003 – Symmetric denial of service

Description

The server is rendered unresponsive by successively repeating a request which consumes a lot of resources or takes too long to be processed.

Impact

Deny temporary or permanently the access to one or several application services.

Recommendation

Define a time-out when a query or a search is taking a lot of time processing the information

Threat

Anonymous attacker from the Internet.

Expected Remediation Time

60 minutes.

Score 4.0

Default score using CVSS 4.0. It may change depending on the context of the src.

Base 4.0

• Attack vector: N
• Attack complexity: L
• Attack Requirements: N
• Privileges required: N
• User interaction: N
• Confidentiality (VC): N
• Integrity (VI): N
• Availability (VA): H
• Confidentiality (SC): N
• Integrity (SI): N
• Availability (SA): N

Threat 4.0

• Exploit maturity: U

Requirements

• 072 - Set maximum response time
• 327 - Set a rate limit

Fixes

• Csharp
• Dart
• Elixir
• Go
• Java
• Php
• Python
• Ruby
• Scala
• Typescript

Last updated

2024/02/06