CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2010-1748

The cgi_initialize_string function in cgi-bin/var.c in the web interface in CUPS before 1.4.4, as used on Apple Mac OS X 10.5.8, Mac OS X 10.6 before 10.6.4, and other platforms, does not properly handle parameter values containing a % (percent) character without two subsequent hex characters, which allows context-dependent attackers to obtain sensitive information from cupsd process memory via a crafted request, as demonstrated by the (1) /admin?OP=redirect&URL=% and (2) /admin?URL=/admin/&OP=% URIs.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.134

EPSS Ranking 93.8%

CVSS Severity

CVSS v2 Score 4.3

References

Products affected by CVE-2010-1748

Apple » Cups » Version: N/A

cpe:2.3:a:apple:cups:-
Apple » Cups » Version: 1.1

cpe:2.3:a:apple:cups:1.1
Apple » Cups » Version: 1.1.1

cpe:2.3:a:apple:cups:1.1.1
Apple » Cups » Version: 1.1.10

cpe:2.3:a:apple:cups:1.1.10
Apple » Cups » Version: 1.1.10-1

cpe:2.3:a:apple:cups:1.1.10-1
Apple » Cups » Version: 1.1.11

cpe:2.3:a:apple:cups:1.1.11
Apple » Cups » Version: 1.1.12

cpe:2.3:a:apple:cups:1.1.12
Apple » Cups » Version: 1.1.13

cpe:2.3:a:apple:cups:1.1.13
Apple » Cups » Version: 1.1.14

cpe:2.3:a:apple:cups:1.1.14
Apple » Cups » Version: 1.1.15

cpe:2.3:a:apple:cups:1.1.15
Apple » Cups » Version: 1.1.16

cpe:2.3:a:apple:cups:1.1.16
Apple » Cups » Version: 1.1.17

cpe:2.3:a:apple:cups:1.1.17
Apple » Cups » Version: 1.1.18

cpe:2.3:a:apple:cups:1.1.18
Apple » Cups » Version: 1.1.19

cpe:2.3:a:apple:cups:1.1.19
Apple » Cups » Version: 1.1.2

cpe:2.3:a:apple:cups:1.1.2
Apple » Cups » Version: 1.1.20

cpe:2.3:a:apple:cups:1.1.20
Apple » Cups » Version: 1.1.21

cpe:2.3:a:apple:cups:1.1.21
Apple » Cups » Version: 1.1.22

cpe:2.3:a:apple:cups:1.1.22
Apple » Cups » Version: 1.1.23

cpe:2.3:a:apple:cups:1.1.23
Apple » Cups » Version: 1.1.3

cpe:2.3:a:apple:cups:1.1.3
Apple » Cups » Version: 1.1.4

cpe:2.3:a:apple:cups:1.1.4
Apple » Cups » Version: 1.1.5

cpe:2.3:a:apple:cups:1.1.5
Apple » Cups » Version: 1.1.5-1

cpe:2.3:a:apple:cups:1.1.5-1
Apple » Cups » Version: 1.1.5-2

cpe:2.3:a:apple:cups:1.1.5-2
Apple » Cups » Version: 1.1.6

cpe:2.3:a:apple:cups:1.1.6
Apple » Cups » Version: 1.1.6-1

cpe:2.3:a:apple:cups:1.1.6-1
Apple » Cups » Version: 1.1.6-2

cpe:2.3:a:apple:cups:1.1.6-2
Apple » Cups » Version: 1.1.6-3

cpe:2.3:a:apple:cups:1.1.6-3
Apple » Cups » Version: 1.1.7

cpe:2.3:a:apple:cups:1.1.7
Apple » Cups » Version: 1.1.8

cpe:2.3:a:apple:cups:1.1.8
Apple » Cups » Version: 1.1.9

cpe:2.3:a:apple:cups:1.1.9
Apple » Cups » Version: 1.1.9-1

cpe:2.3:a:apple:cups:1.1.9-1
Apple » Cups » Version: 1.2

