CWE-410
Insufficient Resource Pool
Description
The product's resource pool is not large enough to handle peak demand, which allows an attacker to prevent others from accessing the resource by using a (relatively) large number of requests for resources.
Frequently the consequence is a "flood" of connection or sessions.
Parent Weaknesses (ChildOf)
Related Weaknesses
Common Consequences
Scope
Impact
DoS: Crash, Exit, or Restart, Other
Potential Mitigations
Do not perform resource-intensive transactions for unauthenticated users and/or invalid requests.
Consider implementing a velocity check mechanism which would detect abusive behavior.
Consider load balancing as an option to handle heavy loads.
Make sure that resource handles are properly closed when no longer needed.
Identify the system's resource intensive operations and consider protecting them from abuse (e.g. malicious automated script which runs the resources out).
CVE-1999-1363Large number of locks on file exhausts the pool and causes crash.
CVE-2001-1340Product supports only one connection and does not disconnect a user who does not provide credentials.
CVE-2002-0406Large number of connections without providing credentials allows connection exhaustion.
Applicable Platforms
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now