qmja-ss59-27h9" }, { "vulnerability": "VCID-qq1w-9m75-6uc7" }, { "vulnerability": "VCID-s98d-7ca8-7ka5" }, { "vulnerability": "VCID-sn67-jhjs-a3dv" }, { "vulnerability": "VCID-sy19-kx8y-37fv" }, { "vulnerability": "VCID-tu2d-2abd-47b4" }, { "vulnerability": "VCID-ujcs-9wz2-3bg8" }, { "vulnerability": "VCID-vudj-r1dv-9kh8" }, { "vulnerability": "VCID-w73k-hnmr-tug5" }, { "vulnerability": "VCID-zn5k-hjzj-v3b6" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/cups@1.4.4-7%252Bsqueeze5" }, { "url": "http://public2.vulnerablecode.io/api/packages/35841?format=api", "purl": "pkg:deb/debian/cups@2.3.3op2-3%2Bdeb11u8?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-6cr7-fjxw-qbfz" }, { "vulnerability": "VCID-7qsd-uzcr-akfe" }, { "vulnerability": "VCID-9xa5-8s7g-pyfd" }, { "vulnerability": "VCID-c17v-rwj6-efey" }, { "vulnerability": "VCID-cnq9-g9af-sqgu" }, { "vulnerability": "VCID-ffxc-3xm1-kugg" }, { "vulnerability": "VCID-q5ny-vpyh-nyeq" }, { "vulnerability": "VCID-qav5-teu6-v3a5" }, { "vulnerability": "VCID-qcjb-spgs-rbdy" }, { "vulnerability": "VCID-wymn-vbbd-bygb" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/cups@2.3.3op2-3%252Bdeb11u8%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/35838?format=api", "purl": "pkg:deb/debian/cups@2.4.2-3%2Bdeb12u9?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-6cr7-fjxw-qbfz" }, { "vulnerability": "VCID-7qsd-uzcr-akfe" }, { "vulnerability": "VCID-9xa5-8s7g-pyfd" }, { "vulnerability": "VCID-c17v-rwj6-efey" }, { "vulnerability": "VCID-cnq9-g9af-sqgu" }, { "vulnerability": "VCID-ffxc-3xm1-kugg" }, { "vulnerability": "VCID-q5ny-vpyh-nyeq" }, { "vulnerability": "VCID-qav5-teu6-v3a5" }, { "vulnerability": "VCID-qcjb-spgs-rbdy" }, { "vulnerability": "VCID-wymn-vbbd-bygb" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/cups@2.4.2-3%252Bdeb12u9%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/35843?format=api", "purl": "pkg:deb/debian/cups@2.4.10-3%2Bdeb13u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-6cr7-fjxw-qbfz" }, { "vulnerability": "VCID-7qsd-uzcr-akfe" }, { "vulnerability": "VCID-9xa5-8s7g-pyfd" }, { "vulnerability": "VCID-c17v-rwj6-efey" }, { "vulnerability": "VCID-cnq9-g9af-sqgu" }, { "vulnerability": "VCID-ffxc-3xm1-kugg" }, { "vulnerability": "VCID-q5ny-vpyh-nyeq" }, { "vulnerability": "VCID-qav5-teu6-v3a5" }, { "vulnerability": "VCID-qcjb-spgs-rbdy" }, { "vulnerability": "VCID-wymn-vbbd-bygb" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/cups@2.4.10-3%252Bdeb13u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/35842?format=api", "purl": "pkg:deb/debian/cups@2.4.18-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/cups@2.4.18-1%3Fdistro=trixie" } ], "affected_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1072659?format=api", "purl": "pkg:deb/debian/cups@1.3.8-1%2Blenny10", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2pns-khqf-m3g3" }, { "vulnerability": "VCID-2w75-h65s-nkbc" }, { "vulnerability": "VCID-3na7-ak18-sufk" }, { "vulnerability": "VCID-3z26-qnhg-d3ex" }, { "vulnerability": "VCID-65vx-vzek-jfb5" }, { "vulnerability": "VCID-6fks-3fbm-fkaz" }, { "vulnerability": "VCID-6waw-tzdb-6fe6" }, { "vulnerability": "VCID-6zuq-hcpp-xkhz" }, { "vulnerability": "VCID-73cz-jrz1-53ar" }, { "vulnerability": "VCID-78sk-g5em-xkge" }, { "vulnerability": "VCID-7b52-a33c-7fb3" }, { "vulnerability": "VCID-89yf-5kdc-x3g1" }, { "vulnerability": "VCID-8d67-sdc6-huh8" }, { "vulnerability": "VCID-8wxp-wnz9-8kep" }, { "vulnerability": "VCID-92c6-q1su-3bgm" }, { "vulnerability": "VCID-ad9y-4z3d-gqff" }, { "vulnerability": "VCID-aun7-d9wm-m3bf" }, { "vulnerability": "VCID-azay-6yce-7bf8" }, { "vulnerability": "VCID-b8zh-s3ez-zqdg" }, { "vulnerability": "VCID-bh3k-c3kh-3faa" }, { "vulnerability": "VCID-c66p-r26a-w3b8" }, { "vulnerability": "VCID-cf1k-425s-ukgm" }, { "vulnerability": "VCID-ch13-7sdk-1ye8" }, { "vulnerability": "VCID-cqee-j8e7-dqfr" }, { "vulnerability": "VCID-d44d-x1bc-jfac" }, { "vulnerability": "VCID-dhrf-zkxe-y3e9" }, { "vulnerability": "VCID-dyt5-ajvs-vqej" }, { "vulnerability": "VCID-f73f-ydyk-6yac" }, { "vulnerability": "VCID-fjrd-me3a-xbfn" }, { "vulnerability