VRDA Feed by JPCERT/CC
  Vulnerability Response Decision Assistance Feed : Information for vulnerability impact analysis
[ about VRDA Feed | JPCERT/CC



 
Vulnerability Analysis Result (Revision No : 1) [ Download XML
JVNDB-2010-002300     ( CVE-2010-1623 | CVE-2010-1623 )
Apache Portable Utility ライブラリの apr_brigade_split_line 関数におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-002300.html

Original

Apache HTTP Server およびその他のソフトウェアの mod_reqtimeout モジュールにて使用される Apache Portable Utility ライブラリ (APR-util) の buckets/apr_brigade.c 内にある apr_brigade_split_line 関数には、APR bucket の 破損に関する処理に不備があるため、メモリリークが発生し、サービス運用妨害 (DoS) 状態となる脆弱性が存在します。

Translation   (Show)





About This Analysis Information
Analysis Information Provider:
JVN iPedia
First Published:
2010-11-15
Source Information Category:
Advisory, Alert
Last Updated:
2010-11-15




Affected Product Tags
cpe:/a:apache:apr-util
cpe:/a:apache:http_server
 


Vulnerability Analysis Results
[Access Vector]  [?]
Undefined [?]

Local [?]
Adjacent Network [?]
X Network [?]
[Access Complexit]  [?]
Undefined [?]

High [?]
Medium [?]
X Low [?]
[Authentication]  [?]
Undefined [?]

Multiple [?]
Single [?]
X None [?]
[Confidentiality Impact]  [?]
Undefined [?]

X None [?]
Partial [?]
Complete [?]
[Integrity Impact]  [?]
Undefined [?]

X None [?]
Partial [?]
Complete [?]
[Availability Impact]  [?]
Undefined [?]

None [?]
X Partial [?]
Complete [?]
Alternatives
Common Vulnerabilities and Exposures (CVE) CVE-2010-1623




National Vulnerability Database (NVD) CVE-2010-1623








References
Apache Released Apache HTTP Server 2.0.64 Released




Apache Released Apache HTTP Server 2.2.17 Released




Apache Software Foundation Fixed in Apache httpd 2.0.64




Apache Software Foundation Fixed in Apache httpd 2.2.16




Apache-SVN 1003495




Apache-SVN 1003626




Apache-SVN 1003492




Apache-SVN 1003493




Apache-SVN 1003494




Changes with Apache CHANGES-APR-UTIL-1.3




Changes with Apache CHANGES_2.2.17




Secunia Advisory SA41701




Secunia Advisory SA41811




SecurityFocus 43673




VUPEN Security VUPEN/ADV-2010-2749




VUPEN Security VUPEN/ADV-2010-2556




VUPEN Security VUPEN/ADV-2010-2557




共通脆弱性タイプ一覧 (CWE) バッファエラー (CWE-119)




Copyright © 2010 JPCERT/CC All Rights Reserved.