The Misery module 6.x-2.x before 6.x-2.5 and 7.x-2.x before 7.x-2.2 for Drupal, when the "delay misery" configuration is set to a high value, allows remote attackers to cause a denial of service (process consumption) via multiple requests.
https://drupal.org/node/2135273
https://drupal.org/node/2134413
https://drupal.org/node/2134409