Backslash Vulnerability Database Insufficient Resource Pool
Insufficient Resource Pool
CWE-410
Per technology (GHSA, All time)
- 100%-Maven
Short description
The product's resource pool is not large enough to handle peak demand, which allows an attacker to prevent others from accessing the resource by using a (relatively) large number of requests for resources.
Extended description
Frequently the consequence is a "flood" of connection or sessions.
Best practices to prevent this CWE
Phase: Architecture and Design
Do not perform resource-intensive transactions for unauthenticated users and/or invalid requests.
Phase: Architecture and Design
Consider implementing a velocity check mechanism which would detect abusive behavior.
Phase: Operation
Consider load balancing as an option to handle heavy loads.
Phase: Implementation
Make sure that resource handles are properly closed when no longer needed.
Phase: Architecture and Design
Identify the system's resource intensive operations and consider protecting them from abuse (e.g. malicious automated script which runs the resources out).