Apache – CVE-2010-1623

Description

Kayran has detected a flaw in the apr_brigade_split_line() function of the bundled APR-util library.
Also known as CVE-2010-1623.
It’s being used to process non-SSL requests.

A remote attacker could send requests, carefully crafting the timing of individual bytes, which would slowly consume memory.
Memory consumption will potentially cause a denial of service (DoS) via unspecified vectors related to the destruction of an APR bucket.

This will cause a decrease in performance and also for interruptions in the availability of resources.

Severity/Score

CVSS Version 2.0 – 5.0 Medium

Recommendation

To fix CVE-2010-1623, update the version of Apache Portable Runtime Utility library (APR-util) to 1.3.10 or higher.

References

https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-1623

https://cwe.mitre.org/data/definitions/119.html

Read more about DoS here.

< Return to all Vulnerabilities

Bug Bounties

As pirates, we all love plundering, we all love raiding, but mostly, we all love bounties, especially Bug Bounties. Let’s talk about it. Bug Bounties

Read More »