Search for vulnerabilities
Vulnerability details: VCID-tn5h-wd6f-aaag
Vulnerability ID VCID-tn5h-wd6f-aaag
Aliases CVE-2010-0540
Summary Cross-site request forgery (CSRF) vulnerability in the web interface in CUPS before 1.4.4, as used on Apple Mac OS X 10.5.8, Mac OS X 10.6 before 10.6.4, and other platforms, allows remote attackers to hijack the authentication of administrators for requests that change settings.
Status Published
Exploitability 0.5
Weighted Severity 8.0
Risk 4.0
Affected and Fixed Packages Package Details
Weaknesses (1)
CWE-352 Cross-Site Request Forgery (CSRF)
System Score Found at
rhas Important https://access.redhat.com/errata/RHSA-2010:0490
epss 0.00335 https://api.first.org/data/v1/epss?cve=CVE-2010-0540
epss 0.00335 https://api.first.org/data/v1/epss?cve=CVE-2010-0540
epss 0.00335 https://api.first.org/data/v1/epss?cve=CVE-2010-0540
epss 0.00335 https://api.first.org/data/v1/epss?cve=CVE-2010-0540
epss 0.00335 https://api.first.org/data/v1/epss?cve=CVE-2010-0540
epss 0.00335 https://api.first.org/data/v1/epss?cve=CVE-2010-0540
epss 0.00335 https://api.first.org/data/v1/epss?cve=CVE-2010-0540
epss 0.00335 https://api.first.org/data/v1/epss?cve=CVE-2010-0540
epss 0.00335 https://api.first.org/data/v1/epss?cve=CVE-2010-0540
epss 0.00335 https://api.first.org/data/v1/epss?cve=CVE-2010-0540
epss 0.00335 https://api.first.org/data/v1/epss?cve=CVE-2010-0540
epss 0.00335 https://api.first.org/data/v1/epss?cve=CVE-2010-0540
epss 0.00339 https://api.first.org/data/v1/epss?cve=CVE-2010-0540
epss 0.00339 https://api.first.org/data/v1/epss?cve=CVE-2010-0540
epss 0.00339 https://api.first.org/data/v1/epss?cve=CVE-2010-0540
epss 0.00339 https://api.first.org/data/v1/epss?cve=CVE-2010-0540
epss 0.00401 https://api.first.org/data/v1/epss?cve=CVE-2010-0540
epss 0.00401 https://api.first.org/data/v1/epss?cve=CVE-2010-0540
epss 0.00401 https://api.first.org/data/v1/epss?cve=CVE-2010-0540
epss 0.00401 https://api.first.org/data/v1/epss?cve=CVE-2010-0540
epss 0.00401 https://api.first.org/data/v1/epss?cve=CVE-2010-0540
epss 0.00401 https://api.first.org/data/v1/epss?cve=CVE-2010-0540
epss 0.00401 https://api.first.org/data/v1/epss?cve=CVE-2010-0540
epss 0.00401 https://api.first.org/data/v1/epss?cve=CVE-2010-0540
epss 0.00401 https://api.first.org/data/v1/epss?cve=CVE-2010-0540
epss 0.00401 https://api.first.org/data/v1/epss?cve=CVE-2010-0540
epss 0.00401 https://api.first.org/data/v1/epss?cve=CVE-2010-0540
epss 0.00401 https://api.first.org/data/v1/epss?cve=CVE-2010-0540
epss 0.00401 https://api.first.org/data/v1/epss?cve=CVE-2010-0540
epss 0.00401 https://api.first.org/data/v1/epss?cve=CVE-2010-0540
epss 0.00401 https://api.first.org/data/v1/epss?cve=CVE-2010-0540
epss 0.00401 https://api.first.org/data/v1/epss?cve=CVE-2010-0540
epss 0.00401 https://api.first.org/data/v1/epss?cve=CVE-2010-0540
epss 0.00401 https://api.first.org/data/v1/epss?cve=CVE-2010-0540
epss 0.00401 https://api.first.org/data/v1/epss?cve=CVE-2010-0540
epss 0.00401 https://api.first.org/data/v1/epss?cve=CVE-2010-0540
epss 0.00401 https://api.first.org/data/v1/epss?cve=CVE-2010-0540
epss 0.00401 https://api.first.org/data/v1/epss?cve=CVE-2010-0540
