Difference between revisions of "Early Amplification"

From OWASP
Jump to: navigation, search
Line 1: Line 1:
 
{{Template:Vulnerability}}
 
{{Template:Vulnerability}}
 +
{{Template:Stub}}
  
 
[[Category:FIXME|This is the text from the old template. This needs to be rewritten using the new template.]]
 
[[Category:FIXME|This is the text from the old template. This needs to be rewritten using the new template.]]
  
{{Template:Vulnerability}}
+
 
 
Last revision (mm/dd/yy): '''{{REVISIONMONTH}}/{{REVISIONDAY}}/{{REVISIONYEAR}}'''
 
Last revision (mm/dd/yy): '''{{REVISIONMONTH}}/{{REVISIONDAY}}/{{REVISIONYEAR}}'''
  
Line 14: Line 15:
 
==Description==
 
==Description==
  
A vulnerability is a weakness in an application (frequently a broken or missing control) that enables an attack to succeed. Be sure you don't put [attacks] or [controls] in this category.
+
Allows a legitimate but expensive operation before the entity has proven that the operation should be allowed.  
  
# Start with a one-sentence description of the vulnerability
+
PLOVER Early Amplification.
# What is the problem that creates the vulnerability?
+
 
# What are the attacks that target this vulnerability?
+
* Attackers try to launch a denial of service attack by performing the unprotected expensive operations repeatly
# What are the technical impacts of this vulnerability?
+
  
  
 
==Risk Factors==
 
==Risk Factors==
  
* Talk about the [[OWASP Risk Rating Methodology|factors]] that make this vulnerability likely or unlikely to actually happen
+
TBD
* Discuss the technical impact of a successful exploit of this vulnerability
+
* Consider the likely [business impacts] of a successful attack
+
 
+
  
 
==Examples==
 
==Examples==
 
+
TBD
===Short example name===
+
: A short example description, small picture, or sample code with [http://www.site.com links]
+
 
+
===Short example name===
+
: A short example description, small picture, or sample code with [http://www.site.com links]
+
 
+
  
 
==Related [[Attacks]]==
 
==Related [[Attacks]]==
  
* [[Attack 1]]
+
* [[Denial of Service]]
* [[Attack 2]]
+
  
  
Line 48: Line 38:
 
* [[Vulnerability 1]]
 
* [[Vulnerability 1]]
 
* [[Vulnerabiltiy 2]]
 
* [[Vulnerabiltiy 2]]
 
Note: the contents of "Related Problems" sections should be placed here
 
  
  
Line 56: Line 44:
 
* [[Control 1]]
 
* [[Control 1]]
 
* [[Control 2]]
 
* [[Control 2]]
 
Note: contents of "Avoidance and Mitigation" and "Countermeasure" related Sections should be placed here
 
  
  
Line 67: Line 53:
  
 
==References==
 
==References==
Note: A reference to related [http://cwe.mitre.org/ CWE] or [http://capec.mitre.org/ CAPEC] article should be added when exists. Eg:
+
TBD
 
+
* [http://cwe.mitre.org/data/definitions/79.html CWE 79].
+
* http://www.link1.com
+
* [http://www.link2.com Title for the link2]
+
  
 
[[Category:FIXME|add links
 
[[Category:FIXME|add links
Line 103: Line 85:
  
 
[[Category:OWASP ASDR Project]]
 
[[Category:OWASP ASDR Project]]
 
+
[:Category:Authentication]]
 
+
==Description==
+
Allows a legitimate but expensive operation before the entity has proven that the operation should be allowed.
+
 
+
PLOVER Early Amplification.
+
 
+
==Examples ==
+
 
+
==Related Threats==
+
* Attackers try to launch a denial of service attack by performing the unprotected expensive operations repeatly
+
 
+
==Related Attacks==
+
[[Denial of Service | Denial of Service]]
+
 
+
==Related Countermeasures==
+
 
+
[[:Category:Authentication]]
+
 
+
 
[[:Category:Access Control]]
 
[[:Category:Access Control]]
 
==Categories==
 
 
 
[[Category:Access Control Vulnerability]]
 
[[Category:Access Control Vulnerability]]
{{Template:Stub}}
 

Revision as of 18:31, 23 September 2008

This is a Vulnerability. To view all vulnerabilities, please see the Vulnerability Category page.

This article is a stub. You can help OWASP by expanding it or discussing it on its Talk page.


Last revision (mm/dd/yy): 09/23/2008

Vulnerabilities Table of Contents

ASDR Table of Contents


Description

Allows a legitimate but expensive operation before the entity has proven that the operation should be allowed.

PLOVER Early Amplification.

  • Attackers try to launch a denial of service attack by performing the unprotected expensive operations repeatly


Risk Factors

TBD

Examples

TBD

Related Attacks


Related Vulnerabilities


Related Controls


Related Technical Impacts


References

TBD [:Category:Authentication]] Category:Access Control