4 matches found
SUSE CVE-2009-5024
ViewVC before 1.1.11 allows remote attackers to bypass the cvsdb rowlimit configuration setting, and consequently conduct resource-consumption attacks, via the limit parameter, as demonstrated by a "query revision history" request...
Fedora 14 : viewvc-1.1.11-1.fc14 (2011-7222)
security fix: remove user-reachable override of cvsdb row limit - fix broken standalone.py -c and -d options handling - add --help option to standalone.py - fix stack trace when asked to checkout a directory issue 478 - improve memory usage and speed of revision log markup issue 477 - fix broken...
Cross site request forgery (csrf)
ViewVC before 1.1.11 allows remote attackers to bypass the cvsdb rowlimit configuration setting, and consequently conduct resource-consumption attacks, via the limit parameter, as demonstrated by a "query revision history" request...
ViewVC -- user-reachable override of cvsdb row limit
ViewVC.org reports: Security fix: remove user-reachable override of cvsdb row limit...