[原文]anlgform.pl in Analog before 5.23 does not restrict access to the PROGRESSFREQ progress update command, which allows remote attackers to cause a denial of service (disk consumption) by using the command to report updates more frequently and fill the web server error log.
Analog contains a flaw that allows a local user to create a denial of service. The issue is due to the anlgform.pl (CGI front end to the Analog package) not preventing all privileged commands from being run by untrusted users. If an attacker uses the PROGRESSFREQ command they can set updates to be written very frequently, filling up the web server error log and exhausting disk space.
Upgrade to version 5.23 or higher, as it has been reported to fix this
vulnerability. An upgrade is required as there are no known workarounds.