CVE-2010-1623
Summary
| CVE | CVE-2010-1623 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2010-10-04 21:00:00 UTC |
| Updated | 2023-10-03 15:39:00 UTC |
| Description | Memory leak in the apr_brigade_split_line function in buckets/apr_brigade.c in the Apache Portable Runtime Utility library (aka APR-util) before 1.3.10, as used in the mod_reqtimeout module in the Apache HTTP Server and other software, allows remote attackers to cause a denial of service (memory consumption) via unspecified vectors related to the destruction of an APR bucket. |
Risk And Classification
Problem Types: CWE-119
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Apache | Apr-util | 0.9.1 | All | All | All |
| Application | Apache | Apr-util | 0.9.10 | All | All | All |
| Application | Apache | Apr-util | 0.9.11 | All | All | All |
| Application | Apache | Apr-util | 0.9.12 | All | All | All |
| Application | Apache | Apr-util | 0.9.13 | All | All | All |
| Application | Apache | Apr-util | 0.9.14 | All | All | All |
| Application | Apache | Apr-util | 0.9.15 | All | All | All |
| Application | Apache | Apr-util | 0.9.16 | All | All | All |
| Application | Apache | Apr-util | 0.9.17 | All | All | All |
| Application | Apache | Apr-util | 0.9.18 | All | All | All |
| Application | Apache | Apr-util | 0.9.2 | All | All | All |
| Application | Apache | Apr-util | 0.9.3 | All | All | All |
| Application | Apache | Apr-util | 0.9.4 | All | All | All |
| Application | Apache | Apr-util | 0.9.5 | All | All | All |
| Application | Apache | Apr-util | 0.9.6 | All | All | All |
| Application | Apache | Apr-util | 0.9.7 | All | All | All |
| Application | Apache | Apr-util | 0.9.8 | All | All | All |
| Application | Apache | Apr-util | 0.9.9 | All | All | All |
| Application | Apache | Apr-util | 1.0 | All | All | All |
| Application | Apache | Apr-util | 1.0.1 | All | All | All |
| Application | Apache | Apr-util | 1.0.2 | All | All | All |
| Application | Apache | Apr-util | 1.1.0 | All | All | All |
| Application | Apache | Apr-util | 1.1.1 | All | All | All |
| Application | Apache | Apr-util | 1.1.2 | All | All | All |
| Application | Apache | Apr-util | 1.2.1 | All | All | All |
| Application | Apache | Apr-util | 1.2.10 | All | All | All |
| Application | Apache | Apr-util | 1.2.12 | All | All | All |
| Application | Apache | Apr-util | 1.2.13 | All | All | All |
| Application | Apache | Apr-util | 1.2.2 | All | All | All |
| Application | Apache | Apr-util | 1.2.6 | All | All | All |
| Application | Apache | Apr-util | 1.2.7 | All | All | All |
| Application | Apache | Apr-util | 1.2.8 | All | All | All |
| Application | Apache | Apr-util | 1.2.9 | All | All | All |
| Application | Apache | Apr-util | 1.3.0 | All | All | All |
| Application | Apache | Apr-util | 1.3.1 | All | All | All |
| Application | Apache | Apr-util | 1.3.2 | All | All | All |
| Application | Apache | Apr-util | 1.3.3 | All | All | All |
| Application | Apache | Apr-util | 1.3.4 | All | All | All |
| Application | Apache | Apr-util | 1.3.5 | All | All | All |
| Application | Apache | Apr-util | 1.3.6 | All | All | All |
| Application | Apache | Apr-util | 1.3.7 | All | All | All |
| Application | Apache | Apr-util | 1.3.8 | All | All | All |
| Application | Apache | Apr-util | 0.9.1 | All | All | All |
| Application | Apache | Apr-util | 0.9.10 | All | All | All |
| Application | Apache | Apr-util | 0.9.11 | All | All | All |
| Application | Apache | Apr-util | 0.9.12 | All | All | All |
| Application | Apache | Apr-util | 0.9.13 | All | All | All |
| Application | Apache | Apr-util | 0.9.14 | All | All | All |
| Application | Apache | Apr-util | 0.9.15 | All | All | All |
| Application | Apache | Apr-util | 0.9.16 | All | All | All |
| Application | Apache | Apr-util | 0.9.17 | All | All | All |
