Lucene search

[email protected]NVD:CVE-2010-1748

HistoryJun 17, 2010 - 4:30 p.m.

CVE-2010-1748

2010-06-1716:30:01

CWE-119

[email protected]

web.nvd.nist.gov

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

AI Score

7.6

Confidence

High

EPSS

0.013

Percentile

85.7%

JSON

The cgi_initialize_string function in cgi-bin/var.c in the web interface in CUPS before 1.4.4, as used on Apple Mac OS X 10.5.8, Mac OS X 10.6 before 10.6.4, and other platforms, does not properly handle parameter values containing a % (percent) character without two subsequent hex characters, which allows context-dependent attackers to obtain sensitive information from cupsd process memory via a crafted request, as demonstrated by the (1) /admin?OP=redirect&URL=% and (2) /admin?URL=/admin/&OP=% URIs.

Affected configurations

Nvd

Node

applecupsRange≤1.4.3

applecupsMatch1.1

applecupsMatch1.1.1

applecupsMatch1.1.2

applecupsMatch1.1.3

applecupsMatch1.1.4

applecupsMatch1.1.5

applecupsMatch1.1.5-1

applecupsMatch1.1.5-2

applecupsMatch1.1.6

applecupsMatch1.1.6-1

applecupsMatch1.1.6-2

applecupsMatch1.1.6-3

applecupsMatch1.1.7

applecupsMatch1.1.8

applecupsMatch1.1.9

applecupsMatch1.1.9-1

applecupsMatch1.1.10

applecupsMatch1.1.10-1

applecupsMatch1.1.11

applecupsMatch1.1.12

applecupsMatch1.1.13

applecupsMatch1.1.14

applecupsMatch1.1.15

applecupsMatch1.1.16

applecupsMatch1.1.17

applecupsMatch1.1.18

applecupsMatch1.1.19

applecupsMatch1.1.19rc1

applecupsMatch1.1.19rc2

applecupsMatch1.1.19rc3

applecupsMatch1.1.19rc4

applecupsMatch1.1.19rc5

applecupsMatch1.1.20

applecupsMatch1.1.20rc1

applecupsMatch1.1.20rc2

applecupsMatch1.1.20rc3

applecupsMatch1.1.20rc4

applecupsMatch1.1.20rc5

applecupsMatch1.1.20rc6

applecupsMatch1.1.21

applecupsMatch1.1.21rc1

applecupsMatch1.1.21rc2

applecupsMatch1.1.22

applecupsMatch1.1.22rc1

applecupsMatch1.1.22rc2

applecupsMatch1.1.23

applecupsMatch1.1.23rc1

applecupsMatch1.2b1

applecupsMatch1.2b2

applecupsMatch1.2rc1

applecupsMatch1.2rc2

applecupsMatch1.2rc3

applecupsMatch1.2.0

applecupsMatch1.2.1

applecupsMatch1.2.2

applecupsMatch1.2.3

applecupsMatch1.2.4

applecupsMatch1.2.5

applecupsMatch1.2.6

applecupsMatch1.2.7

applecupsMatch1.2.8

applecupsMatch1.2.9

applecupsMatch1.2.10

applecupsMatch1.2.11

applecupsMatch1.2.12

applecupsMatch1.3b1

applecupsMatch1.3rc1

applecupsMatch1.3rc2

applecupsMatch1.3.0

applecupsMatch1.3.1

applecupsMatch1.3.2

applecupsMatch1.3.3

applecupsMatch1.3.4

applecupsMatch1.3.5

applecupsMatch1.3.6

applecupsMatch1.3.7

applecupsMatch1.3.8

applecupsMatch1.3.9

applecupsMatch1.3.10

applecupsMatch1.3.11

applecupsMatch1.4.0

applecupsMatch1.4.1

applecupsMatch1.4.2

AND

applemac_os_xMatch10.5.8

applemac_os_xMatch10.6.0

applemac_os_xMatch10.6.1

applemac_os_xMatch10.6.2

applemac_os_xMatch10.6.3

applemac_os_x_serverMatch10.5.8

applemac_os_x_serverMatch10.6.0

applemac_os_x_serverMatch10.6.1

applemac_os_x_serverMatch10.6.2

applemac_os_x_serverMatch10.6.3

VendorProductVersionCPE
applecups*cpe:2.3:a:apple:cups:*:*:*:*:*:*:*:*
applecups1.1cpe:2.3:a:apple:cups:1.1:*:*:*:*:*:*:*
applecups1.1.1cpe:2.3:a:apple:cups:1.1.1:*:*:*:*:*:*:*
applecups1.1.2cpe:2.3:a:apple:cups:1.1.2:*:*:*:*:*:*:*
applecups1.1.3cpe:2.3:a:apple:cups:1.1.3:*:*:*:*:*:*:*
applecups1.1.4cpe:2.3:a:apple:cups:1.1.4:*:*:*:*:*:*:*
applecups1.1.5cpe:2.3:a:apple:cups:1.1.5:*:*:*:*:*:*:*
applecups1.1.5-1cpe:2.3:a:apple:cups:1.1.5-1:*:*:*:*:*:*:*
applecups1.1.5-2cpe:2.3:a:apple:cups:1.1.5-2:*:*:*:*:*:*:*
applecups1.1.6cpe:2.3:a:apple:cups:1.1.6:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
apple	cups	*	cpe:2.3:a:apple:cups::::::::
apple	cups	1.1	cpe:2.3:a:apple:cups:1.1:::::::*
apple	cups	1.1.1	cpe:2.3:a:apple:cups:1.1.1:::::::*
apple	cups	1.1.2	cpe:2.3:a:apple:cups:1.1.2:::::::*
apple	cups	1.1.3	cpe:2.3:a:apple:cups:1.1.3:::::::*
apple	cups	1.1.4	cpe:2.3:a:apple:cups:1.1.4:::::::*
apple	cups	1.1.5	cpe:2.3:a:apple:cups:1.1.5:::::::*
apple	cups	1.1.5-1	cpe:2.3:a:apple:cups:1.1.5-1:::::::*
apple	cups	1.1.5-2	cpe:2.3:a:apple:cups:1.1.5-2:::::::*
apple	cups	1.1.6	cpe:2.3:a:apple:cups:1.1.6:::::::*