File size: 4,323 Bytes
5fe70fd |
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 |
{
"id": "bundle--f238564c-952c-45c7-8f00-ae33b3220afe",
"objects": [
{
"created": "2014-06-23T00:00:00.000Z",
"created_by_ref": "identity--e50ab59c-5c4f-4d40-bf6a-d58418d89bcd",
"description": "An adversary utilizes a resource leak on the target to deplete the quantity of the resource available to service legitimate requests.",
"external_references": [
{
"external_id": "CAPEC-131",
"source_name": "capec",
"url": "https://capec.mitre.org/data/definitions/131.html"
},
{
"external_id": "CWE-404",
"source_name": "cwe",
"url": "http://cwe.mitre.org/data/definitions/404.html"
},
{
"description": "Endpoint Denial of Service",
"external_id": "T1499",
"source_name": "ATTACK",
"url": "https://attack.mitre.org/wiki/Technique/T1499"
},
{
"description": "Denial of Service",
"external_id": "10",
"source_name": "WASC",
"url": "http://projects.webappsec.org/Denial-of-Service"
}
],
"id": "attack-pattern--01d5c7e7-1c74-4b20-9e43-548c5f4de113",
"modified": "2022-02-22T00:00:00.000Z",
"name": "Resource Leak Exposure",
"object_marking_refs": [
"marking-definition--17d82bb2-eeeb-4898-bda5-3ddbcd2b799d"
],
"spec_version": "2.1",
"type": "attack-pattern",
"x_capec_abstraction": "Meta",
"x_capec_consequences": {
"Availability": [
"Unreliable Execution (A successful resource leak exposure attack compromises the availability of the target system's services.)",
"Resource Consumption (A successful resource leak exposure attack compromises the availability of the target system's services.)"
]
},
"x_capec_domains": [
"Software"
],
"x_capec_extended_description": "\n <xhtml:p>Resource leaks most often come in the form of memory leaks where memory is allocated but never released after it has served its purpose, however, theoretically, any other resource that can be reserved can be targeted if the target fails to release the reservation when the reserved resource block is no longer needed.</xhtml:p>\n <xhtml:p>In this attack, the adversary determines what activity results in leaked resources and then triggers that activity on the target. Since some leaks may be small, this may require a large number of requests by the adversary. However, this attack differs from a flooding attack in that the rate of requests is generally not significant. This is because the lost resources due to the leak accumulate until the target is reset, usually by restarting it. Thus, a resource-poor adversary who would be unable to flood the target can still utilize this attack.</xhtml:p>\n <xhtml:p>Resource depletion through leak differs from resource depletion through allocation in that, in the former, the adversary may not be able to control the size of each leaked allocation, but instead allows the leak to accumulate until it is large enough to affect the target's performance. When depleting resources through allocation, the allocated resource may eventually be released by the target so the attack relies on making sure that the allocation size itself is prohibitive of normal operations by the target.</xhtml:p>\n ",
"x_capec_likelihood_of_attack": "Medium",
"x_capec_prerequisites": [
"The target must have a resource leak that the adversary can repeatedly trigger."
],
"x_capec_resources_required": [
"None: No specialized resources are required to execute this type of attack."
],
"x_capec_status": "Stable",
"x_capec_typical_severity": "Medium",
"x_capec_version": "3.9"
}
],
"type": "bundle"
} |