Required CVE Record Information
Description
The cgi_initialize_string function in cgi-bin/var.c in the web interface in CUPS before 1.4.4, as used on Apple Mac OS X 10.5.8, Mac OS X 10.6 before 10.6.4, and other platforms, does not properly handle parameter values containing a % (percent) character without two subsequent hex characters, which allows context-dependent attackers to obtain sensitive information from cupsd process memory via a crafted request, as demonstrated by the (1) /admin?OP=redirect&URL=% and (2) /admin?URL=/admin/&OP=% URIs.
References 15 Total
- lists.apple.com: APPLE-SA-2010-06-15-1 vendor-advisory
- mandriva.com: MDVSA-2010:234 vendor-advisory
- vupen.com: ADV-2010-1481 vdb-entry
- http://cups.org/articles.php?L596
- securityfocus.com: 40871 vdb-entry
- mandriva.com: MDVSA-2010:232 vendor-advisory
- lists.opensuse.org: SUSE-SR:2010:023 vendor-advisory
- debian.org: DSA-2176 vendor-advisory
- http://support.apple.com/kb/HT4188
- security.gentoo.org: GLSA-201207-10 vendor-advisory
- vupen.com: ADV-2011-0535 vdb-entry
- secunia.com: 40220 third-party-advisory
- http://cups.org/str.php?L3577
- oval.cisecurity.org: oval:org.mitre.oval:def:9723 vdb-entrysignature
- secunia.com: 43521 third-party-advisory
Updated:
This container includes required additional information provided by the CVE Program for this vulnerability.
References 15 Total
- lists.apple.com: APPLE-SA-2010-06-15-1 vendor-advisoryx_transferred
- mandriva.com: MDVSA-2010:234 vendor-advisoryx_transferred
- vupen.com: ADV-2010-1481 vdb-entryx_transferred
- http://cups.org/articles.php?L596 x_transferred
- securityfocus.com: 40871 vdb-entryx_transferred
- mandriva.com: MDVSA-2010:232 vendor-advisoryx_transferred
- lists.opensuse.org: SUSE-SR:2010:023 vendor-advisoryx_transferred
- debian.org: DSA-2176 vendor-advisoryx_transferred
- http://support.apple.com/kb/HT4188 x_transferred
- security.gentoo.org: GLSA-201207-10 vendor-advisoryx_transferred
- vupen.com: ADV-2011-0535 vdb-entryx_transferred
- secunia.com: 40220 third-party-advisoryx_transferred
- http://cups.org/str.php?L3577 x_transferred
- oval.cisecurity.org: oval:org.mitre.oval:def:9723 vdb-entrysignaturex_transferred
- secunia.com: 43521 third-party-advisoryx_transferred