Staging Environment: Content and features may be unstable or change without notice.
Search for vulnerabilities
Vulnerability details: VCID-y8nd-7h3r-7fh5
Vulnerability ID VCID-y8nd-7h3r-7fh5
Aliases CVE-2010-1623
Summary A flaw was found in the apr_brigade_split_line() function of the bundled APR-util library, used to process non-SSL requests. A remote attacker could send requests, carefully crafting the timing of individual bytes, which would slowly consume memory, potentially leading to a denial of service.
Status Published
Exploitability 0.5
Weighted Severity 4.5
Risk 2.2
Affected and Fixed Packages Package Details
Weaknesses (1)
CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
System Score Found at
epss 0.30774 https://api.first.org/data/v1/epss?cve=CVE-2010-1623
epss 0.30774 https://api.first.org/data/v1/epss?cve=CVE-2010-1623
epss 0.30774 https://api.first.org/data/v1/epss?cve=CVE-2010-1623
epss 0.30774 https://api.first.org/data/v1/epss?cve=CVE-2010-1623
epss 0.30774 https://api.first.org/data/v1/epss?cve=CVE-2010-1623
epss 0.30774 https://api.first.org/data/v1/epss?cve=CVE-2010-1623
epss 0.30774 https://api.first.org/data/v1/epss?cve=CVE-2010-1623
epss 0.32649 https://api.first.org/data/v1/epss?cve=CVE-2010-1623
epss 0.32649 https://api.first.org/data/v1/epss?cve=CVE-2010-1623
apache_httpd low https://httpd.apache.org/security/json/CVE-2010-1623.json
cvssv2 5.0 https://nvd.nist.gov/vuln/detail/CVE-2010-1623
Reference id Reference type URL
http://blogs.sun.com/security/entry/cve_2010_1623_memory_leak
http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049885.html
http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049939.html
http://lists.opensuse.org/opensuse-security-announce/2011-11/msg00011.html
http://marc.info/?l=bugtraq&m=130168502603566&w=2
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-1623.json
https://api.first.org/data/v1/epss?cve=CVE-2010-1623
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1623
http://secunia.com/advisories/41701
http://secunia.com/advisories/42015
http://secunia.com/advisories/42361
http://secunia.com/advisories/42367
http://secunia.com/advisories/42403
http://secunia.com/advisories/42537
http://secunia.com/advisories/43211
http://secunia.com/advisories/43285
http://security-tracker.debian.org/tracker/CVE-2010-1623
http://slackware.com/security/viewer.php?l=slackware-security&y=2011&m=slackware-security.627828
https://lists.apache.org/thread.html/54a42d4b01968df1117cea77fc53d6beb931c0e05936ad02af93e9ac%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/5df9bfb86a3b054bb985a45ff9250b0332c9ecc181eec232489e7f79%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r0276683d8e1e07153fc8642618830ac0ade85b9ae0dc7b07f63bb8fc%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r2cb985de917e7da0848c440535f65a247754db8b2154a10089e4247b%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r476d175be0aaf4a17680ef98c5153b4d336eaef76fb2224cc94c463a%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r5f9c22f9c28adbd9f00556059edc7b03a5d5bb71d4bb80257c0d34e4%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r688df6f16f141e966a0a47f817e559312b3da27886f59116a94b273d%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r8828e649175df56f1f9e3919938ac7826128525426e2748f0ab62feb%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r9e8622254184645bc963a1d47c5d47f6d5a36d6f080d8d2c43b2b142%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/rad01d817195e6cc871cb1d73b207ca326379a20a6e7f30febaf56d24%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/rad2acee3ab838b52c04a0698b1728a9a43467bf365bd481c993c535d%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/rb9c9f42dafa25d2f669dac2a536a03f2575bc5ec1be6f480618aee10%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/re2e23465bbdb17ffe109d21b4f192e6b58221cd7aa8797d530b4cd75%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b%40%3Ccvs.httpd.apache.org%3E
