Description

Plone 4.1.3 and earlier computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters.

Remediation

References

CVE-2011-4462

Related Vulnerabilities

WordPress Plugin Captcha by BestWebSoft Multiple Cross-Site Scripting Vulnerabilities (4.0.2)

GlassFish CVE-2016-5528 Vulnerability (CVE-2016-5528)

WordPress Plugin Ultimate Reviews PHP Object Injection (2.1.32)

ownCloud Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2013-0202)

WordPress Plugin Simple Custom CSS and JS Cross-Site Scripting (3.3)

Severity

Medium

Classification

CVE-2011-4462 CWE-20

Tags

Missing Update Known Vulnerabilities