>> CUPS Connection Handling Incomplete SSL Negotiation Denial of Service Vulnerability
Title : CUPS Connection Handling Incomplete SSL Negotiation Denial of Service Vulnerability VUPEN ID : VUPEN/ADV-2007-0949 CVE ID : CVE-2007-0720
Rated as : Low Risk
Remotely Exploitable : Yes Locally Exploitable : Yes Release Date : 2007-03-15
Technical Description
A vulnerability has been identified in CUPS, which could be exploited by attackers to cause a denial of service. This issue is due to a design error where the application does not use separate workers for connections during SSL negotiation, which could be exploited by attackers to prevent other requests from being accepted until the active connection is closed, creating a denial of service condition.
