OWASP Top Ten 2004 Category A9 - Denial of Service

The product does not properly control situations in which an adversary can cause the product to consume or produce excessive resources without requiring the adversary ...

The product divides a value by zero.

The product does not terminate or incorrectly terminates a string or array with a null character or equivalent terminator.

The product does not release or incorrectly releases a resource before it is made available for re-use.

The product's resource pool is not large enough to handle peak demand, which allows an attacker to prevent others from accessing the resource by using a (relatively) l...

A J2EE application uses System.exit(), which also shuts down its container.

The product does not sufficiently track and release allocated memory after it has been used, which slowly consumes remaining memory.

A NULL pointer dereference occurs when the application dereferences a pointer that it expects to be valid, but is NULL, typically causing a crash or exit.

An exception is thrown from a function, but it is not caught.

The product does not properly control the amount of recursion that takes place, consuming excessive resources, such as allocated memory or the program stack.

The product does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, ev...

The product properly checks for the existence of a lock, but the lock can be externally controlled or influenced by an actor that is outside of the intended sphere of ...

CWE entries in this view (graph) are associated with the OWASP Top Ten, as released in 2004, and as required for compliance with PCI DSS version 1.1. This view is cons...