CVE-2009-5024

Name of the Vulnerable Software and Affected Versions ViewVC versions prior to 1.1.11

Description The issue allows remote attackers to bypass the cvsdb row limit configuration setting, leading to potential resource-consumption attacks. This can be achieved via the limit parameter, for example, in a "query revision history" request. The exploitation of these vulnerabilities may result in a breach of confidentiality of protected information.

Recommendations For versions prior to 1.1.11, update to version 1.1.11 or later to resolve the issue. As a temporary workaround, consider restricting access to the limit parameter in the affected API endpoint until a patch is available.