423 – Inappropriate coding practices - System exit

Description

The J2EE application use System.exit(), it is undesirable for a web application to attempt to shut down the application container. Accessing a function that can shut down the application is an avenue for denial of service (DoS) attacks.

Impact

- Temporarily or permanently deny access to the application resource.

Recommendation

Delegate shutdown functions only to privileged and duly authorized accesses.

Threat

Authenticated attacker from the Internet.

Expected Remediation Time

15 minutes.

Score 4.0

Default score using CVSS 4.0. It may change depending on the context of the src.

Base 4.0

• Attack vector: N
• Attack complexity: H
• Attack Requirements: N
• Privileges required: L
• User interaction: N
• Confidentiality (VC): N
• Integrity (VI): N
• Availability (VA): L
• Confidentiality (SC): N
• Integrity (SI): N
• Availability (SA): N

Threat 4.0

• Exploit maturity: U

Requirements

• 164 - Use optimized structures
• 167 - Close unused resources
• 072 - Set maximum response time
• 327 - Set a rate limit

Fixes

• Ruby

Last updated

2024/02/21