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12800
http://svn.apache.org/viewvc?view=revision&revision=1003492
http://svn.apache.org/viewvc?view=revision&revision=1003493
http://svn.apache.org/viewvc?view=revision&revision=1003494
http://svn.apache.org/viewvc?view=revision&revision=1003495
http://svn.apache.org/viewvc?view=revision&revision=1003626
http://ubuntu.com/usn/usn-1021-1
http://www-01.ibm.com/support/docview.wss?uid=swg1PM31601
http://www.apache.org/dist/apr/CHANGES-APR-UTIL-1.3
http://www.mandriva.com/security/advisories?name=MDVSA-2010:192
http://www.redhat.com/support/errata/RHSA-2010-0950.html
http://www.redhat.com/support/errata/RHSA-2011-0896.html
http://www.redhat.com/support/errata/RHSA-2011-0897.html
http://www.securityfocus.com/bid/43673
http://www.ubuntu.com/usn/USN-1022-1
http://www.vupen.com/english/advisories/2010/2556
http://www.vupen.com/english/advisories/2010/2557
http://www.vupen.com/english/advisories/2010/2806
http://www.vupen.com/english/advisories/2010/3064
http://www.vupen.com/english/advisories/2010/3065
http://www.vupen.com/english/advisories/2010/3074
http://www.vupen.com/english/advisories/2011/0358
640281 https://bugzilla.redhat.com/show_bug.cgi?id=640281
cpe:2.3:a:apache:apr-util:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:apr-util:*:*:*:*:*:*:*:*
cpe:2.3:a:apache:apr-util:0.9.1:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:apr-util:0.9.1:*:*:*:*:*:*:*
cpe:2.3:a:apache:apr-util:0.9.10:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:apr-util:0.9.10:*:*:*:*:*:*:*
cpe:2.3:a:apache:apr-util:0.9.11:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:apr-util:0.9.11:*:*:*:*:*:*:*
cpe:2.3:a:apache:apr-util:0.9.12:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:apr-util:0.9.12:*:*:*:*:*:*:*
cpe:2.3:a:apache:apr-util:0.9.13:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:apr-util:0.9.13:*:*:*:*:*:*:*
cpe:2.3:a:apache:apr-util:0.9.14:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:apr-util:0.9.14:*:*:*:*:*:*:*
cpe:2.3:a:apache:apr-util:0.9.15:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:apr-util:0.9.15:*:*:*:*:*:*:*
cpe:2.3:a:apache:apr-util:0.9.16:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:apr-util:0.9.16:*:*:*:*:*:*:*
cpe:2.3:a:apache:apr-util:0.9.17:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:apr-util:0.9.17:*:*:*:*:*:*:*
cpe:2.3:a:apache:apr-util:0.9.18:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:apr-util:0.9.18:*:*:*:*:*:*:*
cpe:2.3:a:apache:apr-util:0.9.2:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:apr-util:0.9.2:*:*:*:*:*:*:*
cpe:2.3:a:apache:apr-util:0.9.3:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:apr-util:0.9.3:*:*:*:*:*:*:*
cpe:2.3:a:apache:apr-util:0.9.4:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:apr-util:0.9.4:*:*:*:*:*:*:*
cpe:2.3:a:apache:apr-util:0.9.5:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:apr-util:0.9.5:*:*:*:*:*:*:*
cpe:2.3:a:apache:apr-util:0.9.6:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:apr-util:0.9.6:*:*:*:*:*:*:*
cpe:2.3:a:apache:apr-util:0.9.7:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:apr-util:0.9.7:*:*:*:*:*:*:*
cpe:2.3:a:apache:apr-util:0.9.8:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:apr-util:0.9.8:*:*:*:*:*:*:*
cpe:2.3:a:apache:apr-util:0.9.9:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:apr-util:0.9.9:*:*:*:*:*:*:*
