CWE
Home > CWE List > CWE-405 Individual Dictionary Definition (Draft 9)   View the CWE List

CWE-405 Individual Dictionary Definition (Draft 9)

Asymmetric Resource Consumption (Amplification)
Weakness ID
Status: Incomplete

405 (Weakness Class)

Description

Summary

Software that fails to appropriately monitor or control resource consumption can lead to adverse system performance. This situation is amplified if the software allows malicious users or attackers to consume more resources than their access level permits. Exploiting such a weakness can lead to asymmetric resource consumption, aiding in amplification attacks against the system or the network.

Functional Area

Non-specific

Potential Mitigations

An application must make resources available to a client commensurate with the client's access level.

An application must, at all times, keep track of allocated resources and meter their usage appropriately.

Context Notes

There are probably several sub-types besides these.

Sometimes this is a factor in "flood" attacks, but other types of amplification exist.

Relationships
NatureTypeIDName
ChildOfCategoryCategory399Resource Management Errors
PeerOfWeakness BaseWeakness BaseWeakness Base404Improper Resource Shutdown or Release
ParentOfWeakness BaseWeakness BaseWeakness Base406Network Amplification
ParentOfWeakness BaseWeakness BaseWeakness Base407Algorithmic Complexity
ParentOfWeakness BaseWeakness BaseWeakness Base408Incorrect Behavior Order: Early Amplification
ParentOfWeakness BaseWeakness BaseWeakness Base409Failure to Handle Highly Compressed Data (Data Amplification)
Source Taxonomies

PLOVER - Asymmetric resource consumption (amplification)

Applicable Platforms

All

Page Last Updated: April 22, 2008