Description
Cytrix has detected a flaw in the apr_brigade_split_line() function of the bundled APR-util library.
Also known as CVE-2010-1623.
It’s being used to process non-SSL requests.
A remote attacker could send requests, carefully crafting the timing of individual bytes, which would slowly consume memory.
Memory consumption will potentially cause a denial of service (DoS) via unspecified vectors related to the destruction of an APR bucket.
This will cause a decrease in performance and also for interruptions in the availability of resources.
Severity/Score
CVSS Version 2.0 – 5.0 Medium
Recommendation
To fix CVE-2010-1623, update the version of Apache Portable Runtime Utility library (APR-util) to 1.3.10 or higher.
References
https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-1623
https://cwe.mitre.org/data/definitions/119.html
Read more about DoS here.