CWE-799: Improper Control of Interaction Frequency
CWE版本: 4.18
更新日期: 2025-09-09
弱点描述
The product does not properly limit the number or frequency of interactions that it has with an actor, such as the number of incoming requests.
扩展描述
This can allow the actor to perform actions more frequently than expected. The actor could be a human or an automated process such as a virus or bot. This could be used to cause a denial of service, compromise program logic (such as limiting humans to a single vote), or other consequences. For example, an authentication routine might not limit the number of times an attacker can guess a password. Or, a web site might conduct a poll but only expect humans to vote a maximum of once a day.
常见后果
影响范围: Availability Access Control Other
技术影响: DoS: Resource Consumption (Other) Bypass Protection Mechanism Other
观察示例
参考: CVE-2002-1876
Mail server allows attackers to prevent other users from accessing mail by sending large number of rapid requests.
引入模式
| 阶段 | 说明 |
|---|---|
| Architecture and Design | - |
| Implementation | - |
| Operation | - |
适用平台
编程语言
分类映射
| 分类名称 | 条目ID | 条目名称 | 映射适配度 |
|---|---|---|---|
| WASC | 21 | Insufficient Anti-Automation | - |