Category: OWASP Top Ten 2004 Category A9 - Denial of Service
Obsolete
Summary
Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2004.
Membership
| ID | Name | Description |
|---|---|---|
| CWE-170 | Improper Null Termination | The product does not terminate or incorrectly terminates a string or array with a null character or equivalent terminator. |
| CWE-248 | Uncaught Exception | An exception is thrown from a function, but it is not caught. |
| CWE-369 | Divide By Zero | The product divides a value by zero. |
| CWE-382 | J2EE Bad Practices: Use of System.exit() | A J2EE application uses System.exit(), which also shuts down its container. |
| CWE-400 | Uncontrolled Resource Consumption | The product does not properly control the allocation and maintenance of a limited resource. |
| CWE-401 | Missing Release of Memory after Effective Lifetime | The product does not sufficiently track and release allocated memory after it has been used, making the memory unavailable for reallocation and reuse. |
| CWE-404 | Improper Resource Shutdown or Release | The product does not release or incorrectly releases a resource before it is made available for re-use. |
| CWE-405 | Asymmetric Resource Consumption (Amplification) | The product does not properly control situations in which an adversary can cause the product to consume or produce excessive resources without requiring the adversary to invest equivalent work or otherwise prove authorization, i.e., the adversary's influence is "asymmetric." |
| CWE-410 | Insufficient Resource Pool | The product's resource pool is not large enough to handle peak demand, which allows an attacker to prevent others from accessing the resource by using a (relatively) large number of requests for resources. |
| CWE-412 | Unrestricted Externally Accessible Lock | The product properly checks for the existence of a lock, but the lock can be externally controlled or influenced by an actor that is outside of the intended sphere of control. |
| CWE-476 | NULL Pointer Dereference | The product dereferences a pointer that it expects to be valid but is NULL. |
| CWE-674 | Uncontrolled Recursion | The product does not properly control the amount of recursion that takes place, consuming excessive resources, such as allocated memory or the program stack. |
| CWE-711 | Weaknesses in OWASP Top Ten (2004) | CWE entries in this view (graph) are associated with the OWASP Top Ten, as released in 2004, and as required for compliance with PCI DSS version 1.1. This view is considered obsolete as a newer version of the OWASP Top Ten is available. |
Vulnerability Mapping Notes
Usage: Prohibited
Reasons: Category
Rationale:
This entry is a Category. Using categories for mapping has been discouraged since 2019. Categories are informal organizational groupings of weaknesses that can help CWE users with data aggregation, navigation, and browsing. However, they are not weaknesses in themselves.
Comment:
See member weaknesses of this category.