Vulnerability Name:

CVE-2003-0195 (CCN-12080)

Assigned:2003-05-27
Published:2003-05-27
Updated:2017-10-11
Summary:CUPS before 1.1.19 allows remote attackers to cause a denial of service via a partial printing request to the IPP port (631), which does not time out.
CVSS v3 Severity:5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Low
CVSS v2 Severity:5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Partial
5.0 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Partial
Vulnerability Type:CWE-Other
Vulnerability Consequences:Denial of Service
References:Source: MITRE
Type: CNA
CVE-2003-0195

Source: CONECTIVA
Type: UNKNOWN
CLSA-2003:678

Source: CCN
Type: Conectiva Linux Security Announcement CLSA-2003:702
cups

Source: BUGTRAQ
Type: UNKNOWN
20030529 [slackware-security] CUPS DoS vulnerability fixed (SSA:2003-149-01)

Source: CCN
Type: RHSA-2003-171
Updated CUPS packages fix denial of service attack

Source: DEBIAN
Type: Patch, Vendor Advisory
DSA-317

Source: DEBIAN
Type: DSA-317
cupsys -- denial of service

Source: CCN
Type: Gentoo Linux Security Announcement 200306-09
cups

Source: MANDRAKE
Type: UNKNOWN
MDKSA-2003:062

Source: SUSE
Type: UNKNOWN
SuSE-SA:2003:028

Source: CCN
Type: OSVDB ID: 4780
CUPS Partial IPP Request DoS

Source: REDHAT
Type: Exploit, Patch, Vendor Advisory
RHSA-2003:171

Source: BID
Type: UNKNOWN
7637

Source: CCN
Type: BID-7637
CUPS Cupsd Request Method Denial Of Service Vulnerability

Source: CCN
Type: slackware-security Mailing List, Thu May 29 00:52:54 PDT 2003
[slackware-security] CUPS DoS vulnerability fixed (SSA:2003-149-01)

Source: CCN
Type: TLSA-2003-33
cupsd denial of service attack

Source: TURBO
Type: UNKNOWN
TLSA-2003-33

Source: XF
Type: UNKNOWN
cups-ipp-partial-dos(12080)

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:6

Source: SUSE
Type: SUSE-SA:2003:028
cups: remote Denial of Service

Vulnerable Configuration:Configuration 1:
  • cpe:/o:slackware:slackware_linux:8.1:*:*:*:*:*:*:*
  • OR cpe:/o:slackware:slackware_linux:9.0:*:*:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/a:easy_software_products:cups:*:*:*:*:*:*:*:*
  • AND
  • cpe:/o:debian:debian_linux:2.2:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:linux:7:*:*:*:*:*:*:*
  • OR cpe:/o:conectiva:linux:6.0:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:linux:7.1:*:*:*:*:*:*:*
  • OR cpe:/o:suse:suse_linux:7.2:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:linux:7.2:*:*:*:*:*:*:*
  • OR cpe:/o:suse:suse_linux:7.3:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:8.2:*:*:*:*:*:*:*
  • OR cpe:/o:suse:suse_linux:8.0:*:*:*:*:*:*:*
  • OR cpe:/o:conectiva:linux:8.0:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:linux:7.3:*:*:*:*:*:*:*
  • OR cpe:/o:debian:debian_linux:3.0:*:*:*:*:*:*:*
  • OR cpe:/o:slackware:slackware_linux:8.1:*:*:*:*:*:*:*
  • OR cpe:/o:gentoo:linux:*:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:linux:8.0:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:9.0:*:*:*:*:*:*:*
  • OR cpe:/o:suse:suse_linux:8.1:*:*:*:*:*:*:*
  • OR cpe:/o:suse:linux_enterprise_server:8:*:*:*:*:*:*:*
  • OR cpe:/a:mandrakesoft:mandrake_multi_network_firewall:8.2:*:*:*:*:*:*:*
  • OR cpe:/o:slackware:slackware_linux:current:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:2.1:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:9.1:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:linux:9.0:*:*:*:*:*:*:*
  • OR cpe:/o:slackware:slackware_linux:9.0:*:*:*:*:*:*:*
  • OR cpe:/o:suse:suse_linux:8.2:*:*:*:*:*:*:*
  • OR cpe:/o:conectiva:linux:9.0:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:8.2::ppc:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:9.1::ppc:*:*:*:*:*

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.opensuse.security:def:20030195
    V
    		CVE-2003-0195
    2015-11-16
    oval:org.mitre.oval:def:6
    V
    		Common Unix Printing System Partial Print DOS
    2010-09-20
    oval:org.debian:def:317
    V
    		denial of service
    2003-06-11
    BACK
    slackware slackware linux 8.1
    slackware slackware linux 9.0
    easy_software_products cups *
    debian debian linux 2.2
    redhat linux 7
    conectiva linux 6.0
    redhat linux 7.1
    suse suse linux 7.2
    redhat linux 7.2
    suse suse linux 7.3
    mandrakesoft mandrake linux 8.2
    suse suse linux 8.0
    conectiva linux 8.0
    redhat linux 7.3
    debian debian linux 3.0
    slackware slackware linux 8.1
    gentoo linux *
    redhat linux 8.0
    mandrakesoft mandrake linux 9.0
    suse suse linux 8.1
    suse linux enterprise server 8
    mandrakesoft mandrake multi network firewall 8.2
    slackware slackware linux current
    mandrakesoft mandrake linux corporate server 2.1
    mandrakesoft mandrake linux 9.1
    redhat linux 9.0
    slackware slackware linux 9.0
    suse suse linux 8.2
    conectiva linux 9.0
    mandrakesoft mandrake linux 8.2
    mandrakesoft mandrake linux 9.1