OWASP Top Ten 2004 Category A9 - Denial of Service

A category in the Common Weakness Enumeration published by The MITRE Corporation.


Summary

Categories in the Common Weakness Enumeration (CWE) group entries based on some common characteristic or attribute.

Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2004.

Weaknesses

Asymmetric Resource Consumption (Amplification)

Software that does not appropriately monitor or control resource consumption can lead to adverse system performance.

Divide By Zero

The product divides a value by zero.

Improper Null Termination

The software does not terminate or incorrectly terminates a string or array with a null character or equivalent terminator.

Improper Resource Shutdown or Release

The program does not release or incorrectly releases a resource before it is made available for re-use.

Insufficient Resource Pool

The software's resource pool is not large enough to handle peak demand, which allows an attacker to prevent others from accessing the resource by using a (relatively) ...

J2EE Bad Practices: Use of System.exit()

A J2EE application uses System.exit(), which also shuts down its container.

Missing Release of Memory after Effective Lifetime

The software does not sufficiently track and release allocated memory after it has been used, which slowly consumes remaining memory.

NULL Pointer Dereference

A NULL pointer dereference occurs when the application dereferences a pointer that it expects to be valid, but is NULL, typically causing a crash or exit.

Uncaught Exception

An exception is thrown from a function, but it is not caught.

Uncontrolled Recursion

The product does not properly control the amount of recursion which takes place, consuming excessive resources, such as allocated memory or the program stack.

Uncontrolled Resource Consumption

The software does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, e...

Unrestricted Externally Accessible Lock

The software properly checks for the existence of a lock, but the lock can be externally controlled or influenced by an actor that is outside of the intended sphere of...

Concepts

Deprecated or Obsolete

Weaknesses in OWASP Top Ten (2004)

CWE entries in this view (graph) are associated with the OWASP Top Ten, as released in 2004, and as required for compliance with PCI DSS version 1.1. This view is cons...

See Also

  1. A9 Denial of Service

    OWASP


Common Weakness Enumeration content on this website is copyright of The MITRE Corporation unless otherwise specified. Use of the Common Weakness Enumeration and the associated references on this website are subject to the Terms of Use as specified by The MITRE Corporation.