Memory leak in the apr_brigade_split_line function in buckets/apr_brigade.c in the Apache Portable Runtime Utility library (aka APR-util) before 1.3.10, as used in the mod_reqtimeout module in the Apache HTTP Server and other software, allows remote attackers to cause a denial of service (memory consumption) via unspecified vectors related to the destruction of an APR bucket.
http://blogs.sun.com/security/entry/cve_2010_1623_memory_leak
http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049885.html
http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049939.html
http://lists.opensuse.org/opensuse-security-announce/2011-11/msg00011.html
http://marc.info/?l=bugtraq&m=130168502603566&w=2
http://secunia.com/advisories/41701
http://secunia.com/advisories/42015
http://secunia.com/advisories/42361
http://secunia.com/advisories/42367
http://secunia.com/advisories/42403
http://secunia.com/advisories/42537
http://secunia.com/advisories/43211
http://secunia.com/advisories/43285
http://security-tracker.debian.org/tracker/CVE-2010-1623
http://slackware.com/security/viewer.php?l=slackware-security&y=2011&m=slackware-security.627828
http://svn.apache.org/viewvc?view=revision&revision=1003492
http://svn.apache.org/viewvc?view=revision&revision=1003493
http://svn.apache.org/viewvc?view=revision&revision=1003494
http://svn.apache.org/viewvc?view=revision&revision=1003495
http://svn.apache.org/viewvc?view=revision&revision=1003626
http://ubuntu.com/usn/usn-1021-1
http://www.apache.org/dist/apr/CHANGES-APR-UTIL-1.3
http://www.mandriva.com/security/advisories?name=MDVSA-2010:192
http://www.redhat.com/support/errata/RHSA-2010-0950.html
http://www.redhat.com/support/errata/RHSA-2011-0896.html
http://www.redhat.com/support/errata/RHSA-2011-0897.html
http://www.securityfocus.com/bid/43673
http://www.ubuntu.com/usn/USN-1022-1
http://www.vupen.com/english/advisories/2010/2556
http://www.vupen.com/english/advisories/2010/2557
http://www.vupen.com/english/advisories/2010/2806
http://www.vupen.com/english/advisories/2010/3064
http://www.vupen.com/english/advisories/2010/3065
http://www.vupen.com/english/advisories/2010/3074
http://www.vupen.com/english/advisories/2011/0358
http://www-01.ibm.com/support/docview.wss?uid=swg1PM31601
https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12800
OR
cpe:2.3:a:apache:apr-util:0.9.1:*:*:*:*:*:*:*
cpe:2.3:a:apache:apr-util:0.9.2:*:*:*:*:*:*:*
cpe:2.3:a:apache:apr-util:0.9.3:*:*:*:*:*:*:*
cpe:2.3:a:apache:apr-util:0.9.4:*:*:*:*:*:*:*
cpe:2.3:a:apache:apr-util:0.9.5:*:*:*:*:*:*:*
cpe:2.3:a:apache:apr-util:0.9.6:*:*:*:*:*:*:*
cpe:2.3:a:apache:apr-util:0.9.7:*:*:*:*:*:*:*
cpe:2.3:a:apache:apr-util:0.9.8:*:*:*:*:*:*:*
cpe:2.3:a:apache:apr-util:0.9.9:*:*:*:*:*:*:*
cpe:2.3:a:apache:apr-util:0.9.10:*:*:*:*:*:*:*
cpe:2.3:a:apache:apr-util:0.9.11:*:*:*:*:*:*:*
cpe:2.3:a:apache:apr-util:0.9.12:*:*:*:*:*:*:*
cpe:2.3:a:apache:apr-util:0.9.13:*:*:*:*:*:*:*
cpe:2.3:a:apache:apr-util:0.9.14:*:*:*:*:*:*:*
cpe:2.3:a:apache:apr-util:0.9.15:*:*:*:*:*:*:*
cpe:2.3:a:apache:apr-util:0.9.16:*:*:*:*:*:*:*
cpe:2.3:a:apache:apr-util:0.9.17:*:*:*:*:*:*:*
cpe:2.3:a:apache:apr-util:0.9.18:*:*:*:*:*:*:*
cpe:2.3:a:apache:apr-util:1.0:*:*:*:*:*:*:*
cpe:2.3:a:apache:apr-util:1.0.1:*:*:*:*:*:*:*
cpe:2.3:a:apache:apr-util:1.0.2:*:*:*:*:*:*:*
cpe:2.3:a:apache:apr-util:1.1.0:*:*:*:*:*:*:*
cpe:2.3:a:apache:apr-util:1.1.1:*:*:*:*:*:*:*
cpe:2.3:a:apache:apr-util:1.1.2:*:*:*:*:*:*:*
cpe:2.3:a:apache:apr-util:1.2.1:*:*:*:*:*:*:*
cpe:2.3:a:apache:apr-util:1.2.2:*:*:*:*:*:*:*
cpe:2.3:a:apache:apr-util:1.2.6:*:*:*:*:*:*:*
cpe:2.3:a:apache:apr-util:1.2.7:*:*:*:*:*:*:*
cpe:2.3:a:apache:apr-util:1.2.8:*:*:*:*:*:*:*
cpe:2.3:a:apache:apr-util:1.2.9:*:*:*:*:*:*:*
