108 – Improper control of interaction frequency

Description

The system does not limit the amount of requests (rate limit) that a user can post to the server in a short period of time.

Impact

- Fill the application logs with junk information. - Saturate the server with multiple requests causing a possible denial of service.

Recommendation

Limit the number of requests that can be made by the same host in defined time slots.

Threat

Anonymous attacker from the Internet.

Expected Remediation Time

60 minutes.

Score 4.0

Default score using CVSS 4.0. It may change depending on the context of the src.

Base 4.0

• Attack vector: N
• Attack complexity: L
• Attack Requirements: N
• Privileges required: N
• User interaction: N
• Confidentiality (VC): N
• Integrity (VI): L
• Availability (VA): L
• Confidentiality (SC): N
• Integrity (SI): N
• Availability (SA): N

Threat 4.0

• Exploit maturity: X

Requirements

• 327 - Set a rate limit

Fixes

• Csharp
• Dart
• Elixir
• Go
• Java
• Php
• Python
• Ruby
• Scala
• Typescript

Last updated

2024/02/13