CWE-799Improper Control of Interaction Frequency

PUBLISHEDweakness record
released 2010-02-16 · last modified 2025-12-11

Metadata

CWE ID:
CWE-799
摘要:
Class
结构:
Simple
状态:
Incomplete
发布日期:
2010-02-16
更新日期:
2025-12-11

名称

Improper Control of Interaction Frequency

描述

The product does not properly limit the number or frequency of interactions that it has with an actor, such as the number of incoming requests.

This can allow the actor to perform actions more frequently than expected. The actor could be a human or an automated process such as a virus or bot. This could be used to cause a denial of service, compromise program logic (such as limiting humans to a single vote), or other consequences. For example, an authentication routine might not limit the number of times an attacker can guess a password. Or, a web site might conduct a poll but only expect humans to vote a maximum of once a day.

常见后果

范围:
Availability, Access Control, Other
影响:
DoS: Resource Consumption (Other), Bypass Protection Mechanism, Other

相关 CWE