OWASP Top Ten 2004 Category A9 - Denial of Service
A category in the Common Weakness Enumeration published by The MITRE Corporation.
Summary
Categories in the Common Weakness Enumeration (CWE) group entries based on some common characteristic or attribute.
Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2004.
Weaknesses
The product does not properly control situations in which an adversary can cause the product to consume or produce excessive resources without requiring the adversary ...
The product divides a value by zero.
The product does not terminate or incorrectly terminates a string or array with a null character or equivalent terminator.
The product does not release or incorrectly releases a resource before it is made available for re-use.
The product's resource pool is not large enough to handle peak demand, which allows an attacker to prevent others from accessing the resource by using a (relatively) l...
A J2EE application uses System.exit(), which also shuts down its container.
The product does not sufficiently track and release allocated memory after it has been used, which slowly consumes remaining memory.
A NULL pointer dereference occurs when the application dereferences a pointer that it expects to be valid, but is NULL, typically causing a crash or exit.
An exception is thrown from a function, but it is not caught.
The product does not properly control the amount of recursion that takes place, consuming excessive resources, such as allocated memory or the program stack.
The product does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, ev...
The product properly checks for the existence of a lock, but the lock can be externally controlled or influenced by an actor that is outside of the intended sphere of ...
Concepts
Deprecated or Obsolete
CWE entries in this view (graph) are associated with the OWASP Top Ten, as released in 2004, and as required for compliance with PCI DSS version 1.1. This view is cons...
See Also
- A9 Denial of Service
OWASP
Common Weakness Enumeration content on this website is copyright of The MITRE Corporation unless otherwise specified. Use of the Common Weakness Enumeration and the associated references on this website are subject to the Terms of Use as specified by The MITRE Corporation.