CWE-410
Insufficient Resource Pool
AI Translation Available
The product's resource pool is not large enough to handle peak demand, which allows an attacker to prevent others from accessing the resource by using a (relatively) large number of requests for resources.
Status
incomplete
Abstraction
class
Affected Platforms
Extended Description
AI Translation
Frequently the consequence is a 'flood' of connection or sessions.
Technical Details
AI Translation
Common Consequences
availability
integrity
other
Impacts
dos: crash, exit, or restart
other
Potential Mitigations
Phases:
architecture and design
operation
implementation
Descriptions:
•
Do not perform resource-intensive transactions for unauthenticated users and/or invalid requests.
•
Consider load balancing as an option to handle heavy loads.
•
Identify the system's resource intensive operations and consider protecting them from abuse (e.g. malicious automated script which runs the resources out).
•
Consider implementing a velocity check mechanism which would detect abusive behavior.
•
Make sure that resource handles are properly closed when no longer needed.