VYPR

CWE-400

Uncontrolled Resource Consumption

ClassDraftLikelihood: High

Description

The product does not properly control the allocation and maintenance of a limited resource.

Hierarchy (View 1000)

Related attack patterns (CAPEC)

CAPEC-147 · CAPEC-227 · CAPEC-492

CVEs mapped to this weakness (1,853)

page 93 of 93
  • CVE-2007-5712Oct 30, 2007
    risk 0.00cvss epss 0.02

    The internationalization (i18n) framework in Django 0.91, 0.95, 0.95.1, and 0.96, and as used in other products such as PyLucid, when the USE_I18N option and the i18n component are enabled, allows remote attackers to cause a denial of service (memory consumption) via many HTTP…

  • CVE-2007-2650May 14, 2007
    risk 0.00cvss epss 0.03

    The OLE2 parser in Clam AntiVirus (ClamAV) allows remote attackers to cause a denial of service (resource consumption) via an OLE2 file with (1) a large property size or (2) a loop in the FAT file block chain that triggers an infinite loop, as demonstrated via a crafted DOC file.

  • CVE-2006-3695Jul 21, 2006
    risk 0.00cvss epss 0.02

    Trac before 0.9.6 does not disable the "raw" or "include" commands when providing untrusted users with restructured text (reStructuredText) functionality from docutils, which allows remote attackers to read arbitrary files, perform cross-site scripting (XSS) attacks, or cause a…

  • CVE-2005-2309Jul 19, 2005
    risk 0.00cvss epss 0.03

    Opera 8.01 allows remote attackers to cause a denial of service (CPU consumption) via a crafted JPEG image, as demonstrated using random.jpg.

  • CVE-2005-1260May 19, 2005
    risk 0.00cvss epss 0.06

    bzip2 allows remote attackers to cause a denial of service (hard drive consumption) via a crafted bzip2 file that causes an infinite loop (a.k.a "decompression bomb").

  • CVE-2005-0738May 2, 2005
    risk 0.00cvss epss 0.05

    Stack consumption vulnerability in Microsoft Exchange Server 2003 SP1 allows users to cause a denial of service (hang) by deleting or moving a folder with deeply nested subfolders, which causes Microsoft Exchange Information Store service (Store.exe) to hang as a result of a…

  • CVE-2004-1201Jan 10, 2005
    risk 0.00cvss epss 0.03

    Opera 7.54 allows remote attackers to cause a denial of service (application crash from memory exhaustion), as demonstrated using Javascript code that continuously creates nested arrays and then sorts the newly created arrays.

  • CVE-2004-2381Dec 31, 2004
    risk 0.00cvss epss 0.02

    HttpRequest.java in Jetty HTTP Server before 4.2.19 allows remote attackers to cause denial of service (memory usage and application crash) via HTTP requests with a large Content-Length.

  • CVE-2004-2650Dec 31, 2004
    risk 0.00cvss epss 0.01

    Spooler in Apache Foundation James 2.2.0 allows local users to cause a denial of service (memory consumption) by triggering various error conditions in the retrieve function, which prevents a lock from being released and causes a memory leak.

  • CVE-2003-0045Feb 7, 2003
    risk 0.00cvss epss 0.02

    Jakarta Tomcat before 3.3.1a on certain Windows systems may allow remote attackers to cause a denial of service (thread hang and resource consumption) via a request for a JSP page containing an MS-DOS device name, such as aux.jsp.

  • CVE-2002-1876Dec 31, 2002
    risk 0.00cvss epss 0.05

    Microsoft Exchange 2000 allows remote authenticated attackers to cause a denial of service via a large number of rapid requests, which consumes all of the licenses that are granted to Exchange by IIS.

  • CVE-2002-0687Jul 23, 2002
    risk 0.00cvss epss 0.01

    The "through the web code" capability for Zope 2.0 through 2.5.1 b1 allows untrusted users to shut down the Zope server via certain headers.

  • CVE-2001-0666Oct 30, 2001
    risk 0.00cvss epss 0.02

    Outlook Web Access (OWA) in Microsoft Exchange 2000 allows an authenticated user to cause a denial of service (CPU consumption) via a malformed OWA request for a deeply nested folder within the user's mailbox.