VDB
CVE-2009-5024
CVE-2009-5024
PUBLISHED
CVSS 5 MEDIUM
ViewVC before 1.1.11 allows remote attackers to bypass the cvsdb row_limit configuration setting, and consequently conduct resource-consumption attacks, via the limit parameter, as demonstrated by a "query revision history" request.
EPSS 0.50% · 66.5th percentile
Risk Scores
CVSS 2.0
5
EPSS Score
0.50%
66.5th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| n/a | n/a | n/a |
| viewvc | viewvc | 0, 0.8, 0.9 |
Timeline
- May 23, 2011 CVE Published
- Feb 4, 2022 EPSS Score
- Mar 29, 2022 EPSS Score
- May 20, 2022 EPSS Score
- Jul 12, 2022 EPSS Score
- Sep 4, 2022 EPSS Score
- Oct 26, 2022 EPSS Score
- Dec 18, 2022 EPSS Score
- Feb 9, 2023 EPSS Score
- Apr 2, 2023 EPSS Score
- May 25, 2023 EPSS Score
- Jul 17, 2023 EPSS Score
References
- 47928 vdb
- [oss-security] 20110519 Re: CVE Request: viewvc DoS mailing-list
- http://viewvc.tigris.org/issues/show_bug.cgi?id=433 url
- http://viewvc.tigris.org/source/browse/viewvc/trunk/lib/viewvc.py?diff_format=u&r1=2547&r2=2546&pathrev=2547 url
- [oss-security] 20110519 CVE Request: viewvc DoS mailing-list
- DSA-2563 vendor-advisory
- http://viewvc.tigris.org/source/browse/%2Acheckout%2A/viewvc/tags/1.1.11/CHANGES url
- http://viewvc.tigris.org/source/browse/viewvc/trunk/lib/cvsdb.py?diff_format=u&view=log#rev2547 url
- https://nvd.nist.gov/vuln/detail/CVE-2009-5024 advisory
- http://viewvc.tigris.org/source/browse/*checkout*/viewvc/tags/1.1.11/CHANGES url