Apache – CVE-2010-1623

Description

Kayran has detected a flaw in the apr_brigade_split_line() function of the bundled APR-util library.
Also known as CVE-2010-1623.
It’s being used to process non-SSL requests.

A remote attacker could send requests, carefully crafting the timing of individual bytes, which would slowly consume memory.
Memory consumption will potentially cause a denial of service (DoS) via unspecified vectors related to the destruction of an APR bucket.

This will cause a decrease in performance and also for interruptions in the availability of resources.

Severity/Score

CVSS Version 2.0 – 5.0 Medium

Recommendation

To fix CVE-2010-1623, update the version of Apache Portable Runtime Utility library (APR-util) to 1.3.10 or higher.

References

https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-1623

https://cwe.mitre.org/data/definitions/119.html

Read more about DoS here.

< Return to all Vulnerabilities

Servers 101

Let’s have a “quick” Servers 101 Course. Courtesy of Kayran! If you’ve been on the internet for over an hour, you probably already heard of

Read More »

Explaining API

We’ve talked about API’s Vulnerability in here, but i feel like there’s much more to talk about and explain since this is a big and

Read More »