| Application | Apache | Apr-util | 0.9.18 | All | All | All |
| Application | Apache | Apr-util | 0.9.2 | All | All | All |
| Application | Apache | Apr-util | 0.9.3 | All | All | All |
| Application | Apache | Apr-util | 0.9.4 | All | All | All |
| Application | Apache | Apr-util | 0.9.5 | All | All | All |
| Application | Apache | Apr-util | 0.9.6 | All | All | All |
| Application | Apache | Apr-util | 0.9.7 | All | All | All |
| Application | Apache | Apr-util | 0.9.8 | All | All | All |
| Application | Apache | Apr-util | 0.9.9 | All | All | All |
| Application | Apache | Apr-util | 1.0 | All | All | All |
| Application | Apache | Apr-util | 1.0.1 | All | All | All |
| Application | Apache | Apr-util | 1.0.2 | All | All | All |
| Application | Apache | Apr-util | 1.1.0 | All | All | All |
| Application | Apache | Apr-util | 1.1.1 | All | All | All |
| Application | Apache | Apr-util | 1.1.2 | All | All | All |
| Application | Apache | Apr-util | 1.2.1 | All | All | All |
| Application | Apache | Apr-util | 1.2.10 | All | All | All |
| Application | Apache | Apr-util | 1.2.12 | All | All | All |
| Application | Apache | Apr-util | 1.2.13 | All | All | All |
| Application | Apache | Apr-util | 1.2.2 | All | All | All |
| Application | Apache | Apr-util | 1.2.6 | All | All | All |
| Application | Apache | Apr-util | 1.2.7 | All | All | All |
| Application | Apache | Apr-util | 1.2.8 | All | All | All |
| Application | Apache | Apr-util | 1.2.9 | All | All | All |
| Application | Apache | Apr-util | 1.3.0 | All | All | All |
| Application | Apache | Apr-util | 1.3.1 | All | All | All |
| Application | Apache | Apr-util | 1.3.2 | All | All | All |
| Application | Apache | Apr-util | 1.3.3 | All | All | All |
| Application | Apache | Apr-util | 1.3.4 | All | All | All |
| Application | Apache | Apr-util | 1.3.5 | All | All | All |
| Application | Apache | Apr-util | 1.3.6 | All | All | All |
| Application | Apache | Apr-util | 1.3.7 | All | All | All |
| Application | Apache | Apr-util | 1.3.8 | All | All | All |
| Application | Apache | Apr-util | All | All | All | All |
| Application | Apache | Http Server | All | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Pony Mail! | MISC | lists.apache.org | |
| [Apache-SVN] Revision 1003495 | CONFIRM | svn.apache.org | Patch |
| Pony Mail! | MLIST | lists.apache.org | |
| Pony Mail! | MISC | lists.apache.org | |
| Pony Mail! | MLIST | lists.apache.org | |
| Pony Mail! | MLIST | lists.apache.org | |
| Webmail : Solution de messagerie professionnelle - OVHcloud- OVH | VUPEN | www.vupen.com | Vendor Advisory |
| [SECURITY] Fedora 13 Update: apr-util-1.3.10-1.fc13 | FEDORA | lists.fedoraproject.org | |
| Pony Mail! | MLIST | lists.apache.org | |
| [Apache-SVN] Revision 1003492 | CONFIRM | svn.apache.org | Patch |
| Pony Mail! | MISC | lists.apache.org | |
| Webmail : Solution de messagerie professionnelle - OVHcloud- OVH | VUPEN | www.vupen.com | Vendor Advisory |
| mandriva.com | MANDRIVA | www.mandriva.com | |
| Pony Mail! | MISC | lists.apache.org | |
| Pony Mail! | MLIST | lists.apache.org | |
| USN-1022-1: APR-util vulnerability | Ubuntu | UBUNTU | www.ubuntu.com | |
| Pony Mail! | MISC | lists.apache.org | |
| Webmail : Solution de messagerie professionnelle - OVHcloud- OVH | VUPEN | www.vupen.com | Patch, Vendor Advisory |
| Apache APR-util 'apr_brigade_split_line()' Denial of Service Vulnerability | BID | www.securityfocus.com | |
| Pony Mail! | MISC | lists.apache.org | |
| Webmail : Solution de messagerie professionnelle - OVHcloud- OVH | VUPEN | www.vupen.com | Vendor Advisory |
| Oracle Solaris APR-util "apr_brigade_split_line()" Denial of Service Vulnerability - Advisories - Community | SECUNIA | secunia.com | Vendor Advisory |
| Pony Mail! | MLIST | lists.apache.org | |