cpe:2.3:a:apple:cups:1.2
Apple » Cups » Version: 1.2.0

cpe:2.3:a:apple:cups:1.2.0
Apple » Cups » Version: 1.2.1

cpe:2.3:a:apple:cups:1.2.1
Apple » Cups » Version: 1.2.10

cpe:2.3:a:apple:cups:1.2.10
Apple » Cups » Version: 1.2.11

cpe:2.3:a:apple:cups:1.2.11
Apple » Cups » Version: 1.2.12

cpe:2.3:a:apple:cups:1.2.12
Apple » Cups » Version: 1.2.2

cpe:2.3:a:apple:cups:1.2.2
Apple » Cups » Version: 1.2.3

cpe:2.3:a:apple:cups:1.2.3
Apple » Cups » Version: 1.2.4

cpe:2.3:a:apple:cups:1.2.4
Apple » Cups » Version: 1.2.5

cpe:2.3:a:apple:cups:1.2.5
Apple » Cups » Version: 1.2.6

cpe:2.3:a:apple:cups:1.2.6
Apple » Cups » Version: 1.2.7

cpe:2.3:a:apple:cups:1.2.7
Apple » Cups » Version: 1.2.8

cpe:2.3:a:apple:cups:1.2.8
Apple » Cups » Version: 1.2.9

cpe:2.3:a:apple:cups:1.2.9
Apple » Cups » Version: 1.3

cpe:2.3:a:apple:cups:1.3
Apple » Cups » Version: 1.3.0

cpe:2.3:a:apple:cups:1.3.0
Apple » Cups » Version: 1.3.1

cpe:2.3:a:apple:cups:1.3.1
Apple » Cups » Version: 1.3.10

cpe:2.3:a:apple:cups:1.3.10
Apple » Cups » Version: 1.3.11

cpe:2.3:a:apple:cups:1.3.11
Apple » Cups » Version: 1.3.2

cpe:2.3:a:apple:cups:1.3.2
Apple » Cups » Version: 1.3.3

cpe:2.3:a:apple:cups:1.3.3
Apple » Cups » Version: 1.3.4

cpe:2.3:a:apple:cups:1.3.4
Apple » Cups » Version: 1.3.5

cpe:2.3:a:apple:cups:1.3.5
Apple » Cups » Version: 1.3.6

cpe:2.3:a:apple:cups:1.3.6
Apple » Cups » Version: 1.3.7

cpe:2.3:a:apple:cups:1.3.7
Apple » Cups » Version: 1.3.8

cpe:2.3:a:apple:cups:1.3.8
Apple » Cups » Version: 1.3.9

cpe:2.3:a:apple:cups:1.3.9
Apple » Cups » Version: 1.4

cpe:2.3:a:apple:cups:1.4
Apple » Cups » Version: 1.4.0

cpe:2.3:a:apple:cups:1.4.0
Apple » Cups » Version: 1.4.1

cpe:2.3:a:apple:cups:1.4.1
Apple » Cups » Version: 1.4.2

cpe:2.3:a:apple:cups:1.4.2
Apple » Cups » Version: 1.4.3

cpe:2.3:a:apple:cups:1.4.3
Apple » Mac Os X » Version: 10.5.8

cpe:2.3:o:apple:mac_os_x:10.5.8
Apple » Mac Os X » Version: 10.6.0

cpe:2.3:o:apple:mac_os_x:10.6.0
Apple » Mac Os X » Version: 10.6.1

cpe:2.3:o:apple:mac_os_x:10.6.1
Apple » Mac Os X » Version: 10.6.2

cpe:2.3:o:apple:mac_os_x:10.6.2
Apple » Mac Os X » Version: 10.6.3

cpe:2.3:o:apple:mac_os_x:10.6.3
Apple » Mac Os X Server » Version: 10.5.8

cpe:2.3:o:apple:mac_os_x_server:10.5.8
Apple » Mac Os X Server » Version: 10.6.0

cpe:2.3:o:apple:mac_os_x_server:10.6.0
Apple » Mac Os X Server » Version: 10.6.1

cpe:2.3:o:apple:mac_os_x_server:10.6.1
Apple » Mac Os X Server » Version: 10.6.2

cpe:2.3:o:apple:mac_os_x_server:10.6.2
Apple » Mac Os X Server » Version: 10.6.3

cpe:2.3:o:apple:mac_os_x_server:10.6.3

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2010-1748

Products

Pricing

Contact Us