Resource Depletion |
Category ID: 119 | Status: Draft |
Summary
The target must rely on a vulnerable resource for its operations and be unable to replace it in a reasonable amount of time if it is unavailable.
The attacker must have the ability to consume, destroy, or disrupt a resource required for normal operation of the target.
In order to deplete the target's resources the attacker must interact with the target in a programmatic way. Depending on the nature of the resource the attacker may need a client or script capable of making repeated requests over a network, or the ability to craft specific requests, such as an HTTP request containing thousands of slashes. If the attacker has some privileges on the system the required resource will likely be the ability to run a binary or upload a compiled exploit, or write and execute a script or program that consumes resources. Depending on the defenses of the targeted system, the attacker may need access to extensive computational and network resources in order to overwhelm the target.
Nature | Type | ID | Name | Description | View(s) this relationship pertains to |
---|---|---|---|---|---|
ChildOf | Category | 343 | WASC Threat Classification 2.0 - WASC-10 - Denial of Service | WASC Threat Classification 2.0333 | |
ParentOf | Attack Pattern | 82 | Violating Implicit Assumptions Regarding XML Content (aka XML Denial of Service (XDoS)) | Mechanism of Attack (primary)1000 | |
ParentOf | Attack Pattern | 125 | Resource Depletion through Flooding | Mechanism of Attack (primary)1000 | |
ParentOf | Attack Pattern | 130 | Resource Depletion through Allocation | Mechanism of Attack (primary)1000 | |
ParentOf | Attack Pattern | 131 | Resource Depletion through Leak | Mechanism of Attack (primary)1000 | |
ParentOf | Attack Pattern | 227 | Denial of Service through Resource Depletion | Mechanism of Attack (primary)1000 | |
MemberOf | View | 1000 | Mechanism of Attack | Mechanism of Attack1000 |