OWASP Top Ten 2004 Category A9 - Denial of Service
A category in the Common Weakness Enumeration published by The MITRE Corporation.
Categories in the Common Weakness Enumeration (CWE) group entries based on some common characteristic or attribute.
Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2004.
Software that does not appropriately monitor or control resource consumption can lead to adverse system performance.
The product divides a value by zero.
The software does not terminate or incorrectly terminates a string or array with a null character or equivalent terminator.
The program does not release or incorrectly releases a resource before it is made available for re-use.
The software's resource pool is not large enough to handle peak demand, which allows an attacker to prevent others from accessing the resource by using a (relatively) ...
A J2EE application uses System.exit(), which also shuts down its container.
The software does not sufficiently track and release allocated memory after it has been used, which slowly consumes remaining memory.
A NULL pointer dereference occurs when the application dereferences a pointer that it expects to be valid, but is NULL, typically causing a crash or exit.
An exception is thrown from a function, but it is not caught.
The product does not properly control the amount of recursion which takes place, consuming excessive resources, such as allocated memory or the program stack.
The software does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, e...
The software properly checks for the existence of a lock, but the lock can be externally controlled or influenced by an actor that is outside of the intended sphere of...
Deprecated or Obsolete
CWE nodes in this view (graph) are associated with the OWASP Top Ten, as released in 2004, and as required for compliance with PCI DSS version 1.1. This view is consid...
- A9 Denial of Service