Vulnerability CVE-2010-1623


Published: 2010-10-04   Modified: 2012-02-13

Description:
Memory leak in the apr_brigade_split_line function in buckets/apr_brigade.c in the Apache Portable Runtime Utility library (aka APR-util) before 1.3.10, as used in the mod_reqtimeout module in the Apache HTTP Server and other software, allows remote attackers to cause a denial of service (memory consumption) via unspecified vectors related to the destruction of an APR bucket.

CVSS2 => (AV:N/AC:L/Au:N/C:N/I:N/A:P)

CVSS Base Score
Impact Subscore
Exploitability Subscore
5/10
2.9/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
None
None
Partial
Affected software
Apache -> Apr-util 

 References:
http://blogs.sun.com/security/entry/cve_2010_1623_memory_leak
http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049885.html
http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049939.html
http://lists.opensuse.org/opensuse-security-announce/2011-11/msg00011.html
http://marc.info/?l=bugtraq&m=130168502603566&w=2
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:12800
http://security-tracker.debian.org/tracker/CVE-2010-1623
http://slackware.com/security/viewer.php?l=slackware-security&y=2011&m=slackware-security.627828
http://svn.apache.org/viewvc?view=revision&revision=1003492
http://svn.apache.org/viewvc?view=revision&revision=1003493
http://svn.apache.org/viewvc?view=revision&revision=1003494
http://svn.apache.org/viewvc?view=revision&revision=1003495
http://svn.apache.org/viewvc?view=revision&revision=1003626
http://ubuntu.com/usn/usn-1021-1
http://www-01.ibm.com/support/docview.wss?uid=swg1PM31601
http://www.apache.org/dist/apr/CHANGES-APR-UTIL-1.3
http://www.mandriva.com/security/advisories?name=MDVSA-2010:192
http://www.redhat.com/support/errata/RHSA-2010-0950.html
http://www.redhat.com/support/errata/RHSA-2011-0896.html
http://www.redhat.com/support/errata/RHSA-2011-0897.html
http://www.securityfocus.com/bid/43673
http://www.ubuntu.com/usn/USN-1022-1
http://www.vupen.com/english/advisories/2010/2556
http://www.vupen.com/english/advisories/2010/2557
http://www.vupen.com/english/advisories/2010/2806
http://www.vupen.com/english/advisories/2010/3064
http://www.vupen.com/english/advisories/2010/3065
http://www.vupen.com/english/advisories/2010/3074
http://www.vupen.com/english/advisories/2011/0358

Copyright 2024, cxsecurity.com

 

Back to Top