CUPS Information Disclosure Vulnerability Network Vulnerability

Summary

The host is running CUPS and is prone to Information disclosure vulnerability.

Impact

Successful exploitation will allow attackers to obtain sensitive information from cupsd process memory via a crafted request. Impact Level: Application

Solution

Upgrade to CUPS version 1.4.4 or later, For updates refer to http://www.cups.org/software.php

Insight

This flaw is due to an error in 'cgi_initialize_string' function in 'cgi-bin/var.c' which mishandles input parameters containing the '%' character.

Affected

CUPS version 1.4.3 and prior.

References

http://cups.org/articles.php?L596
http://cups.org/str.php?L3577
http://secunia.com/advisories/40220

Updated on 2015-03-25

Severity

Classification

CVE CVE-2010-1748
CVSS Base Score: 4.3
AV:N/AC:M/Au:N/C:P/I:N/A:N

Related Vulnerabilities

CUPS Information Disclosure Vulnerability
IBM WebSphere Application Server (WAS) Multiple Vulnerabilities 01 - March 2011
Apache Tomcat Multiple Vulnerabilities January 2010
CERN HTTPD access control bypass
Check for IIS .cnf file leakage

Take action and discover your vulnerabilities