[cups-devel] [UNKN] STR #4492: web user interface -- potentially vulnerable to Clickjacking

Andrej Antonov noreply at cups.org
Thu Oct 2 08:07:54 PDT 2014


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

DO NOT REPLY TO THIS MESSAGE.  INSTEAD, POST ANY RESPONSES TO THE LINK BELOW.

[STR New]

good day!

this problem:

web user interface -- potentially vulnerable to Clickjacking (
http://i1.minus.com/ibce5VW8VV5oX0.png )

(I used CUPS version 1.7.5)

it will be very very nice, if in HTTP-Headers (on all web-pages of web-ui
http://127.0.0.1:631/ ) will be added next two lines:


X-Frame-Options: DENY
Content-Security-Policy: frame-options 'deny'


thanks in advance!

P.S.: sorry for my bad english

Link: https://www.cups.org/str.php?L4492
Version: -feature
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.14 (GNU/Linux)
Comment: GPGTools - https://gpgtools.org

iQIcBAEBCgAGBQJULWpKAAoJENujp6sI12IjHugP/jX7GV/pNmAj0sE5dcaAXEUa
zc1w7mpBAbDUEZgxHDSoml4sRD1Ivmf+w/CcEwzNdIyqLnPUb7MkmuUugnMhOJ36
5l/ZlPGZXmQZxnSGVJ6VP0nio9dGXJsBlzU2m14Pi75zzNlxhY/UdfCjTNtnjk04
klMiO2VT/qvt2mFzMEW9XmKDGZuIBoJNPIitxUh4De/AonM/SPd36kSqHLSC8oYn
7gyBhHjk3WYMNZYdcfsCpw0deWNgmVR4VLWwZzMq2BR9rjtY38XxCgJF0aYX4cAa
mqjDX7RJdIELIls5yT5ZUYPflQLC1d6ZjmeVhRdAgKThLG/n7xrihBQjzQdmAyPF
GKSzbdcE0TppsQiQNxvWmdfpcP/dGSWt9Cqg0VrYwXW6jX9kibB6lpGiFbAdIgvf
6H58Lrtvzhf04CrhshRrL8qPd270Pc/IsF6WTMMzeYcJvXGtDVDW4bZXDtn6pqoH
jH59jRz3ls0zPZ/9OedhqXlyKgGjOZFLCMzm7mrlMN/UC6SYmoWUInYCdW406tAf
cFMUnCNLF+7j70AQqFPSqnG81yEVl3DevDHGJxLJn1mK4oFi8cQTG0bKSy8c1Jrq
P09aXLxb9D3dcn5CGKnvY7mkdg5poqyZuDgnxk6fG15yz5xeFdHRSJHHshy0a/GH
eCgUJ1lR1pMVbZVAqQPn
=0cAG
-----END PGP SIGNATURE-----




More information about the cups-devel mailing list