ViewVC Remote Code Execution Vulnerability in ViewVC Software
CVE-2009-5024

Currently unrated

Key Information:

Vendor

Viewvc

Status
Viewvc
Vendor
CVE Published:
23 May 2011

What is CVE-2009-5024?

A flaw in ViewVC prior to version 1.1.11 enables remote attackers to bypass the cvsdb row_limit configuration. This oversight can lead to resource consumption attacks, significantly impacting the performance of the affected installation. Attackers can exploit this weakness by manipulating the 'limit' parameter in requests—particularly in actions like querying revision history—thus overwhelming the server's resources.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

http://www.securityfocus.com/bid/47928
vdb-entryx_refsource_BID
http://openwall.com/lists/oss-security/2011/05/19/9
mailing-listx_refsource_MLIST
http://viewvc.tigris.org/issues/show_bug.cgi?id=433
x_refsource_CONFIRM

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.