115 – Security controls bypass or absence

Description

The system has security controls that can be bypassed.

Impact

Send multiple requests to the server without control.

Recommendation

Limit the number of requests that can be made by the same host in defined time slots.

Threat

Anonymous attacker from the Internet.

Expected Remediation Time

120 minutes.

Score 4.0

Default score using CVSS 4.0. It may change depending on the context of the src.

Base 4.0

• Attack vector: N
• Attack complexity: L
• Attack Requirements: N
• Privileges required: N
• User interaction: N
• Confidentiality (VC): L
• Integrity (VI): N
• Availability (VA): N
• Confidentiality (SC): N
• Integrity (SI): N
• Availability (SA): N

Threat 4.0

• Exploit maturity: X

Requirements

• 062 - Define standard configurations
• 266 - Disable insecure functionalities
• 273 - Define a fixed security suite

Fixes

• Csharp
• Dart
• Elixir
• Go
• Java
• Php
• Ruby
• Scala
• Swift
• Typescript

Last updated

2024/02/13