CWE-400 - Resource exhaustion

Description

The software is applied to monitor and limit the size and amount of such resources, used by the actor, as memory, file system storage and database connection pool entries. In case of lack of limited data control, attacker's intervention causes using of huge number and size of resources that can lead to denial of service.
Problems with system would cause valid actor's inability to use the software properly. Performed attacks also have influence on application work, being able to slow it down or bring to a stop. If the system suffered from resource exhaustion, it is easy for attackers to provoke "fail open" and put the software and it's security functionality at risk.
The weakness is introduced during Operation, Architecture and Design, Implementation stages.

Latest vulnerabilities for CWE-400

Multiple vulnerabilities in IBM Aspera Faspex 2024-04-19
Low Yes

Multiple vulnerabilities in IBM Observability with Instana 2024-04-19
Medium Yes

Multiple vulnerabilities in Nautobot 2024-04-19
Medium Yes

Denial of service in IDNA 2024-04-19
Medium Yes

Multiple vulnerabilities in IBM Workload Automation 2024-04-18
Medium Yes

Resource exhaustion in IBM Tivoli Composite Application Manager for Application Diagnostics 2024-04-18
Medium Yes

Resource exhaustion in IBM Power Hardware Management Console (HMC) 2024-04-18
Medium Yes

Jira Service Management Data Center and Server update for Nimbus JOSE+JWT 2024-04-18
Medium Yes

Resource exhaustion in Power Hardware Management Console (HMC) 2024-04-17
High Yes

Multiple vulnerabilities in IBM Observability with Instana 2024-04-17
Medium Yes

References

Description of CWE-400 on Mitre website