National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

CVE-2010-1623 Detail

Current Description

Memory leak in the apr_brigade_split_line function in buckets/apr_brigade.c in the Apache Portable Runtime Utility library (aka APR-util) before 1.3.10, as used in the mod_reqtimeout module in the Apache HTTP Server and other software, allows remote attackers to cause a denial of service (memory consumption) via unspecified vectors related to the destruction of an APR bucket.

Source:  MITRE      Last Modified:  10/04/2010      View Analysis Description

Quick Info

CVE Dictionary Entry:
CVE-2010-1623
Original release date:
10/04/2010
Last revised:
09/18/2017
Source:
US-CERT/NIST

Impact

CVSS Severity (version 2.0):
CVSS v2 Base Score:
5.0 MEDIUM
Vector:
(AV:N/AC:L/Au:N/C:N/I:N/A:P) (legend)
Impact Subscore:
2.9
Exploitability Subscore:
10.0
CVSS Version 2 Metrics:
Access Vector:
Network exploitable
Access Complexity:
Low
Authentication:
Not required to exploit
Impact Type:
Allows disruption of service

References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to nvd@nist.gov.

Hyperlink Resource Type Source Name
http://blogs.sun.com/security/entry/cve_2010_1623_memory_leak External Source CONFIRM http://blogs.sun.com/security/entry/cve_2010_1623_memory_leak
http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049885.html External Source FEDORA FEDORA-2010-15953
http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049939.html External Source FEDORA FEDORA-2010-15916
http://lists.opensuse.org/opensuse-security-announce/2011-11/msg00011.html External Source SUSE SUSE-SU-2011:1229
http://marc.info/?l=bugtraq&m=130168502603566&w=2 External Source HP HPSBUX02645
http://security-tracker.debian.org/tracker/CVE-2010-1623 External Source CONFIRM http://security-tracker.debian.org/tracker/CVE-2010-1623
http://slackware.com/security/viewer.php?l=slackware-security&y=2011&m=slackware-security.627828 External Source SLACKWARE SSA:2011-041-01
http://svn.apache.org/viewvc?view=revision&revision=1003492 Patch External Source CONFIRM http://svn.apache.org/viewvc?view=revision&revision=1003492
http://svn.apache.org/viewvc?view=revision&revision=1003493 Patch External Source CONFIRM http://svn.apache.org/viewvc?view=revision&revision=1003493
http://svn.apache.org/viewvc?view=revision&revision=1003494 Patch External Source CONFIRM http://svn.apache.org/viewvc?view=revision&revision=1003494
http://svn.apache.org/viewvc?view=revision&revision=1003495 Patch External Source CONFIRM http://svn.apache.org/viewvc?view=revision&revision=1003495
http://svn.apache.org/viewvc?view=revision&revision=1003626 Patch External Source CONFIRM http://svn.apache.org/viewvc?view=revision&revision=1003626
http://ubuntu.com/usn/usn-1021-1 External Source UBUNTU USN-1021-1
http://www.apache.org/dist/apr/CHANGES-APR-UTIL-1.3 External Source CONFIRM http://www.apache.org/dist/apr/CHANGES-APR-UTIL-1.3
http://www.mandriva.com/security/advisories?name=MDVSA-2010:192 External Source MANDRIVA MDVSA-2010:192
http://www.redhat.com/support/errata/RHSA-2010-0950.html Vendor Advisory External Source REDHAT RHSA-2010:0950
http://www.redhat.com/support/errata/RHSA-2011-0896.html Vendor Advisory External Source REDHAT RHSA-2011:0896
http://www.redhat.com/support/errata/RHSA-2011-0897.html Vendor Advisory External Source REDHAT RHSA-2011:0897
http://www.securityfocus.com/bid/43673 External Source BID 43673
http://www.ubuntu.com/usn/USN-1022-1 External Source UBUNTU USN-1022-1
http://www.vupen.com/english/advisories/2010/2556 Patch; Vendor Advisory External Source VUPEN ADV-2010-2556
http://www.vupen.com/english/advisories/2010/2557 Vendor Advisory External Source VUPEN ADV-2010-2557
http://www.vupen.com/english/advisories/2010/2806 Vendor Advisory External Source VUPEN ADV-2010-2806
http://www.vupen.com/english/advisories/2010/3064 Vendor Advisory External Source VUPEN ADV-2010-3064
http://www.vupen.com/english/advisories/2010/3065 Vendor Advisory External Source VUPEN ADV-2010-3065
http://www.vupen.com/english/advisories/2010/3074 Vendor Advisory External Source VUPEN ADV-2010-3074
http://www.vupen.com/english/advisories/2011/0358 Vendor Advisory External Source VUPEN ADV-2011-0358
http://www-01.ibm.com/support/docview.wss?uid=swg1PM31601 External Source AIXAPAR PM23263
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12800 External Source OVAL oval:org.mitre.oval:def:12800

