Apache – CVE-2010-1623

Description

Kayran has detected a flaw in the apr_brigade_split_line() function of the bundled APR-util library.
Also known as CVE-2010-1623.
It’s being used to process non-SSL requests.

A remote attacker could send requests, carefully crafting the timing of individual bytes, which would slowly consume memory.
Memory consumption will potentially cause a denial of service (DoS) via unspecified vectors related to the destruction of an APR bucket.

This will cause a decrease in performance and also for interruptions in the availability of resources.

Recommendation

To fix CVE-2010-1623, update the version of Apache Portable Runtime Utility library (APR-util) to 1.3.10 or higher.

References

https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-1623

https://cwe.mitre.org/data/definitions/119.html

Read more about DoS here.

< Return to all Vulnerabilities

Red Team

You’ve probably heard that there are teams in the Cyber field called Red Team and Blue Team. Let’s talk about the red one, shall we?

Read More »

Man-In-The-Middle Attacks

Do you know these people who just push themselves into conversations?That’s Man-In-The-Middle Attacks. And from a wider angle, Man-In-The-Middle Attacks, or MITM, are built around

Read More »