cpe:2.3:a:apache:apr-util:1.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:apr-util:1.0:*:*:*:*:*:*:*
cpe:2.3:a:apache:apr-util:1.0.1:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:apr-util:1.0.1:*:*:*:*:*:*:*
cpe:2.3:a:apache:apr-util:1.0.2:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:apr-util:1.0.2:*:*:*:*:*:*:*
cpe:2.3:a:apache:apr-util:1.1.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:apr-util:1.1.0:*:*:*:*:*:*:*
cpe:2.3:a:apache:apr-util:1.1.1:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:apr-util:1.1.1:*:*:*:*:*:*:*
cpe:2.3:a:apache:apr-util:1.1.2:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:apr-util:1.1.2:*:*:*:*:*:*:*
cpe:2.3:a:apache:apr-util:1.2.1:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:apr-util:1.2.1:*:*:*:*:*:*:*
cpe:2.3:a:apache:apr-util:1.2.10:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:apr-util:1.2.10:*:*:*:*:*:*:*
cpe:2.3:a:apache:apr-util:1.2.12:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:apr-util:1.2.12:*:*:*:*:*:*:*
cpe:2.3:a:apache:apr-util:1.2.13:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:apr-util:1.2.13:*:*:*:*:*:*:*
cpe:2.3:a:apache:apr-util:1.2.2:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:apr-util:1.2.2:*:*:*:*:*:*:*
cpe:2.3:a:apache:apr-util:1.2.6:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:apr-util:1.2.6:*:*:*:*:*:*:*
cpe:2.3:a:apache:apr-util:1.2.7:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:apr-util:1.2.7:*:*:*:*:*:*:*
cpe:2.3:a:apache:apr-util:1.2.8:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:apr-util:1.2.8:*:*:*:*:*:*:*
cpe:2.3:a:apache:apr-util:1.2.9:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:apr-util:1.2.9:*:*:*:*:*:*:*
cpe:2.3:a:apache:apr-util:1.3.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:apr-util:1.3.0:*:*:*:*:*:*:*
cpe:2.3:a:apache:apr-util:1.3.1:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:apr-util:1.3.1:*:*:*:*:*:*:*
cpe:2.3:a:apache:apr-util:1.3.2:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:apr-util:1.3.2:*:*:*:*:*:*:*
cpe:2.3:a:apache:apr-util:1.3.3:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:apr-util:1.3.3:*:*:*:*:*:*:*
cpe:2.3:a:apache:apr-util:1.3.4:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:apr-util:1.3.4:*:*:*:*:*:*:*
cpe:2.3:a:apache:apr-util:1.3.5:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:apr-util:1.3.5:*:*:*:*:*:*:*
cpe:2.3:a:apache:apr-util:1.3.6:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:apr-util:1.3.6:*:*:*:*:*:*:*
cpe:2.3:a:apache:apr-util:1.3.7:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:apr-util:1.3.7:*:*:*:*:*:*:*
cpe:2.3:a:apache:apr-util:1.3.8:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:apr-util:1.3.8:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*
CVE-2010-1623 https://httpd.apache.org/security/json/CVE-2010-1623.json
CVE-2010-1623 https://nvd.nist.gov/vuln/detail/CVE-2010-1623
GLSA-201405-24 https://security.gentoo.org/glsa/201405-24
RHSA-2010:0950 https://access.redhat.com/errata/RHSA-2010:0950
USN-1021-1 https://usn.ubuntu.com/1021-1/
USN-1022-1 https://usn.ubuntu.com/1022-1/
No exploits are available.
Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P Found at https://nvd.nist.gov/vuln/detail/CVE-2010-1623
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Exploit Prediction Scoring System (EPSS)
Percentile 0.96696
EPSS Score 0.30774
Published At April 1, 2026, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2026-04-01T12:36:17.025827+00:00 Apache HTTPD Importer Import https://httpd.apache.org/security/json/CVE-2010-1623.json 38.0.0