Apache APR-util 'buckets/apr_brigade.c' Denial Of Service Vulnerability Network Vulnerability

Summary

The host is installed with Apache APR-Util and is prone to denial of service vulnerability.

Impact

Successful exploitation will allow attackers to cause a denial of service (memory consumption) via unspecified vectors. Impact Level: Application

Solution

Upgrade to APR-util version 1.3.10 For updates refer to http://apr.apache.org/download.cgi or Apply patch for versions 1.3.x http://svn.apache.org/viewvc?view=revision&revision=1003494 Apply patch for versions 0.9.x http://svn.apache.org/viewvc?view=revision&revision=1003495 ***** NOTE: Ignore this warning if above mentioned patch is already applied. *****

Insight

The flaw is due to an error in 'apr_brigade_split_line()' function in 'buckets/apr_brigade.c', which allows an attacker to cause a denial of service (memory consumption).

Affected

Apache APR-Utils version prior 1.3.10

References

http://secunia.com/advisories/41701
http://security-tracker.debian.org/tracker/CVE-2010-1623
http://www.vupen.com/english/advisories/2010/2556

Updated on 2015-03-25

Severity

Classification

CVE CVE-2010-1623
CVSS Base Score: 5.0
AV:N/AC:L/Au:N/C:N/I:N/A:P

Related Vulnerabilities

Adobe Flash Media Server XML Data Remote Denial of Service Vulnerability
Apple Safari WebKit Property Memory Leak Remote DoS Vulnerability
Compaq Web SSI DoS
avast! AntiVirus Multiple BOF Vulnerabilities (Linux)
Comodo Internet Security Denial of Service Vulnerability-05

Take action and discover your vulnerabilities