DoS through unsanitised inputs into Kupu

This is a vulnerability in Plone <4.0, that allows anonymous users to cause a ZServer thread to lock through a crafted URL, causing it to refuse to serve future requests.

Information for security researchers

CVE Identifier: CVE-2012-5496
Impact Subscore: 6.9
Exploitability Subscore: 10
Overall CVSS Score: 4.7
Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P/E:U/RL:O/RC:C)
CWE: CWE-116, CWE-138
Credit: Richard Mitchell (Plone security team)