[cups-devel] [UNKN] STR #4492: web user interface -- potentially vulnerable to Clickjacking
Andrej Antonov
noreply at cups.org
Thu Oct 2 08:07:54 PDT 2014
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
DO NOT REPLY TO THIS MESSAGE. INSTEAD, POST ANY RESPONSES TO THE LINK BELOW.
[STR New]
good day!
this problem:
web user interface -- potentially vulnerable to Clickjacking (
http://i1.minus.com/ibce5VW8VV5oX0.png )
(I used CUPS version 1.7.5)
it will be very very nice, if in HTTP-Headers (on all web-pages of web-ui
http://127.0.0.1:631/ ) will be added next two lines:
X-Frame-Options: DENY
Content-Security-Policy: frame-options 'deny'
thanks in advance!
P.S.: sorry for my bad english
Link: https://www.cups.org/str.php?L4492
Version: -feature
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.14 (GNU/Linux)
Comment: GPGTools - https://gpgtools.org
iQIcBAEBCgAGBQJULWpKAAoJENujp6sI12IjHugP/jX7GV/pNmAj0sE5dcaAXEUa
zc1w7mpBAbDUEZgxHDSoml4sRD1Ivmf+w/CcEwzNdIyqLnPUb7MkmuUugnMhOJ36
5l/ZlPGZXmQZxnSGVJ6VP0nio9dGXJsBlzU2m14Pi75zzNlxhY/UdfCjTNtnjk04
klMiO2VT/qvt2mFzMEW9XmKDGZuIBoJNPIitxUh4De/AonM/SPd36kSqHLSC8oYn
7gyBhHjk3WYMNZYdcfsCpw0deWNgmVR4VLWwZzMq2BR9rjtY38XxCgJF0aYX4cAa
mqjDX7RJdIELIls5yT5ZUYPflQLC1d6ZjmeVhRdAgKThLG/n7xrihBQjzQdmAyPF
GKSzbdcE0TppsQiQNxvWmdfpcP/dGSWt9Cqg0VrYwXW6jX9kibB6lpGiFbAdIgvf
6H58Lrtvzhf04CrhshRrL8qPd270Pc/IsF6WTMMzeYcJvXGtDVDW4bZXDtn6pqoH
jH59jRz3ls0zPZ/9OedhqXlyKgGjOZFLCMzm7mrlMN/UC6SYmoWUInYCdW406tAf
cFMUnCNLF+7j70AQqFPSqnG81yEVl3DevDHGJxLJn1mK4oFi8cQTG0bKSy8c1Jrq
P09aXLxb9D3dcn5CGKnvY7mkdg5poqyZuDgnxk6fG15yz5xeFdHRSJHHshy0a/GH
eCgUJ1lR1pMVbZVAqQPn
=0cAG
-----END PGP SIGNATURE-----
More information about the cups-devel
mailing list