Asymmetric Resource Consumption (Amplification) |
Weakness ID: 405 (Weakness Class) | Status: Incomplete |
Description Summary
Software that fails to appropriately monitor or control resource consumption can lead to adverse system performance.
Extended Description
This situation is amplified if the software allows malicious users or attackers to consume more resources than their access level permits. Exploiting such a weakness can lead to asymmetric resource consumption, aiding in amplification attacks against the system or the network.
Scope | Effect |
---|---|
Availability | Sometimes this is a factor in "flood" attacks, but other types of amplification exist. |
An application must make resources available to a client commensurate with the client's access level. |
An application must, at all times, keep track of allocated resources and meter their usage appropriately. |
Nature | Type | ID | Name | View(s) this relationship pertains to |
---|---|---|---|---|
ChildOf | Category | 399 | Resource Management Errors | Development Concepts (primary)699 |
ChildOf | Weakness Class | 664 | Improper Control of a Resource Through its Lifetime | Research Concepts (primary)1000 |
ChildOf | Category | 730 | OWASP Top Ten 2004 Category A9 - Denial of Service | Weaknesses in OWASP Top Ten (2004) (primary)711 |
ParentOf | Weakness Base | 406 | Insufficient Control of Network Message Volume (Network Amplification) | Development Concepts (primary)699 Research Concepts (primary)1000 |
ParentOf | Weakness Base | 407 | Algorithmic Complexity | Development Concepts (primary)699 Research Concepts (primary)1000 |
ParentOf | Weakness Base | 408 | Incorrect Behavior Order: Early Amplification | Development Concepts (primary)699 Research Concepts1000 |
ParentOf | Weakness Base | 409 | Improper Handling of Highly Compressed Data (Data Amplification) | Development Concepts (primary)699 Research Concepts (primary)1000 |
PeerOf | Weakness Base | 404 | Improper Resource Shutdown or Release | Research Concepts1000 |
Mapped Taxonomy Name | Node ID | Fit | Mapped Node Name |
---|---|---|---|
PLOVER | Asymmetric resource consumption (amplification) | ||
OWASP Top Ten 2004 | A9 | CWE More Specific | Denial of Service |
WASC | 41 | XML Attribute Blowup |
Submissions | ||||
---|---|---|---|---|
Submission Date | Submitter | Organization | Source | |
PLOVER | Externally Mined | |||
Modifications | ||||
Modification Date | Modifier | Organization | Source | |
2008-07-01 | Eric Dalci | Cigital | External | |
updated Time of Introduction | ||||
2008-09-08 | CWE Content Team | MITRE | Internal | |
updated Relationships, Other Notes, Taxonomy Mappings | ||||
2008-10-14 | CWE Content Team | MITRE | Internal | |
updated Description | ||||
2009-07-27 | CWE Content Team | MITRE | Internal | |
updated Common Consequences, Other Notes |