A denial of service flaw was found in the way Plone, a user friendly and powerful content management system, performed particular resource related information retrieval in certain cases (request interaction with internal traversal machinery). A remote attacker, having administrator privilege to certain subset of Plone action screens / functionality, could use this flaw to cause uncontrolled resource consumption (infinite loop) by issuing a specially-crafted request.
The CVE identifier of CVE-2013-4188 has been assigned to this issue:
Created plone tracking bugs for this issue:
Affects: epel-5 [bug 991015]