Description
Software that does not appropriately monitor or control resource consumption can lead to adverse system performance.
This situation is amplified if the software allows malicious users or attackers to consume more resources than their access level permits. Exploiting such a weakness can lead to asymmetric resource consumption, aiding in amplification attacks against the system or the network.
Modes of Introduction:
– Operation
Related Weaknesses
CWE-664
Consequences
Availability: DoS: Amplification, DoS: Resource Consumption (Other)
Sometimes this is a factor in “flood” attacks, but other types of amplification exist.
Potential Mitigations
Phase: Architecture and Design
Description:
An application must make resources available to a client commensurate with the client’s access level.
Phase: Architecture and Design
Description:
An application must, at all times, keep track of allocated resources and meter their usage appropriately.
CVE References
