CUPS Information Disclosure Vulnerability Network Vulnerability

Summary

The host is running CUPS and is prone to Information disclosure vulnerability.

Impact

Successful exploitation will allow attackers to obtain sensitive information from cupsd process memory via a crafted request. Impact Level: Application

Solution

Upgrade to CUPS version 1.4.4 or later, For updates refer to http://www.cups.org/software.php

Insight

This flaw is due to an error in 'cgi_initialize_string' function in 'cgi-bin/var.c' which mishandles input parameters containing the '%' character.

Affected

CUPS version 1.4.3 and prior.

References

http://cups.org/articles.php?L596
http://cups.org/str.php?L3577
http://secunia.com/advisories/40220

Updated on 2015-03-25

Severity

Classification

CVE CVE-2010-1748
CVSS Base Score: 4.3
AV:N/AC:M/Au:N/C:P/I:N/A:N

Related Vulnerabilities

Check for IIS .cnf file leakage
Cherokee Terminal Escape Sequence in Logs Command Injection Vulnerability
CA ARCserver D2D GWT RPC Request Multiple Vulnerabilities
Acme thttpd and mini_httpd Terminal Escape Sequence in Logs Command Injection Vulnerability
Lil' HTTP Server Cross Site Scripting Vulnerability

Take action and discover your vulnerabilities