CUPS Information Disclosure Vulnerability Network Vulnerability

Summary

The host is running CUPS and is prone to Information disclosure vulnerability.

Impact

Successful exploitation will allow attackers to obtain sensitive information from cupsd process memory via a crafted request. Impact Level: Application

Solution

Upgrade to CUPS version 1.4.4 or later, For updates refer to http://www.cups.org/software.php

Insight

This flaw is due to an error in 'cgi_initialize_string' function in 'cgi-bin/var.c' which mishandles input parameters containing the '%' character.

Affected

CUPS version 1.4.3 and prior.

References

http://cups.org/articles.php?L596
http://cups.org/str.php?L3577
http://secunia.com/advisories/40220

Updated on 2015-03-25

Severity

Classification

CVE CVE-2010-1748

CVSS	Base Score: 4.3 AV:N/AC:M/Au:N/C:P/I:N/A:N

Related Vulnerabilities

Apache Tomcat 'sort' and 'orderBy' Parameters Cross Site Scripting Vulnerabilities
IBM WebSphere Application Server (WAS) Multiple Vulnerabilities 02 - March 2011
bozotic HTTP server Information Disclosure Vulnerability
Cherokee URI Directory Traversal Vulnerability and Information Disclosure Vulnerability
Check for dangerous IIS default files

Take action and discover your vulnerabilities