CVE-2010-1748

2010-06-1700:00:00

ubuntu.com

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

0.015 Low

EPSS

Percentile

86.6%

JSON

The cgi_initialize_string function in cgi-bin/var.c in the web interface in
CUPS before 1.4.4, as used on Apple Mac OS X 10.5.8, Mac OS X 10.6 before
10.6.4, and other platforms, does not properly handle parameter values
containing a % (percent) character without two subsequent hex characters,
which allows context-dependent attackers to obtain sensitive information
from cupsd process memory via a crafted request, as demonstrated by the (1)
/admin?OP=redirect&URL=% and (2) /admin?URL=/admin/&OP=% URIs.

OSVersionArchitecturePackageVersionFilename
ubuntu9.04noarchcups< 1.3.9-17ubuntu3.9UNKNOWN
ubuntu9.10noarchcups< 1.4.1-5ubuntu2.6UNKNOWN
ubuntu10.04noarchcups< 1.4.3-1ubuntu1.2UNKNOWN
ubuntu6.06noarchcupsys< 1.2.2-0ubuntu0.6.06.19UNKNOWN
ubuntu8.04noarchcupsys< 1.3.7-1ubuntu3.11UNKNOWN

OS	Version	Architecture	Package	Version	Filename
ubuntu	9.04	noarch	cups	< 1.3.9-17ubuntu3.9	UNKNOWN
ubuntu	9.10	noarch	cups	< 1.4.1-5ubuntu2.6	UNKNOWN
ubuntu	10.04	noarch	cups	< 1.4.3-1ubuntu1.2	UNKNOWN
ubuntu	6.06	noarch	cupsys	< 1.2.2-0ubuntu0.6.06.19	UNKNOWN
ubuntu	8.04	noarch	cupsys	< 1.3.7-1ubuntu3.11	UNKNOWN