Prerequisites
HTTP protocol is usedWeb server used is vulnerable to denial of service via HTTP flooding
Resources Required
Ability to issues hundreds of HTTP requests
Mitigations
Configuration: Configure web server software to limit the waiting period on opened HTTP sessions
Design: Use load balancing mechanisms
Related Weaknesses
CWE-ID |
Weakness Name |
|
Allocation of Resources Without Limits or Throttling The product allocates a reusable resource or group of resources on behalf of an actor without imposing any restrictions on the size or number of resources that can be allocated, in violation of the intended security policy for that actor. |
|
Missing Release of Resource after Effective Lifetime The product does not release a resource after its effective lifetime has ended, i.e., after the resource is no longer needed. |
References
REF-406
Slowris HTTP DoS
Robert Hansen.
http://ha.ckers.org/blog/20090617/slowloris-http-dos/
Submission
Name |
Organization |
Date |
Date release |
CAPEC Content Team |
The MITRE Corporation |
2014-06-23 +00:00 |
|
Modifications
Name |
Organization |
Date |
Comment |
CAPEC Content Team |
The MITRE Corporation |
2020-07-30 +00:00 |
Updated Taxonomy_Mappings |
CAPEC Content Team |
The MITRE Corporation |
2020-12-17 +00:00 |
Updated Mitigations |
CAPEC Content Team |
The MITRE Corporation |
2021-06-24 +00:00 |
Updated Taxonomy_Mappings |
CAPEC Content Team |
The MITRE Corporation |
2022-09-29 +00:00 |
Updated Taxonomy_Mappings |