002 – Asymmetric denial of service

Description

The server is rendered unresponsive as a result of one of the following: - An amplification attack, which uses a single request to produce multiple responses. - A single malicious request that breaks the application or consumes an enormous amount of resources.

Impact

Deny temporary or permanently the access to one or several application services.

Recommendation

Define a time-out when a query or a search is taking a lot of time processing the information.

Threat

Anonymous attacker from the Internet.

Expected Remediation Time

60 minutes.

Score 4.0

Default score using CVSS 4.0. It may change depending on the context of the src.

Base 4.0

• Attack vector: N
• Attack complexity: L
• Attack Requirements: P
• Privileges required: N
• User interaction: N
• Confidentiality (VC): N
• Integrity (VI): N
• Availability (VA): H
• Confidentiality (SC): N
• Integrity (SI): N
• Availability (SA): N

Threat 4.0

• Exploit maturity: P

Requirements

• 072 - Set maximum response time
• 327 - Set a rate limit

Fixes

• Csharp
• Elixir
• Go
• Java
• Php
• Python
• Ruby
• Scala
• Typescript

Last updated

2024/02/06