VYPR

CWE-400

Uncontrolled Resource Consumption

ClassDraftLikelihood: High

Description

The product does not properly control the allocation and maintenance of a limited resource.

Hierarchy (View 1000)

Related attack patterns (CAPEC)

CAPEC-147 · CAPEC-227 · CAPEC-492

CVEs mapped to this weakness (1,853)

page 14 of 93
  • CVE-2018-5243HigAug 20, 2018
    risk 0.49cvss 7.5epss 0.02

    The Symantec Encryption Management Server (SEMS) product, prior to version 3.4.2 MP1, may be susceptible to a denial of service (DoS) exploit. A DoS attack is a type of attack whereby the perpetrator attempts to make a particular machine or network resource unavailable to its…

  • CVE-2018-14940HigAug 5, 2018
    risk 0.49cvss 7.5epss 0.01

    PHPCMS 9 allows remote attackers to cause a denial of service (resource consumption) via large font_size, height, and width parameters in an api.php?op=checkcode request.

  • CVE-2017-5693HigJul 31, 2018
    risk 0.49cvss 7.5epss 0.04

    Firmware in the Intel Puma 5, 6, and 7 Series might experience resource depletion or timeout, which allows a network attacker to create a denial of service via crafted network traffic.

  • CVE-2018-10607HigJul 31, 2018
    risk 0.49cvss 7.5epss 0.03

    Martem TELEM GW6 and GWM devices with firmware 2018.04.18-linux_4-01-601cb47 and prior allow the creation of new connections to one or more IOAs, without closing them properly, which may cause a denial of service within the industrial process control channel.

  • CVE-2018-5541HigJul 25, 2018
    risk 0.49cvss 7.5epss 0.02

    When F5 BIG-IP ASM 13.0.0-13.1.0.1, 12.1.0-12.1.3.5, 11.6.0-11.6.3.1, or 11.5.1-11.5.6 is processing HTTP requests, an unusually large number of parameters can cause excessive CPU usage in the BIG-IP ASM bd process.

  • CVE-2018-5530HigJul 25, 2018
    risk 0.49cvss 7.5epss 0.02

    F5 BIG-IP 13.0.0-13.1.0.5, 12.1.0-12.1.3.5, or 11.6.0-11.6.3.1 virtual servers with HTTP/2 profiles enabled are vulnerable to "HPACK Bomb".

  • CVE-2018-14596HigJul 25, 2018
    risk 0.49cvss 7.5epss 0.01

    wancms 1.0 through 5.0 allows remote attackers to cause a denial of service (resource consumption) via a checkcode (aka verification code) URI in which the values of font_size, width, and height are large numbers.

  • CVE-2018-10632HigJul 24, 2018
    risk 0.49cvss 7.5epss 0.02

    In Moxa NPort 5210, 5230, and 5232 versions 2.9 build 17030709 and prior, the amount of resources requested by a malicious actor are not restricted, allowing for a denial-of-service condition.

  • CVE-2018-0372HigJul 18, 2018
    risk 0.49cvss 7.5epss 0.03

    A vulnerability in the DHCPv6 feature of the Cisco Nexus 9000 Series Fabric Switches in Application-Centric Infrastructure (ACI) Mode could allow an unauthenticated, remote attacker to cause the device to run low on system memory, which could result in a Denial of Service (DoS)…

  • CVE-2018-0030HigJul 11, 2018
    risk 0.49cvss 7.5epss 0.02

    Receipt of a specific MPLS packet may cause MPC7/8/9, PTX-FPC3 (FPC-P1, FPC-P2) line cards or PTX1K to crash and restart. By continuously sending specific MPLS packets, an attacker can repeatedly crash the line cards or PTX1K causing a sustained Denial of Service. Affected…

  • CVE-2018-7164HigJun 13, 2018
    risk 0.49cvss 7.5epss 0.06

    Node.js versions 9.7.0 and later and 10.x are vulnerable and the severity is MEDIUM. A bug introduced in 9.7.0 increases the memory consumed when reading from the network into JavaScript using the net.Socket object directly as a stream. An attacker could use this cause a denial…

  • CVE-2017-6779HigJun 7, 2018
    risk 0.49cvss 7.5epss 0.02

    Multiple Cisco products are affected by a vulnerability in local file management for certain system log files of Cisco collaboration products that could allow an unauthenticated, remote attacker to cause high disk utilization, resulting in a denial of service (DoS) condition.…

  • CVE-2017-16119HigJun 7, 2018
    risk 0.49cvss 7.5epss 0.02

    Fresh is a module used by the Express.js framework for HTTP response freshness testing. It is vulnerable to a regular expression denial of service when it is passed specially crafted input to parse. This causes the event loop to be blocked causing a denial of service condition.

  • CVE-2017-16118HigJun 7, 2018
    risk 0.49cvss 7.5epss 0.02

    The forwarded module is used by the Express.js framework to handle the X-Forwarded-For header. It is vulnerable to a regular expression denial of service when it's passed specially crafted input to parse. This causes the event loop to be blocked causing a denial of service…

  • CVE-2017-16117HigJun 7, 2018
    risk 0.49cvss 7.5epss 0.02

    slug is a module to slugify strings, even if they contain unicode. slug is vulnerable to regular expression denial of service is specially crafted untrusted input is passed as input. About 50k characters can block the event loop for 2 seconds.

  • CVE-2017-16116HigJun 7, 2018
    risk 0.49cvss 7.5epss 0.02

    The string module is a module that provides extra string operations. The string module is vulnerable to regular expression denial of service when specifically crafted untrusted user input is passed into the underscore or unescapeHTML methods.

  • CVE-2017-16115HigJun 7, 2018
    risk 0.49cvss 7.5epss 0.01

    The timespan module is vulnerable to regular expression denial of service. Given 50k characters of untrusted user input it will block the event loop for around 10 seconds.

  • CVE-2017-16114HigJun 7, 2018
    risk 0.49cvss 7.5epss 0.02

    The marked module is vulnerable to a regular expression denial of service. Based on the information published in the public issue, 1k characters can block for around 6 seconds.

  • CVE-2017-16113HigJun 7, 2018
    risk 0.49cvss 7.5epss 0.02

    The parsejson module is vulnerable to regular expression denial of service when untrusted user input is passed into it to be parsed.

  • CVE-2017-16111HigJun 7, 2018
    risk 0.49cvss 7.5epss 0.01

    The content module is a module to parse HTTP Content-* headers. It is used by the hapijs framework to provide this functionality. The module is vulnerable to regular expression denial of service when passed a specifically crafted Content-Type or Content-Disposition header.