CWE-406
Overview
- CWE ID
- 406
- CWE Name
- Insufficient Control of Network Message Volume (Network Amplification)
- CWE Abstraction
- Class
- CWE structure
- Simple
- CWE Status
- Incomplete
Description
The software does not sufficiently monitor or control transmitted network traffic volume, so that an actor can cause the software to transmit more traffic than should be allowed for that actor.
Extended Description
In the absence of a policy to restrict asymmetric resource consumption, the application or system cannot distinguish between legitimate transmissions and traffic intended to serve as an amplifying attack on target systems. Systems can often be configured
Related CWEs
| CWE ID | View ID | Nature | Ordinal |
|---|---|---|---|
| 405 | 1000 | ChildOf | Primary |