Apache APR-util 'buckets/apr_brigade.c' Denial Of Service Vulnerability Network Vulnerability

Summary

The host is installed with Apache APR-Util and is prone to denial of service vulnerability.

Impact

Successful exploitation will allow attackers to cause a denial of service (memory consumption) via unspecified vectors. Impact Level: Application

Solution

Upgrade to APR-util version 1.3.10 For updates refer to http://apr.apache.org/download.cgi or Apply patch for versions 1.3.x http://svn.apache.org/viewvc?view=revision&revision=1003494 Apply patch for versions 0.9.x http://svn.apache.org/viewvc?view=revision&revision=1003495 ***** NOTE: Ignore this warning if above mentioned patch is already applied. *****

Insight

The flaw is due to an error in 'apr_brigade_split_line()' function in 'buckets/apr_brigade.c', which allows an attacker to cause a denial of service (memory consumption).

Affected

Apache APR-Utils version prior 1.3.10

References

http://secunia.com/advisories/41701
http://security-tracker.debian.org/tracker/CVE-2010-1623
http://www.vupen.com/english/advisories/2010/2556

Updated on 2015-03-25

Severity

Classification

CVE CVE-2010-1623

CVSS	Base Score: 5.0 AV:N/AC:L/Au:N/C:N/I:N/A:P

Related Vulnerabilities

Apple Safari Denial Of Service Vulnerability - Jul09
ClamAV 'parseicon()' Denial Of Service Vulnerability
DB2 DOS
Adobe Acrobat PDF File Denial Of Service Vulnerability
Dopewars Server 'REQUESTJET' Message Remote Denial of Service Vulnerability

Take action and discover your vulnerabilities