CVE-2009-5024

NONE EPSS 83.7%
Published May 23, 201115y ago · Modified Jun 16, 20262w ago
Find Similar
Published May 23, 2011 15y ago
Last Modified Jun 16, 2026 2w ago

Description

ViewVC before 1.1.11 allows remote attackers to bypass the cvsdb row_limit configuration setting, and consequently conduct resource-consumption attacks, via the limit parameter, as demonstrated by a "query revision history" request.

Threat Intelligence

EPSS Exploit Probability
83.7% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Weaknesses 1

CWE-399

Affected Products 29

VendorProductVersionRange
viewvcviewvc* ≤1.1.10
viewvcviewvc0.8any
viewvcviewvc0.9any
viewvcviewvc0.9.1any
viewvcviewvc0.9.2any
viewvcviewvc0.9.3any
viewvcviewvc0.9.4any
viewvcviewvc1.0.0any
viewvcviewvc1.0.1any
viewvcviewvc1.0.2any
viewvcviewvc1.0.3any
viewvcviewvc1.0.4any
viewvcviewvc1.0.5any
viewvcviewvc1.0.6any
viewvcviewvc1.0.7any
viewvcviewvc1.0.8any
viewvcviewvc1.0.9any
viewvcviewvc1.0.10any
viewvcviewvc1.0.11any
viewvcviewvc1.1.0any
viewvcviewvc1.1.1any
viewvcviewvc1.1.2any
viewvcviewvc1.1.3any
viewvcviewvc1.1.4any
viewvcviewvc1.1.5any
viewvcviewvc1.1.6any
viewvcviewvc1.1.7any
viewvcviewvc1.1.8any
viewvcviewvc1.1.9any

References 8

  • openwall.com http://openwall.com/lists/oss-security/2011/05/19/1
  • openwall.com http://openwall.com/lists/oss-security/2011/05/19/9
  • viewvc.tigris.org http://viewvc.tigris.org/issues/show_bug.cgi?id=433
  • viewvc.tigris.org http://viewvc.tigris.org/source/browse/%2Acheckout%2A/viewvc/tags/1.1.11/CHANGES
  • viewvc.tigris.org http://viewvc.tigris.org/source/browse/viewvc/trunk/lib/cvsdb.py?diff_format=u&view=log#rev2547
  • viewvc.tigris.org http://viewvc.tigris.org/source/browse/viewvc/trunk/lib/viewvc.py?diff_format=u&r1=2547&r2=2546&pathrev=2547
    Patch
  • debian.org http://www.debian.org/security/2012/dsa-2563
  • securityfocus.com http://www.securityfocus.com/bid/47928

Remediation

  • viewvc.tigris.org http://viewvc.tigris.org/source/browse/viewvc/trunk/lib/viewvc.py?diff_format=u&r1=2547&r2=2546&pathrev=2547
    Patch