": "VCID-ggxp-3bj1-tkbk" }, { "vulnerability": "VCID-grgq-97yz-rbes" }, { "vulnerability": "VCID-h49d-ngp8-x7b2" }, { "vulnerability": "VCID-hfj6-t5x9-5yc5" }, { "vulnerability": "VCID-hpx5-xb2x-tbg1" }, { "vulnerability": "VCID-je74-qrqt-t3aq" }, { "vulnerability": "VCID-jrqa-uy18-87ed" }, { "vulnerability": "VCID-jt75-9nqm-qudj" }, { "vulnerability": "VCID-k3ya-xc55-sbgy" }, { "vulnerability": "VCID-kf14-26wr-6fab" }, { "vulnerability": "VCID-n51a-m6uc-gfak" }, { "vulnerability": "VCID-p75b-3wga-6ybw" }, { "vulnerability": "VCID-pj56-r1jz-13e3" }, { "vulnerability": "VCID-qmja-ss59-27h9" }, { "vulnerability": "VCID-qq1w-9m75-6uc7" }, { "vulnerability": "VCID-qsr2-8xaa-93fz" }, { "vulnerability": "VCID-s98d-7ca8-7ka5" }, { "vulnerability": "VCID-sn67-jhjs-a3dv" }, { "vulnerability": "VCID-sy19-kx8y-37fv" }, { "vulnerability": "VCID-tu2d-2abd-47b4" }, { "vulnerability": "VCID-ujcs-9wz2-3bg8" }, { "vulnerability": "VCID-vudj-r1dv-9kh8" }, { "vulnerability": "VCID-w73k-hnmr-tug5" }, { "vulnerability": "VCID-xya1-5tft-3qha" }, { "vulnerability": "VCID-yfjg-mawt-hkcy" }, { "vulnerability": "VCID-zn5k-hjzj-v3b6" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/cups@1.3.8-1%252Blenny10" }, { "url": "http://public2.vulnerablecode.io/api/packages/368955?format=api", "purl": "pkg:rpm/redhat/cups@1:1.3.7-11.el5_4?arch=4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-je74-qrqt-t3aq" }, { "vulnerability": "VCID-yfjg-mawt-hkcy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/cups@1:1.3.7-11.el5_4%3Farch=4" } ], "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-2820.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-2820.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2009-2820", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01995", "scoring_system": "epss", "scoring_elements": "0.84012", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.01995", "scoring_system": "epss", "scoring_elements": "0.84069", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.01995", "scoring_system": "epss", "scoring_elements": "0.84076", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.01995", "scoring_system": "epss", "scoring_elements": "0.84072", "published_at": "2026-06-14T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2009-2820" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2820", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2820" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=529833", "reference_id": "529833", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=529833" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=555666", "reference_id": "555666", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=555666" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/10001.txt", "reference_id": "CVE-2009-2820;OSVDB-59854", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/10001.txt" }, { "reference_url": "https://www.securityfocus.com/bid/36958/info", "reference_id": "CVE-2009-2820;OSVDB-59854", "reference_type": "exploit", "scores": [], "url": "https://www.securityfocus.com/bid/36958/info" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:1595", "reference_id": "RHSA-2009:1595", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:1595" }, { "reference_url": "https://usn.ubuntu.com/856-1/", "reference_id": "USN-856-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/856-1/" } ], "weaknesses": [ { "cwe_id": 79, "name": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", "description": "The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users." } ], "exploits": [ { "date_added": "2009-11-10", "description": "CUPS - 'kerberos' Cross-Site Scripting", "required_action": null, "due_date": null, "notes": null, "known_ransomware_campaign_use": true, "source_date_published": "2009-11-11", "exploit_type": "remote", "platform": "multiple", "source_date_updated": null, "data_source": "Exploit-DB", "source_url": "https://www.securityfocus.com/bid/36958/info" } ], "severity_range_score": null, "exploitability": "2.0", "weighted_severity": "0.0", "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-yfjg-mawt-hkcy" }