Description

Plone 4.1.3 and earlier computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters.

Remediation

References

CVE-2011-4462

Related Vulnerabilities

WordPress Plugin WooCommerce Upload My File Cross-Site Request Forgery (0.3.9)

Liferay Portal Cleartext Storage of Sensitive Information Vulnerability (CVE-2021-33323)

ProjectSend Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2017-9783)

Oracle JRE CVE-2013-0437 Vulnerability (CVE-2013-0437)

WordPress Plugin Internal Links Manager Multiple Cross-Site Scripting Vulnerabilities (2.1.0)

Severity

Medium

Classification

CVE-2011-4462 CWE-20

Tags

Missing Update Known Vulnerabilities