CVE-2010-1748

The cgi_initialize_string function in cgi-bin/var.c in the web interface in CUPS before 1.4.4, as used on Apple Mac OS X 10.5.8, Mac OS X 10.6 before 10.6.4, and other platforms, does not properly handle parameter values containing a % (percent) character without two subsequent hex characters, which allows context-dependent attackers to obtain sensitive information from cupsd process memory via a crafted request, as demonstrated by the (1) /admin?OP=redirect&URL=% and (2) /admin?URL=/admin/&OP=% URIs.
Advertisement

NeevaHost hosting service

Configurations

Configuration 1 (hide)

AND
OR cpe:2.3:a:apple:cups:1.1.6:*:*:*:*:*:*:*
cpe:2.3:a:apple:cups:1.1.6-1:*:*:*:*:*:*:*
cpe:2.3:a:apple:cups:1.1.10:*:*:*:*:*:*:*
cpe:2.3:a:apple:cups:1.1.6-3:*:*:*:*:*:*:*
cpe:2.3:a:apple:cups:1.1.17:*:*:*:*:*:*:*
cpe:2.3:a:apple:cups:1.1.12:*:*:*:*:*:*:*
cpe:2.3:a:apple:cups:1.1.19:rc1:*:*:*:*:*:*
cpe:2.3:a:apple:cups:1.1.20:*:*:*:*:*:*:*
cpe:2.3:a:apple:cups:1.1.20:rc1:*:*:*:*:*:*
cpe:2.3:a:apple:cups:1.1.21:rc1:*:*:*:*:*:*
cpe:2.3:a:apple:cups:1.1.21:*:*:*:*:*:*:*
cpe:2.3:a:apple:cups:1.1.14:*:*:*:*:*:*:*
cpe:2.3:a:apple:cups:1.1.20:rc6:*:*:*:*:*:*
cpe:2.3:a:apple:cups:1.2.4:*:*:*:*:*:*:*
cpe:2.3:a:apple:cups:1.1.6-2:*:*:*:*:*:*:*
cpe:2.3:a:apple:cups:1.1.3:*:*:*:*:*:*:*
cpe:2.3:a:apple:cups:1.4.0:*:*:*:*:*:*:*
cpe:2.3:a:apple:cups:1.2.9:*:*:*:*:*:*:*
cpe:2.3:a:apple:cups:1.2.10:*:*:*:*:*:*:*
cpe:2.3:a:apple:cups:1.1.4:*:*:*:*:*:*:*
cpe:2.3:a:apple:cups:1.1.8:*:*:*:*:*:*:*
cpe:2.3:a:apple:cups:1.1.2:*:*:*:*:*:*:*
cpe:2.3:a:apple:cups:1.3.10:*:*:*:*:*:*:*
cpe:2.3:a:apple:cups:1.1.19:rc4:*:*:*:*:*:*
cpe:2.3:a:apple:cups:1.1.21:rc2:*:*:*:*:*:*
cpe:2.3:a:apple:cups:1.2:b2:*:*:*:*:*:*
cpe:2.3:a:apple:cups:1.3.7:*:*:*:*:*:*:*
cpe:2.3:a:apple:cups:1.1.19:rc5:*:*:*:*:*:*
cpe:2.3:a:apple:cups:1.2:rc1:*:*:*:*:*:*
cpe:2.3:a:apple:cups:1.1.11:*:*:*:*:*:*:*
cpe:2.3:a:apple:cups:1.3.0:*:*:*:*:*:*:*
cpe:2.3:a:apple:cups:1.3.6:*:*:*:*:*:*:*
cpe:2.3:a:apple:cups:1.2.5:*:*:*:*:*:*:*
cpe:2.3:a:apple:cups:1.1.5-2:*:*:*:*:*:*:*
cpe:2.3:a:apple:cups:1.3:rc2:*:*:*:*:*:*
cpe:2.3:a:apple:cups:1.1.18:*:*:*:*:*:*:*
cpe:2.3:a:apple:cups:*:*:*:*:*:*:*:*
cpe:2.3:a:apple:cups:1.3.11:*:*:*:*:*:*:*
cpe:2.3:a:apple:cups:1.1.5-1:*:*:*:*:*:*:*
cpe:2.3:a:apple:cups:1.1.22:*:*:*:*:*:*:*
cpe:2.3:a:apple:cups:1.2.0:*:*:*:*:*:*:*
cpe:2.3:a:apple:cups:1.1.16:*:*:*:*:*:*:*
cpe:2.3:a:apple:cups:1.4.1:*:*:*:*:*:*:*
cpe:2.3:a:apple:cups:1.3.1:*:*:*:*:*:*:*
cpe:2.3:a:apple:cups:1.1.23:rc1:*:*:*:*:*:*
cpe:2.3:a:apple:cups:1.1.15:*:*:*:*:*:*:*
