Funny how things escalate. Looks like someone turned this: > Should we add some randomization to prevent abuse?
Into this: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0840 http://secunia.com/advisories/47862 "The vulnerability is caused due to an error within a hash generation function when hashing form posts and updating a hash table. This can be exploited to cause a hash collision resulting in high CPU consumption via a specially crafted form sent in a HTTP POST request." Reeeallly?? I guess I missed the part where any actual error or exploit was found...