elog before 2.5.7 r1558-4 allows remote attackers to cause a denial of service (infinite redirection) via a request with the fail parameter set to 1, which redirects to the same request.
https://exchange.xforce.ibmcloud.com/vulnerabilities/24707
http://www.securityfocus.com/bid/16579
http://www.debian.org/security/2006/dsa-967