CVE-2010-0540

medium
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

Cross-site request forgery (CSRF) vulnerability in the web interface in CUPS before 1.4.4, as used on Apple Mac OS X 10.5.8, Mac OS X 10.6 before 10.6.4, and other platforms, allows remote attackers to hijack the authentication of administrators for requests that change settings.

References

http://cups.org/articles.php?L596

http://cups.org/str.php?L3498

http://lists.apple.com/archives/security-announce/2010//Jun/msg00001.html

http://secunia.com/advisories/40220

http://secunia.com/advisories/43521

http://security.gentoo.org/glsa/glsa-201207-10.xml

http://support.apple.com/kb/HT4188

http://www.debian.org/security/2011/dsa-2176

http://www.mandriva.com/security/advisories?name=MDVSA-2010:232

http://www.mandriva.com/security/advisories?name=MDVSA-2010:233

http://www.mandriva.com/security/advisories?name=MDVSA-2010:234

http://www.securityfocus.com/bid/40871

http://www.securitytracker.com/id?1024122

http://www.vupen.com/english/advisories/2010/1481

http://www.vupen.com/english/advisories/2011/0535

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10382

Details

Source: MITRE

Published: 2010-06-17

Updated: 2017-09-19

Type: CWE-352

Risk Information

CVSS v2

Base Score: 6

Vector: AV:N/AC:M/Au:S/C:P/I:P/A:P

Impact Score: 6.4

Exploitability Score: 6.8

Severity: MEDIUM

Tenable Plugins

View all (22 total)

IDNameProductFamilySeverity
68052Oracle Linux 3 / 4 / 5 : cups (ELSA-2010-0490)NessusOracle Linux Local Security Checks
medium
60806Scientific Linux Security Update : cups on SL3.x, SL4.x, SL5.x i386/x86_64NessusScientific Linux Local Security Checks
medium
59902GLSA-201207-10 : CUPS: Multiple vulnerabilitiesNessusGentoo Local Security Checks
high
57172SuSE 10 Security Update : CUPS (ZYPP Patch Number 7775)NessusSuSE Local Security Checks
medium
57094SuSE 11.1 Security Update : CUPS (SAT Patch Number 5180)NessusSuSE Local Security Checks
medium
56603SuSE 10 Security Update : CUPS (ZYPP Patch Number 7774)NessusSuSE Local Security Checks
medium
54882Slackware 13.1 / current : cups (SSA:2010-176-05)NessusSlackware Local Security Checks
medium
52484Debian DSA-2176-1 : cups - several vulnerabilitiesNessusDebian Local Security Checks
high
50607Mandriva Linux Security Advisory : cups (MDVSA-2010:233)NessusMandriva Local Security Checks
high
50606Mandriva Linux Security Advisory : cups (MDVSA-2010:232)NessusMandriva Local Security Checks
high
47835Fedora 12 : cups-1.4.4-5.fc12 (2010-10101)NessusFedora Local Security Checks
medium
47683CUPS < 1.4.4 Multiple VulnerabilitiesNessusMisc.
high
47586Fedora 13 : cups-1.4.4-5.fc13 (2010-10388)NessusFedora Local Security Checks
medium
47206Fedora 11 : cups-1.4.4-4.fc11 (2010-10066)NessusFedora Local Security Checks
medium
47108Ubuntu 6.06 LTS / 8.04 LTS / 9.04 / 9.10 / 10.04 LTS : cups, cupsys vulnerabilities (USN-952-1)NessusUbuntu Local Security Checks
medium
47102CentOS 3 / 4 / 5 : cups (CESA-2010:0490)NessusCentOS Local Security Checks
medium
5574CUPS < 1.4.4 Multiple VulnerabilitiesNessus Network MonitorWeb Servers
medium
47044RHEL 3 / 4 / 5 : cups (RHSA-2010:0490)NessusRed Hat Local Security Checks
medium
800793Mac OS X 10.6 < 10.6.4 Multiple VulnerabilitiesLog Correlation EngineOperating System Detection
high
5571Mac OS X 10.6 < 10.6.4 Multiple VulnerabilitiesNessus Network MonitorGeneric
critical
47024Mac OS X Multiple Vulnerabilities (Security Update 2010-004)NessusMacOS X Local Security Checks
high
47023Mac OS X 10.6.x < 10.6.4 Multiple VulnerabilitiesNessusMacOS X Local Security Checks
high