epss 0.00401 https://api.first.org/data/v1/epss?cve=CVE-2010-0540
epss 0.00401 https://api.first.org/data/v1/epss?cve=CVE-2010-0540
epss 0.00401 https://api.first.org/data/v1/epss?cve=CVE-2010-0540
epss 0.00401 https://api.first.org/data/v1/epss?cve=CVE-2010-0540
epss 0.00401 https://api.first.org/data/v1/epss?cve=CVE-2010-0540
epss 0.00401 https://api.first.org/data/v1/epss?cve=CVE-2010-0540
epss 0.00401 https://api.first.org/data/v1/epss?cve=CVE-2010-0540
epss 0.00401 https://api.first.org/data/v1/epss?cve=CVE-2010-0540
epss 0.00401 https://api.first.org/data/v1/epss?cve=CVE-2010-0540
epss 0.00401 https://api.first.org/data/v1/epss?cve=CVE-2010-0540
epss 0.00401 https://api.first.org/data/v1/epss?cve=CVE-2010-0540
epss 0.00401 https://api.first.org/data/v1/epss?cve=CVE-2010-0540
epss 0.00401 https://api.first.org/data/v1/epss?cve=CVE-2010-0540
epss 0.00401 https://api.first.org/data/v1/epss?cve=CVE-2010-0540
epss 0.00401 https://api.first.org/data/v1/epss?cve=CVE-2010-0540
epss 0.00401 https://api.first.org/data/v1/epss?cve=CVE-2010-0540
epss 0.00401 https://api.first.org/data/v1/epss?cve=CVE-2010-0540
epss 0.00401 https://api.first.org/data/v1/epss?cve=CVE-2010-0540
epss 0.00401 https://api.first.org/data/v1/epss?cve=CVE-2010-0540
epss 0.00401 https://api.first.org/data/v1/epss?cve=CVE-2010-0540
epss 0.00401 https://api.first.org/data/v1/epss?cve=CVE-2010-0540
epss 0.00401 https://api.first.org/data/v1/epss?cve=CVE-2010-0540
epss 0.00401 https://api.first.org/data/v1/epss?cve=CVE-2010-0540
epss 0.00401 https://api.first.org/data/v1/epss?cve=CVE-2010-0540
epss 0.00401 https://api.first.org/data/v1/epss?cve=CVE-2010-0540
epss 0.00401 https://api.first.org/data/v1/epss?cve=CVE-2010-0540
epss 0.00401 https://api.first.org/data/v1/epss?cve=CVE-2010-0540
epss 0.00401 https://api.first.org/data/v1/epss?cve=CVE-2010-0540
epss 0.00401 https://api.first.org/data/v1/epss?cve=CVE-2010-0540
epss 0.00401 https://api.first.org/data/v1/epss?cve=CVE-2010-0540
epss 0.00401 https://api.first.org/data/v1/epss?cve=CVE-2010-0540
epss 0.00401 https://api.first.org/data/v1/epss?cve=CVE-2010-0540
epss 0.00401 https://api.first.org/data/v1/epss?cve=CVE-2010-0540
epss 0.00401 https://api.first.org/data/v1/epss?cve=CVE-2010-0540
epss 0.00401 https://api.first.org/data/v1/epss?cve=CVE-2010-0540
epss 0.00401 https://api.first.org/data/v1/epss?cve=CVE-2010-0540
epss 0.00401 https://api.first.org/data/v1/epss?cve=CVE-2010-0540
epss 0.00401 https://api.first.org/data/v1/epss?cve=CVE-2010-0540
epss 0.00401 https://api.first.org/data/v1/epss?cve=CVE-2010-0540
epss 0.00401 https://api.first.org/data/v1/epss?cve=CVE-2010-0540
epss 0.00401 https://api.first.org/data/v1/epss?cve=CVE-2010-0540
epss 0.00401 https://api.first.org/data/v1/epss?cve=CVE-2010-0540
epss 0.00401 https://api.first.org/data/v1/epss?cve=CVE-2010-0540
epss 0.00401 https://api.first.org/data/v1/epss?cve=CVE-2010-0540
epss 0.00401 https://api.first.org/data/v1/epss?cve=CVE-2010-0540
epss 0.00401 https://api.first.org/data/v1/epss?cve=CVE-2010-0540
epss 0.00401 https://api.first.org/data/v1/epss?cve=CVE-2010-0540
epss 0.00401 https://api.first.org/data/v1/epss?cve=CVE-2010-0540
epss 0.00401 https://api.first.org/data/v1/epss?cve=CVE-2010-0540
