Search for vulnerabilities
Vulnerability details: VCID-rpu2-z2n7-aaac
Vulnerability ID VCID-rpu2-z2n7-aaac
Aliases CVE-2010-1748
Summary The cgi_initialize_string function in cgi-bin/var.c in the web interface in CUPS before 1.4.4, as used on Apple Mac OS X 10.5.8, Mac OS X 10.6 before 10.6.4, and other platforms, does not properly handle parameter values containing a % (percent) character without two subsequent hex characters, which allows context-dependent attackers to obtain sensitive information from cupsd process memory via a crafted request, as demonstrated by the (1) /admin?OP=redirect&URL=% and (2) /admin?URL=/admin/&OP=% URIs.
Status Published
Exploitability 2.0
Weighted Severity 8.0
Risk 10.0
Affected and Fixed Packages Package Details
Weaknesses (1)
CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
System Score Found at
rhas Important https://access.redhat.com/errata/RHSA-2010:0490
epss 0.01264 https://api.first.org/data/v1/epss?cve=CVE-2010-1748
epss 0.01264 https://api.first.org/data/v1/epss?cve=CVE-2010-1748
epss 0.01264 https://api.first.org/data/v1/epss?cve=CVE-2010-1748
epss 0.01264 https://api.first.org/data/v1/epss?cve=CVE-2010-1748
epss 0.01264 https://api.first.org/data/v1/epss?cve=CVE-2010-1748
epss 0.01264 https://api.first.org/data/v1/epss?cve=CVE-2010-1748
epss 0.01264 https://api.first.org/data/v1/epss?cve=CVE-2010-1748
epss 0.01264 https://api.first.org/data/v1/epss?cve=CVE-2010-1748
epss 0.01264 https://api.first.org/data/v1/epss?cve=CVE-2010-1748
epss 0.01264 https://api.first.org/data/v1/epss?cve=CVE-2010-1748
epss 0.01264 https://api.first.org/data/v1/epss?cve=CVE-2010-1748
epss 0.01271 https://api.first.org/data/v1/epss?cve=CVE-2010-1748
epss 0.01271 https://api.first.org/data/v1/epss?cve=CVE-2010-1748
epss 0.01271 https://api.first.org/data/v1/epss?cve=CVE-2010-1748
epss 0.01271 https://api.first.org/data/v1/epss?cve=CVE-2010-1748
epss 0.13402 https://api.first.org/data/v1/epss?cve=CVE-2010-1748
epss 0.13402 https://api.first.org/data/v1/epss?cve=CVE-2010-1748
epss 0.13402 https://api.first.org/data/v1/epss?cve=CVE-2010-1748
epss 0.13402 https://api.first.org/data/v1/epss?cve=CVE-2010-1748
epss 0.13402 https://api.first.org/data/v1/epss?cve=CVE-2010-1748
epss 0.13402 https://api.first.org/data/v1/epss?cve=CVE-2010-1748
epss 0.13402 https://api.first.org/data/v1/epss?cve=CVE-2010-1748
epss 0.13402 https://api.first.org/data/v1/epss?cve=CVE-2010-1748
epss 0.13402 https://api.first.org/data/v1/epss?cve=CVE-2010-1748
epss 0.13402 https://api.first.org/data/v1/epss?cve=CVE-2010-1748
epss 0.13402 https://api.first.org/data/v1/epss?cve=CVE-2010-1748
epss 0.13402 https://api.first.org/data/v1/epss?cve=CVE-2010-1748
epss 0.13402 https://api.first.org/data/v1/epss?cve=CVE-2010-1748
epss 0.13402 https://api.first.org/data/v1/epss?cve=CVE-2010-1748
epss 0.13402 https://api.first.org/data/v1/epss?cve=CVE-2010-1748
epss 0.13402 https://api.first.org/data/v1/epss?cve=CVE-2010-1748
epss 0.13402 https://api.first.org/data/v1/epss?cve=CVE-2010-1748
epss 0.13402 https://api.first.org/data/v1/epss?cve=CVE-2010-1748
epss 0.13402 https://api.first.org/data/v1/epss?cve=CVE-2010-1748
epss 0.13402 https://api.first.org/data/v1/epss?cve=CVE-2010-1748
epss 0.13402 https://api.first.org/data/v1/epss?cve=CVE-2010-1748
epss 0.13402 https://api.first.org/data/v1/epss?cve=CVE-2010-1748
epss 0.13402 https://api.first.org/data/v1/epss?cve=CVE-2010-1748
epss 0.13402 https://api.first.org/data/v1/epss?cve=CVE-2010-1748
epss 0.13402 https://api.first.org/data/v1/epss?cve=CVE-2010-1748
epss 0.13402 https://api.first.org/data/v1/epss?cve=CVE-2010-1748