References to Check Content

Identifier:
oval:org.mitre.oval:def:12800
Check System:
http://oval.mitre.org/XMLSchema/oval-definitions-5
Hyperlink:
http://oval.mitre.org/repository/data/DownloadDefinition?id=oval:org.mitre.oval:def:12800

Technical Details

Vulnerability Type (View All)

Vulnerable software and versions Switch to CPE 2.2

Configuration 1
OR
cpe:2.3:a:apache:apr-util:0.9.1:*:*:*:*:*:*:*
cpe:2.3:a:apache:apr-util:0.9.2:*:*:*:*:*:*:*
cpe:2.3:a:apache:apr-util:0.9.3:*:*:*:*:*:*:*
cpe:2.3:a:apache:apr-util:0.9.4:*:*:*:*:*:*:*
cpe:2.3:a:apache:apr-util:0.9.5:*:*:*:*:*:*:*
cpe:2.3:a:apache:apr-util:0.9.6:*:*:*:*:*:*:*
cpe:2.3:a:apache:apr-util:0.9.7:*:*:*:*:*:*:*
cpe:2.3:a:apache:apr-util:0.9.8:*:*:*:*:*:*:*
cpe:2.3:a:apache:apr-util:0.9.9:*:*:*:*:*:*:*
cpe:2.3:a:apache:apr-util:0.9.10:*:*:*:*:*:*:*
cpe:2.3:a:apache:apr-util:0.9.11:*:*:*:*:*:*:*
cpe:2.3:a:apache:apr-util:0.9.12:*:*:*:*:*:*:*
cpe:2.3:a:apache:apr-util:0.9.13:*:*:*:*:*:*:*
cpe:2.3:a:apache:apr-util:0.9.14:*:*:*:*:*:*:*
cpe:2.3:a:apache:apr-util:0.9.15:*:*:*:*:*:*:*
cpe:2.3:a:apache:apr-util:0.9.16:*:*:*:*:*:*:*
cpe:2.3:a:apache:apr-util:0.9.17:*:*:*:*:*:*:*
cpe:2.3:a:apache:apr-util:0.9.18:*:*:*:*:*:*:*
cpe:2.3:a:apache:apr-util:1.0:*:*:*:*:*:*:*
cpe:2.3:a:apache:apr-util:1.0.1:*:*:*:*:*:*:*
cpe:2.3:a:apache:apr-util:1.0.2:*:*:*:*:*:*:*
cpe:2.3:a:apache:apr-util:1.1.0:*:*:*:*:*:*:*
cpe:2.3:a:apache:apr-util:1.1.1:*:*:*:*:*:*:*
cpe:2.3:a:apache:apr-util:1.1.2:*:*:*:*:*:*:*
cpe:2.3:a:apache:apr-util:1.2.1:*:*:*:*:*:*:*
cpe:2.3:a:apache:apr-util:1.2.2:*:*:*:*:*:*:*
cpe:2.3:a:apache:apr-util:1.2.6:*:*:*:*:*:*:*
cpe:2.3:a:apache:apr-util:1.2.7:*:*:*:*:*:*:*
cpe:2.3:a:apache:apr-util:1.2.8:*:*:*:*:*:*:*
cpe:2.3:a:apache:apr-util:1.2.9:*:*:*:*:*:*:*
cpe:2.3:a:apache:apr-util:1.2.10:*:*:*:*:*:*:*
cpe:2.3:a:apache:apr-util:1.2.12:*:*:*:*:*:*:*
cpe:2.3:a:apache:apr-util:1.2.13:*:*:*:*:*:*:*
cpe:2.3:a:apache:apr-util:1.3.0:*:*:*:*:*:*:*
cpe:2.3:a:apache:apr-util:1.3.1:*:*:*:*:*:*:*
cpe:2.3:a:apache:apr-util:1.3.2:*:*:*:*:*:*:*
cpe:2.3:a:apache:apr-util:1.3.3:*:*:*:*:*:*:*
cpe:2.3:a:apache:apr-util:1.3.4:*:*:*:*:*:*:*
cpe:2.3:a:apache:apr-util:1.3.5:*:*:*:*:*:*:*
cpe:2.3:a:apache:apr-util:1.3.6:*:*:*:*:*:*:*
cpe:2.3:a:apache:apr-util:1.3.7:*:*:*:*:*:*:*
cpe:2.3:a:apache:apr-util:1.3.8:*:*:*:*:*:*:*
cpe:2.3:a:apache:apr-util:*:*:*:*:*:*:*:*    versions up to (including) 1.3.9

Denotes Vulnerable Software
Are we missing a CPE here? Please let us know.

Change History 5 change records found - show changes