cpe:2.3:a:apache:apr-util:1.2.10:*:*:*:*:*:*:*
cpe:2.3:a:apache:apr-util:1.2.12:*:*:*:*:*:*:*
cpe:2.3:a:apache:apr-util:1.2.13:*:*:*:*:*:*:*
cpe:2.3:a:apache:apr-util:1.3.0:*:*:*:*:*:*:*
cpe:2.3:a:apache:apr-util:1.3.1:*:*:*:*:*:*:*
cpe:2.3:a:apache:apr-util:1.3.2:*:*:*:*:*:*:*
cpe:2.3:a:apache:apr-util:1.3.3:*:*:*:*:*:*:*
cpe:2.3:a:apache:apr-util:1.3.4:*:*:*:*:*:*:*
cpe:2.3:a:apache:apr-util:1.3.5:*:*:*:*:*:*:*
cpe:2.3:a:apache:apr-util:1.3.6:*:*:*:*:*:*:*
cpe:2.3:a:apache:apr-util:1.3.7:*:*:*:*:*:*:*
cpe:2.3:a:apache:apr-util:1.3.8:*:*:*:*:*:*:*
cpe:2.3:a:apache:apr-util:*:*:*:*:*:*:*:* versions up to 1.3.9 (inclusive)
ID | Name | Product | Family | Severity |
---|---|---|---|---|
85946 | F5 Networks BIG-IP : Apache vulnerability (SOL15902) | Nessus | F5 Networks Local Security Checks | medium |
75785 | openSUSE Security Update : apache2 (openSUSE-SU-2011:0859-1) | Nessus | SuSE Local Security Checks | medium |
75424 | openSUSE Security Update : apache2 (openSUSE-SU-2011:0859-1) | Nessus | SuSE Local Security Checks | medium |
74066 | GLSA-201405-24 : Apache Portable Runtime, APR Utility Library: Denial of Service | Nessus | Gentoo Local Security Checks | medium |
68155 | Oracle Linux 4 / 5 / 6 : apr-util (ELSA-2010-0950) | Nessus | Oracle Linux Local Security Checks | medium |
800577 | Apache 2.2 < 2.2.17 Multiple Vulnerabilities | Log Correlation Engine | Web Servers | high |
6793 | Apache 2.2 < 2.2.17 Multiple Vulnerabilities | Nessus Network Monitor | Web Servers | medium |
60915 | Scientific Linux Security Update : apr-util on SL4.x, SL5.x i386/x86_64 | Nessus | Scientific Linux Local Security Checks | medium |
58811 | HP System Management Homepage < 7.0 Multiple Vulnerabilities | Nessus | Web Servers | critical |
55566 | SuSE 10 Security Update : libapr (ZYPP Patch Number 7611) | Nessus | SuSE Local Security Checks | medium |
55564 | SuSE 11.1 Security Update : libapr (SAT Patch Number 4845) | Nessus | SuSE Local Security Checks | medium |
55563 | SuSE 11.1 Security Update : libapr (SAT Patch Number 4845) | Nessus | SuSE Local Security Checks | medium |
51942 | Slackware 12.0 / 12.1 / 12.2 / 13.0 / 13.1 / current : httpd (SSA:2011-041-03) | Nessus | Slackware Local Security Checks | medium |
51940 | Slackware 11.0 / 12.0 / 12.1 / 12.2 / 13.0 / 13.1 / current : apr-util (SSA:2011-041-01) | Nessus | Slackware Local Security Checks | medium |
51776 | CentOS 4 : apr-util (CESA-2010:0950) | Nessus | CentOS Local Security Checks | medium |
51072 | RHEL 4 / 5 / 6 : apr-util (RHSA-2010:0950) | Nessus | Red Hat Local Security Checks | medium |
50824 | Ubuntu 8.04 LTS / 9.10 / 10.04 LTS / 10.10 : apr-util vulnerability (USN-1022-1) | Nessus | Ubuntu Local Security Checks | medium |
50823 | Ubuntu 6.06 LTS / 8.04 LTS / 9.10 / 10.04 LTS / 10.10 : apache2 vulnerabilities (USN-1021-1) | Nessus | Ubuntu Local Security Checks | medium |
50532 | Fedora 14 : apr-util-1.3.10-1.fc14 (2010-16178) | Nessus | Fedora Local Security Checks | medium |
50393 | Fedora 13 : apr-util-1.3.10-1.fc13 (2010-15953) | Nessus | Fedora Local Security Checks | medium |
50392 | Fedora 12 : apr-util-1.3.10-1.fc12 (2010-15916) | Nessus | Fedora Local Security Checks | medium |
50070 | Apache 2.2.x < 2.2.17 Multiple Vulnerabilities | Nessus | Web Servers | medium |
50069 | Apache 2.0.x < 2.0.64 Multiple Vulnerabilities | Nessus | Web Servers | high |
49770 | FreeBSD : apr -- multiple vunerabilities (dd943fbb-d0fe-11df-95a8-00219b0fc4d8) | Nessus | FreeBSD Local Security Checks | medium |
49767 | Debian DSA-2117-1 : apr-util - denial of service | Nessus | Debian Local Security Checks | medium |
49739 | Mandriva Linux Security Advisory : apr-util (MDVSA-2010:192) | Nessus | Mandriva Local Security Checks | medium |