CVE-2011-4462

CVE Database · CVE-2011-4462

CVE-2011-4462

· N/AModified

CVSS v3.1

N/A

EPSS

2.15%

Published

Dec 29, 2011

Modified

Apr 28, 2026

Public PoC / Exploit (1)

All weaponized →

TrickestTrickest PoC index

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

Plone 4.1.3 and earlier computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters.

Weaknesses (CWE)

CWE-20

Affected Products (62)

plone · plonevulnerable

plone · plone

References (12)

http://archives.neohapsis.com/archives/bugtraq/2011-12/0181.html

http://secunia.com/advisories/47406

http://www.kb.cert.org/vuls/id/903934

US Government Resource

http://www.nruns.com/_downloads/advisory28122011.pdf

http://www.ocert.org/advisories/ocert-2011-003.html

https://exchange.xforce.ibmcloud.com/vulnerabilities/72018

http://archives.neohapsis.com/archives/bugtraq/2011-12/0181.html

http://secunia.com/advisories/47406

http://www.kb.cert.org/vuls/id/903934

US Government Resource

http://www.nruns.com/_downloads/advisory28122011.pdf

KEV Catalog EPSS Scores Vendors All CVEs