| Webmail : Solution de messagerie professionnelle - OVHcloud- OVH | VUPEN | www.vupen.com | Vendor Advisory |
| Pony Mail! | MISC | lists.apache.org | |
| Pony Mail! | MISC | lists.apache.org | |
| Red Hat Customer Portal | REDHAT | www.redhat.com | Vendor Advisory |
| PM31601: Z/OS IBM HTTP SERVER FOR WEBSPHERE (POWERED BY APACHE) FIX PACK 7.0.0.15 | AIXAPAR | www-01.ibm.com | |
| Pony Mail! | MLIST | lists.apache.org | |
| Pony Mail! | MLIST | lists.apache.org | |
| Pony Mail! | MISC | lists.apache.org | |
| Pony Mail! | MLIST | lists.apache.org | |
| Pony Mail! | MLIST | lists.apache.org | |
| Pony Mail! | MISC | lists.apache.org | |
| Webmail : Solution de messagerie professionnelle - OVHcloud- OVH | VUPEN | www.vupen.com | Vendor Advisory |
| The Slackware Linux Project: Slackware Security Advisories | SLACKWARE | slackware.com | |
| Pony Mail! | MISC | lists.apache.org | |
| IBM WebSphere Application Server for z/OS "apr_brigade_split_line()" Denial of Service - Advisories - Community | SECUNIA | secunia.com | Vendor Advisory |
| Pony Mail! | MLIST | lists.apache.org | |
| Pony Mail! | MISC | lists.apache.org | |
| Red Hat update for apr-util - Secunia.com | SECUNIA | secunia.com | Vendor Advisory |
| Pony Mail! | MLIST | lists.apache.org | |
| [security-announce] SUSE-SU-2011:1229-1: important: Security update for | SUSE | lists.opensuse.org | |
| Ubuntu update for apr-util - Advisories - Community | SECUNIA | secunia.com | Vendor Advisory |
| Pony Mail! | MLIST | lists.apache.org | |
| Repository / Oval Repository | OVAL | oval.cisecurity.org | |
| [Apache-SVN] Revision 1003626 | CONFIRM | svn.apache.org | Patch |
| Pony Mail! | MISC | lists.apache.org | |
| Pony Mail! | MISC | lists.apache.org | |
| CVE-2010-1623 | CONFIRM | security-tracker.debian.org | |
| Red Hat Customer Portal | REDHAT | www.redhat.com | Vendor Advisory |
| Fedora update for apr-util - Secunia.com | SECUNIA | secunia.com | Vendor Advisory |
| Pony Mail! | MISC | lists.apache.org | |
| Pony Mail! | MISC | lists.apache.org | |
| Pony Mail! | MISC | lists.apache.org | |
| Pony Mail! | MLIST | lists.apache.org | |
| Pony Mail! | MISC | lists.apache.org | |
| Webmail : Solution de messagerie professionnelle - OVHcloud- OVH | VUPEN | www.vupen.com | Vendor Advisory |
| [SECURITY] Fedora 12 Update: apr-util-1.3.10-1.fc12 | FEDORA | lists.fedoraproject.org | |
| Pony Mail! | MLIST | lists.apache.org | |
| Support | REDHAT | www.redhat.com | Vendor Advisory |
| '[security bulletin] HPSBUX02645 SSRT100387 rev.1 - HP-UX Apache Web Server, Remote Information Discl' - MARC | HP | marc.info | |
| Security Alerts - Secunia | SECUNIA | secunia.com | Vendor Advisory |
| [Apache-SVN] Revision 1003494 | CONFIRM | svn.apache.org | Patch |
| Pony Mail! | MLIST | lists.apache.org | |
| USN-1021-1: Apache vulnerabilities | Ubuntu | UBUNTU | ubuntu.com | |
| Pony Mail! | MLIST | lists.apache.org | |
| Pony Mail! | MISC | lists.apache.org | |
| Pony Mail! | MISC | lists.apache.org | |
| Apache APR-util Multiple Denial of Service Vulnerabilities - Advisories - Community | SECUNIA | secunia.com | Vendor Advisory |
| Pony Mail! | MLIST | lists.apache.org | |
| Pony Mail! | MISC | lists.apache.org | |
| Security | CONFIRM | blogs.sun.com | |
| Pony Mail! | MLIST | lists.apache.org | |
| Pony Mail! | MLIST | lists.apache.org | |
| [Apache-SVN] Revision 1003493 | CONFIRM | svn.apache.org | Patch |
| Pony Mail! | MLIST | lists.apache.org | |
| Pony Mail! | MISC | lists.apache.org | |
| Pony Mail! | MLIST | lists.apache.org | |
| 404 Not Found | CONFIRM | www.apache.org | |
| Ubuntu update for apache2 - Advisories - Community | SECUNIA | secunia.com | Vendor Advisory |
| Pony Mail! | MITRE | lists.apache.org | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.