关键漏洞信息 漏洞标题: Unrestricted setPerPage allows huge result sets / resource exhaustion / mass log retrieval 报告编号: #3413890 报告时间: 2025年11月6日 8:45am UTC 报告者: vidang04 报告对象: Revive Adserver 严重程度: 中等 (6.5) CVE ID: CVE-2025-55128 描述 The query parameter controls pagination for the log viewer but is not validated or capped on the server. An attacker can supply an extremely large numeric value (for example ) and the application will attempt to honor that value when building the result set. This can cause excessive database work, large responses, application slowdowns, and may enable bulk retrieval of log entries. 步骤 1. Authenticate as a user with access to the log view 2. The values range from 10 to 100. Setting the value for to 300 results in the site still returning the result: 弱点 Allocation of Resources Without Limits or Throttling