CUPS project Security,
Has anyone reported the below issue and provided a solution to resolve. I did the internet research and I can’t find anything, you guys are my last hope.
I am NOT a programmer. The best I can do is upgrade CUPS to the latest version.
Thanks for your help!
This issue was highlighted by our network vulnerability scanner. Problem Management(PM) ticket PM60976.
“Web servers that respond to the OPTIONS HTTP method expose what other methods are supported by the web server, allowing attackers to narrow and intensify their efforts.”
The method I used to test this was telnet. This is the response I get from running the telnet command.
HTTP/1.0 200 OK
Date: Wed, 06 Mar 2019 14:22:42 GMT
Server: CUPS/1.6 IPP/2.1
Content-Language: en_US
Allow: GET, HEAD, OPTIONS, POST, PUT
Content-Length: 0
I found many solutions to disable “OPTIONS” for Apache, Apache Tomcat & IIS but nothing for CUPS.
I reviewed the cupsd.conf and didn’t see any options.
Jim
CUPS project Security,
Has anyone reported the below issue and provided a solution to resolve. I did the internet research and I can’t find anything, you guys are my last hope.
I am NOT a programmer. The best I can do is upgrade CUPS to the latest version.
Thanks for your help!
This issue was highlighted by our network vulnerability scanner. Problem Management(PM) ticket PM60976.
“Web servers that respond to the OPTIONS HTTP method expose what other methods are supported by the web server, allowing attackers to narrow and intensify their efforts.”
The method I used to test this was telnet. This is the response I get from running the telnet command.
HTTP/1.0 200 OK
Date: Wed, 06 Mar 2019 14:22:42 GMT
Server: CUPS/1.6 IPP/2.1
Content-Language: en_US
Allow: GET, HEAD, OPTIONS, POST, PUT
Content-Length: 0
I found many solutions to disable “OPTIONS” for Apache, Apache Tomcat & IIS but nothing for CUPS.
I reviewed the cupsd.conf and didn’t see any options.
Jim