Description
The software allocates a reusable resource or group of resources on behalf of an actor without imposing any restrictions on the size or number of resources that can be allocated, in violation of the intended security policy for that actor.
Modes of Introduction:
– Architecture and Design
Likelihood of Exploit: High
Related Weaknesses
Consequences
Availability: DoS: Resource Consumption (CPU), DoS: Resource Consumption (Memory), DoS: Resource Consumption (Other)
When allocating resources without limits, an attacker could prevent other systems, applications, or processes from accessing the same type of resource.
Potential Mitigations
Phase: Requirements
Effectiveness:
Description:
Clearly specify the minimum and maximum expectations for capabilities, and dictate which behaviors are acceptable when resource allocation reaches limits.
Phase: Architecture and Design
Effectiveness:
Description:
Limit the amount of resources that are accessible to unprivileged users. Set per-user limits for resources. Allow the system administrator to define these limits. Be careful to avoid CWE-410.
Phase: Architecture and Design
Effectiveness:
Description:
Design throttling mechanisms into the system architecture. The best protection is to limit the amount of resources that an unauthorized user can cause to be expended. A strong authentication and access control model will help prevent such attacks from occurring in the first place, and it will help the administrator to identify who is committing the abuse. The login application should be protected against DoS attacks as much as possible. Limiting the database access, perhaps by caching result sets, can help minimize the resources expended. To further limit the potential for a DoS attack, consider tracking the rate of requests received from users and blocking requests that exceed a defined rate threshold.
Phase: Implementation
Effectiveness:
Description:
This will only be applicable to cases where user input can influence the size or frequency of resource allocations.
Phase: Architecture and Design
Effectiveness:
Description:
For any security checks that are performed on the client side, ensure that these checks are duplicated on the server side, in order to avoid CWE-602. Attackers can bypass the client-side checks by modifying values after the checks have been performed, or by changing the client to remove the client-side checks entirely. Then, these modified values would be submitted to the server.
Phase: Architecture and Design
Effectiveness:
Description:
Phase: Architecture and Design
Effectiveness:
Description:
Ensure that protocols have specific limits of scale placed on them.
Phase: Architecture and Design, Implementation
Effectiveness:
Description:
Phase: Operation, Architecture and Design
Effectiveness:
Description:
CVE References
- CVE-2009-4017
- Language interpreter does not restrict the number of temporary files being created when handling a MIME request with a large number of parts..
- CVE-2009-2726
- Driver does not use a maximum width when invoking sscanf style functions, causing stack consumption.
- CVE-2009-2540
- Large integer value for a length property in an object causes a large amount of memory allocation.
- CVE-2009-2054
- Product allows exhaustion of file descriptors when processing a large number of TCP packets.
- CVE-2008-5180
- Communication product allows memory consumption with a large number of SIP requests, which cause many sessions to be created.
- CVE-2008-1700
- Product allows attackers to cause a denial of service via a large number of directives, each of which opens a separate window.
- CVE-2005-4650
- CMS does not restrict the number of searches that can occur simultaneously, leading to resource exhaustion.
- CVE-2020-15100
- web application scanner attempts to read an excessively large file created by a user, causing process termination
More Stories
The Most Dangerous Vulnerabilities in Apache Tomcat and How to Protect Against Them
Apache Tomcat is an open-source web server and servlet container that is widely used in enterprise environments to run Java...
ZDI-CAN-18333: A Critical Zero-Day Vulnerability in Microsoft Windows
Zero-day vulnerabilities are a serious threat to cybersecurity, as they can be exploited by malicious actors to gain unauthorized access...
CWE-669 – Incorrect Resource Transfer Between Spheres
Description The product does not properly transfer a resource/behavior to another sphere, or improperly imports a resource/behavior from another sphere,...
CWE-67 – Improper Handling of Windows Device Names
Description The software constructs pathnames from user input, but it does not handle or incorrectly handles a pathname containing a...
CWE-670 – Always-Incorrect Control Flow Implementation
Description The code contains a control flow path that does not reflect the algorithm that the path is intended to...
CWE-671 – Lack of Administrator Control over Security
Description The product uses security features in a way that prevents the product's administrator from tailoring security settings to reflect...