Description
Plone 4.1.3 and earlier computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters.
Remediation
References
Related Vulnerabilities
Moodle Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2016-5014)
WordPress Plugin Content Blocks (Custom Post Widget) Local File Inclusion (3.3.0)
WordPress Plugin Stealth Login Page Unspecified Vulnerability (1.1.3)
WordPress Plugin WP-Lister Lite for Amazon Directory Traversal (0.9.6.35)