cpe:2.3:a:apple:cups:1.1.22:rc1:*:*:*:*:*:*
cpe:2.3:a:apple:cups:1.1.7:*:*:*:*:*:*:*
cpe:2.3:a:apple:cups:1.2:rc2:*:*:*:*:*:*
cpe:2.3:a:apple:cups:1.2.3:*:*:*:*:*:*:*
cpe:2.3:a:apple:cups:1.1.23:*:*:*:*:*:*:*
cpe:2.3:a:apple:cups:1.2:b1:*:*:*:*:*:*
cpe:2.3:a:apple:cups:1.3.8:*:*:*:*:*:*:*
cpe:2.3:a:apple:cups:1.1.20:rc4:*:*:*:*:*:*
cpe:2.3:a:apple:cups:1.1.19:*:*:*:*:*:*:*
cpe:2.3:a:apple:cups:1.1:*:*:*:*:*:*:*
cpe:2.3:a:apple:cups:1.3.4:*:*:*:*:*:*:*
cpe:2.3:a:apple:cups:1.1.5:*:*:*:*:*:*:*
cpe:2.3:a:apple:cups:1.2:rc3:*:*:*:*:*:*
cpe:2.3:a:apple:cups:1.1.13:*:*:*:*:*:*:*
cpe:2.3:a:apple:cups:1.1.9-1:*:*:*:*:*:*:*
cpe:2.3:a:apple:cups:1.2.12:*:*:*:*:*:*:*
cpe:2.3:a:apple:cups:1.2.7:*:*:*:*:*:*:*
cpe:2.3:a:apple:cups:1.1.20:rc5:*:*:*:*:*:*
cpe:2.3:a:apple:cups:1.1.9:*:*:*:*:*:*:*
cpe:2.3:a:apple:cups:1.1.1:*:*:*:*:*:*:*
cpe:2.3:a:apple:cups:1.2.8:*:*:*:*:*:*:*
cpe:2.3:a:apple:cups:1.2.2:*:*:*:*:*:*:*
cpe:2.3:a:apple:cups:1.4.2:*:*:*:*:*:*:*
cpe:2.3:a:apple:cups:1.2.11:*:*:*:*:*:*:*
cpe:2.3:a:apple:cups:1.1.22:rc2:*:*:*:*:*:*
cpe:2.3:a:apple:cups:1.1.19:rc3:*:*:*:*:*:*
cpe:2.3:a:apple:cups:1.1.10-1:*:*:*:*:*:*:*
cpe:2.3:a:apple:cups:1.3.5:*:*:*:*:*:*:*
cpe:2.3:a:apple:cups:1.1.20:rc2:*:*:*:*:*:*
cpe:2.3:a:apple:cups:1.1.20:rc3:*:*:*:*:*:*
cpe:2.3:a:apple:cups:1.1.19:rc2:*:*:*:*:*:*
cpe:2.3:a:apple:cups:1.3.9:*:*:*:*:*:*:*
cpe:2.3:a:apple:cups:1.3.3:*:*:*:*:*:*:*
cpe:2.3:a:apple:cups:1.3.2:*:*:*:*:*:*:*
cpe:2.3:a:apple:cups:1.3:b1:*:*:*:*:*:*
cpe:2.3:a:apple:cups:1.2.6:*:*:*:*:*:*:*
cpe:2.3:a:apple:cups:1.2.1:*:*:*:*:*:*:*
cpe:2.3:a:apple:cups:1.3:rc1:*:*:*:*:*:*
OR cpe:2.3:o:apple:mac_os_x:10.6.3:*:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x_server:10.6.0:*:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x_server:10.6.1:*:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x:10.6.1:*:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x:10.6.2:*:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x_server:10.5.8:*:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x:10.5.8:*:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x:10.6.0:*:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x_server:10.6.2:*:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x_server:10.6.3:*:*:*:*:*:*:*

Information

Published : 2010-06-17 09:30

Updated : 2017-09-18 18:30


NVD link : CVE-2010-1748

Mitre link : CVE-2010-1748


JSON object : View

CWE
CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

Advertisement

dedicated server usa

Products Affected

apple

  • mac_os_x
  • mac_os_x_server
  • cups