Partial denial of service through Collections functionality

by Matthew Wilkes — last modified Nov 10, 2012 01:01 PM

This DoS causes large amounts of IO and cache churn, meaning it can be used to DoS a site if accessed repeatedly

It is possible for an anonymous user to make requests to collections that are very expensive to render, making DoS easier.

Information for security researchers

CVE Identifier: CVE-2012-5498
Impact Subscore: 2.9
Exploitability Subscore: 10
Overall CVSS Score: 3.9
Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P/E:P/RL:O/RC:C)
CWE: CWE-749
Credit: Richard Mitchell (Plone security team)