epss 0.00888 https://api.first.org/data/v1/epss?cve=CVE-2010-0540
rhbs medium https://bugzilla.redhat.com/show_bug.cgi?id=588805
cvssv2 6.0 https://nvd.nist.gov/vuln/detail/CVE-2010-0540
Reference id Reference type URL
http://cups.org/articles.php?L596
http://cups.org/str.php?L3498
http://lists.apple.com/archives/security-announce/2010//Jun/msg00001.html
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-0540.json
https://api.first.org/data/v1/epss?cve=CVE-2010-0540
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0540
http://secunia.com/advisories/40220
http://secunia.com/advisories/43521
http://security.gentoo.org/glsa/glsa-201207-10.xml
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10382
http://support.apple.com/kb/HT4188
http://www.debian.org/security/2011/dsa-2176
http://www.mandriva.com/security/advisories?name=MDVSA-2010:232
http://www.mandriva.com/security/advisories?name=MDVSA-2010:233
http://www.mandriva.com/security/advisories?name=MDVSA-2010:234
http://www.securityfocus.com/bid/40871
http://www.securitytracker.com/id?1024122
http://www.vupen.com/english/advisories/2010/1481
http://www.vupen.com/english/advisories/2011/0535
588805 https://bugzilla.redhat.com/show_bug.cgi?id=588805
cpe:2.3:o:apple:mac_os_x:10.5.8:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:mac_os_x:10.5.8:*:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x:10.6.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:mac_os_x:10.6.0:*:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x:10.6.1:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:mac_os_x:10.6.1:*:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x:10.6.2:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:mac_os_x:10.6.2:*:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x:10.6.3:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:mac_os_x:10.6.3:*:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x_server:10.5.8:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:mac_os_x_server:10.5.8:*:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x_server:10.6.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:mac_os_x_server:10.6.0:*:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x_server:10.6.1:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:mac_os_x_server:10.6.1:*:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x_server:10.6.2:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:mac_os_x_server:10.6.2:*:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x_server:10.6.3:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:mac_os_x_server:10.6.3:*:*:*:*:*:*:*
CVE-2010-0540 https://nvd.nist.gov/vuln/detail/CVE-2010-0540
GLSA-201207-10 https://security.gentoo.org/glsa/201207-10
RHSA-2010:0490 https://access.redhat.com/errata/RHSA-2010:0490
USN-952-1 https://usn.ubuntu.com/952-1/
No exploits are available.
Vector: AV:N/AC:M/Au:S/C:P/I:P/A:P Found at https://nvd.nist.gov/vuln/detail/CVE-2010-0540
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Exploit Prediction Scoring System (EPSS)
Percentile 0.71755
EPSS Score 0.00335
Published At Nov. 1, 2024, midnight
Date Actor Action Source VulnerableCode Version
There are no relevant records.