Partial denial of service through Collections functionality
It is possible for an anonymous user to make requests to collections that are very expensive to render, making DoS easier.
Information for security researchers
CVE Identifier: CVE-2012-5498
Impact Subscore: 2.9
Exploitability Subscore: 10
Overall CVSS Score: 3.9
Credit: Richard Mitchell (Plone security team)