Detections
Analytics

CUPS Memory Information Disclosure

medium Nessus Plugin ID 47716

Language:

Synopsis

The remote CUPS install contains a memory information disclosure vulnerability.

Description

The remote CUPS install contains a memory information disclosure vulnerability due to an error in 'cgi_initialize_string' in 'cgi-bin/var.c', which mishandles input parameters containing the '%' character.

Solution

Upgrade to CUPS 1.4.4 or greater.

See Also

https://github.com/apple/cups/issues/3577

Plugin Details

Severity: Medium

ID: 47716

File Name: cups_memory_access.nasl

Version: 1.9

Type: remote

Family: Web Servers

Published: 7/14/2010

Updated: 7/6/2018

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 4.2

CVSS v2

Risk Factor: Medium

Base Score: 4.3

Temporal Score: 3.4

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N

Vulnerability Information

CPE: cpe:/a:apple:cups

Required KB Items: www/cups

Exploit Available: true

Exploit Ease: Exploits are available

Exploited by Nessus: true

Patch Publication Date: 6/15/2010

Vulnerability Publication Date: 6/15/2010

Reference Information

CVE: CVE-2010-1748

BID: 40897

Secunia: 40165