9 matches found
SUSE CVE-2009-5024
ViewVC before 1.1.11 allows remote attackers to bypass the cvsdb rowlimit configuration setting, and consequently conduct resource-consumption attacks, via the limit parameter, as demonstrated by a "query revision history" request...
openSUSE Security Update : viewvc (openSUSE-SU-2011:0529-1)
cvsdb.py in viewvc did not honor an admin defined row limit which could cause high load on the database server. viewvc was updated to version 1.1.11 which fixes the issue CVE-2009-5024. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin wer...
openSUSE Security Update : viewvc (openSUSE-SU-2011:0529-1)
cvsdb.py in viewvc did not honor an admin defined row limit which could cause high load on the database server. viewvc was updated to version 1.1.11 which fixes the issue CVE-2009-5024. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin wer...
[SECURITY] [DSA 2563-1] viewvc security update
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2563-1 [email protected] http://www.debian.org/security/ Thijs Kinkhorst October 23, 2012 http://www.debian.org/security/faq -...
Debian: Security Advisory (DSA-2563-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Debian DSA-2563-1 : viewvc - several vulnerabilities
Several vulnerabilities were found in ViewVC, a web interface for CVS and Subversion repositories. - CVE-2009-5024 Remote attackers can bypass the cvsdb rowlimit configuration setting, and consequently conduct resource-consumption attacks via the limit parameter. - CVE-2012-3356 The remote...
[SECURITY] [DSA 2563-1] viewvc security update
------------------------------------------------------------------------- Debian Security Advisory DSA-2563-1 [email protected] http://www.debian.org/security/ Thijs Kinkhorst October 23, 2012 http://www.debian.org/security/faq -...
Fedora Update for viewvc FEDORA-2011-7222
The remote host is missing an update for the SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...
CVE-2009-5024
CVE-2009-5024 affects ViewVC (CVS/Subversion web interface). The root cause: cvsdb.py did not honor an admin-defined row limit, enabling remote attackers to trigger resource consumption via the limit parameter, e.g., in the “query revision history” operation. Impact is elevated load on the databa...