epss 0.13402 https://api.first.org/data/v1/epss?cve=CVE-2010-1748
epss 0.13402 https://api.first.org/data/v1/epss?cve=CVE-2010-1748
epss 0.13402 https://api.first.org/data/v1/epss?cve=CVE-2010-1748
epss 0.13402 https://api.first.org/data/v1/epss?cve=CVE-2010-1748
epss 0.13402 https://api.first.org/data/v1/epss?cve=CVE-2010-1748
epss 0.13402 https://api.first.org/data/v1/epss?cve=CVE-2010-1748
epss 0.13402 https://api.first.org/data/v1/epss?cve=CVE-2010-1748
epss 0.13402 https://api.first.org/data/v1/epss?cve=CVE-2010-1748
epss 0.13402 https://api.first.org/data/v1/epss?cve=CVE-2010-1748
epss 0.13402 https://api.first.org/data/v1/epss?cve=CVE-2010-1748
epss 0.13402 https://api.first.org/data/v1/epss?cve=CVE-2010-1748
epss 0.13402 https://api.first.org/data/v1/epss?cve=CVE-2010-1748
epss 0.13402 https://api.first.org/data/v1/epss?cve=CVE-2010-1748
epss 0.13402 https://api.first.org/data/v1/epss?cve=CVE-2010-1748
epss 0.13402 https://api.first.org/data/v1/epss?cve=CVE-2010-1748
epss 0.13402 https://api.first.org/data/v1/epss?cve=CVE-2010-1748
epss 0.13402 https://api.first.org/data/v1/epss?cve=CVE-2010-1748
epss 0.13402 https://api.first.org/data/v1/epss?cve=CVE-2010-1748
epss 0.13402 https://api.first.org/data/v1/epss?cve=CVE-2010-1748
epss 0.13402 https://api.first.org/data/v1/epss?cve=CVE-2010-1748
epss 0.13402 https://api.first.org/data/v1/epss?cve=CVE-2010-1748
epss 0.13402 https://api.first.org/data/v1/epss?cve=CVE-2010-1748
epss 0.25852 https://api.first.org/data/v1/epss?cve=CVE-2010-1748
rhbs medium https://bugzilla.redhat.com/show_bug.cgi?id=591983
cvssv2 4.3 https://nvd.nist.gov/vuln/detail/CVE-2010-1748
Reference id Reference type URL
http://cups.org/articles.php?L596
http://cups.org/str.php?L3577
http://lists.apple.com/archives/security-announce/2010//Jun/msg00001.html
http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00000.html
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-1748.json
https://api.first.org/data/v1/epss?cve=CVE-2010-1748
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1748
http://secunia.com/advisories/40220
http://secunia.com/advisories/43521
http://security.gentoo.org/glsa/glsa-201207-10.xml
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9723
http://support.apple.com/kb/HT4188
http://www.debian.org/security/2011/dsa-2176
http://www.mandriva.com/security/advisories?name=MDVSA-2010:232
http://www.mandriva.com/security/advisories?name=MDVSA-2010:234
http://www.securityfocus.com/bid/40871
http://www.vupen.com/english/advisories/2010/1481
http://www.vupen.com/english/advisories/2011/0535
591983 https://bugzilla.redhat.com/show_bug.cgi?id=591983
CVE-2010-1748 https://nvd.nist.gov/vuln/detail/CVE-2010-1748
CVE-2010-1748;OSVDB-65569 Exploit https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/remote/34152.txt
CVE-2010-1748;OSVDB-65569 Exploit https://www.securityfocus.com/bid/40897/info
GLSA-201207-10 https://security.gentoo.org/glsa/201207-10
RHSA-2010:0490 https://access.redhat.com/errata/RHSA-2010:0490
USN-952-1 https://usn.ubuntu.com/952-1/
Data source Exploit-DB
Date added June 15, 2010
Description CUPS 1.4.2 - Web Interface Information Disclosure
Ransomware campaign use Known
Source publication date June 15, 2010
Exploit type remote
Platform linux
Source update date July 23, 2014
Source URL https://www.securityfocus.com/bid/40897/info
Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2010-1748
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Exploit Prediction Scoring System (EPSS)
Percentile 0.86031
EPSS Score 0.01264
Published At Nov. 1, 2024, midnight
Date Actor Action Source VulnerableCode Version
There are no relevant records.