CUPS Information Disclosure Vulnerability Network Vulnerability

Summary

The host is running CUPS and is prone to Information disclosure vulnerability.

Impact

Successful exploitation will allow attackers to obtain sensitive information from cupsd process memory via a crafted request. Impact Level: Application

Solution

Upgrade to CUPS version 1.4.4 or later, For updates refer to http://www.cups.org/software.php

Insight

This flaw is due to an error in 'cgi_initialize_string' function in 'cgi-bin/var.c' which mishandles input parameters containing the '%' character.

Affected

CUPS version 1.4.3 and prior.

References

http://cups.org/articles.php?L596
http://cups.org/str.php?L3577
http://secunia.com/advisories/40220

Updated on 2015-03-25

Severity

Classification

CVE CVE-2010-1748

CVSS	Base Score: 4.3 AV:N/AC:M/Au:N/C:P/I:N/A:N

Related Vulnerabilities

JBoss Enterprise Application Platform Multiple Vulnerabilities
Ecava IntegraXor Multiple Cross-Site Scripting Vulnerabilities (Windows)
IBM WebSphere Application Server WS-Security XML Encryption Weakness Vulnerability
Home Web Server Graphical User Interface Remote Denial Of Service Vulnerability
bozotic HTTP server Denial of Service Vulnerability

Take action and discover your vulnerabilities