|
|
|
|
CWE-405 Individual Dictionary Definition (Draft 9)
Weakness ID
| Status: Incomplete 405 (Weakness Class) | | Description | Summary Software that fails to appropriately monitor or control resource consumption can lead to
adverse system performance. This situation is amplified if the software allows malicious users or attackers
to consume more resources than their access level permits. Exploiting such a weakness can lead to
asymmetric resource consumption, aiding in amplification attacks against the system or the network. | | Functional Area | Non-specific | | Potential Mitigations | An application must make resources available to a client commensurate with the client's access level. An application must, at all times, keep track of allocated resources and meter their usage appropriately. | | Context Notes | There are probably several sub-types besides these. Sometimes this is a factor in "flood" attacks, but other types of amplification exist. | | Relationships | | | Source Taxonomies | PLOVER - Asymmetric resource consumption (amplification) | | Applicable Platforms | All |
|
- Weakness
- Base
- Variant
- Class
- Chain
- Composite
- Category
- View
- Deprecated
