Improper control of interaction frequency
Description
The system does not limit the amount of requests (rate limit) that a user can post to the server in a short period of time.
Impact
- Fill the application logs with junk information. - Saturate the server with multiple requests causing a possible denial of service.
Recommendation
Limit the number of requests that can be made by the same host in defined time slots.
Threat
Anonymous attacker from the Internet.
Expected Remediation Time
⏱️ 60 minutes.
Requirements
327 - Set a rate limitScore
Default score using CVSS 4.0. It may change depending on the context of the src.
Base 4.0
Attack vector
N
Attack complexity
L
Attack requirements
N
Privileges required
N
User interaction
N
Confidentiality (VC)
N
Integrity (VI)
L
Availability (VA)
L
Confidentiality (SC)
N
Integrity (SI)
N
Availability (SA)
N
Threat 4.0
Exploit maturity
X
Vector string
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N