Description
In dotCMS 5.x-22.06, it is possible to call the TempResource multiple times, each time requesting the dotCMS server to download a large file. If done repeatedly, this will result in Tomcat request-thread exhaustion and ultimately a denial of any other requests.
Remediation
References
Related Vulnerabilities
Restlet Framework XML Injection (aka Blind XPath Injection) Vulnerability (CVE-2013-4221)
WordPress Plugin Ninja Forms with File Uploads Extension Cross-Site Scripting (3.3.12)
WordPress Plugin File Manager Cross-Site Scripting (2.9)
WordPress Plugin Active Directory Integration/LDAP Integration Cross-Site Scripting (3.6.94)
Plone CMS Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2012-5505)