CVE-2010-1623
apr-util - denial of service
EPSS 28.3%
Description
Memory leak in the apr_brigade_split_line function in buckets/apr_brigade.c in the Apache Portable Runtime Utility library (aka APR-util) before 1.3.10, as used in the mod_reqtimeout module in the Apache HTTP Server and other software, allows remote attackers to cause a denial of service (memory consumption) via unspecified vectors related to the destruction of an APR bucket.
How to fix CVE-2010-1623
To remediate CVE-2010-1623, upgrade the affected package to a fixed version below.
- Debian/apache2—upgrade to 2.2.16-3 or later
- Debian/apr-util—upgrade to 1.3.9+dfsg-4 or later
- —upgrade to 1.2.12+dfsg-8+lenny5 or later
Is CVE-2010-1623 being exploited?
Moderate — EPSS is 28.3%. Track this CVE but it's not at the top of the prioritisation list.
Affected packages (3)
- from 0, < 2.2.16-3
- from 0, < 1.3.9+dfsg-4
- from 0, < 1.2.12+dfsg-8+lenny5