目标达成 感谢每一位支持者 — 我们达成了 100% 目标!

目标: 1000 元 · 已筹: 1000

100.0%
请我们喝杯咖啡

CWE-410 不充分的资源池 类漏洞列表 18

CWE-410 不充分的资源池 类弱点 18 条 CVE 漏洞汇总,含 AI 中文分析。

CWE-410属于资源池不足漏洞,指系统资源池容量无法应对峰值需求。攻击者通常通过发送大量请求或建立海量连接,耗尽可用资源,从而引发拒绝服务,阻止其他合法用户访问。开发者可通过实施速率限制、连接数上限控制及动态资源扩容机制来缓解风险,确保系统在高负载下仍能维持基本可用性,避免资源被恶意耗尽。

MITRE CWE 官方描述
CWE:CWE-410 资源池不足(Insufficient Resource Pool) 英文:产品的资源池(resource pool)不足以应对峰值需求(peak demand),这使得攻击者能够通过发起(相对)大量的资源请求,阻止其他用户访问该资源。 通常的后果是连接(connection)或会话(session)的“洪水”(flood)。
常见影响 (1)
Availability, Integrity, OtherDoS: Crash, Exit, or Restart, Other
Floods often cause a crash or other problem besides denial of the resource itself; these are likely examples of *other* vulnerabilities, not an insufficient resource pool.
缓解措施 (5)
Architecture and DesignDo not perform resource-intensive transactions for unauthenticated users and/or invalid requests.
Architecture and DesignConsider implementing a velocity check mechanism which would detect abusive behavior.
OperationConsider load balancing as an option to handle heavy loads.
ImplementationMake sure that resource handles are properly closed when no longer needed.
Architecture and DesignIdentify the system's resource intensive operations and consider protecting them from abuse (e.g. malicious automated script which runs the resources out).
代码示例 (1)
In the following snippet from a Tomcat configuration file, a JDBC connection pool is defined with a maximum of 5 simultaneous connections (with a 60 second timeout). In this case, it may be trivial for an attacker to instigate a denial of service (DoS) by using up all of the available connections in the pool.
<Resource name="jdbc/exampledb" auth="Container" type="javax.sql.DataSource" removeAbandoned="true" removeAbandonedTimeout="30" maxActive="5" maxIdle="5" maxWait="60000" username="testuser" password="testpass" driverClassName="com.mysql.jdbc.Driver" url="jdbc:mysql://localhost/exampledb"/>
Bad · XML
CVE ID标题CVSS风险等级Published
CVE-2025-2134 IBM Jazz Reporting Service(JRS) 安全漏洞 — Jazz Reporting Service 3.5 Low2026-02-04
CVE-2025-12986 Silicon Labs Gecko SDK 安全漏洞 — Gecko SDK 7.5AIHighAI2025-12-04
CVE-2025-41653 Weidmueller Interface多款产品 安全漏洞 — IE-SW-VL05M-5TX 7.5 High2025-05-27
CVE-2025-27479 Microsoft Windows Kerberos 安全漏洞 — Windows Server 2012 7.5 High2025-04-08
CVE-2025-27694 Dell Wyse Management Suite 安全漏洞 — Wyse Management Suite 5.3 Medium2025-04-02
CVE-2025-0453 MLflow 安全漏洞 — mlflow/mlflow 7.5 -2025-03-20
CVE-2024-7392 ChargePoint Home Flex 安全漏洞 — Home Flex 6.5 -2024-11-22
CVE-2023-7033 Mitsubishi Electric MELSEC iQ-F series 安全漏洞 — MELSEC iQ-R series CPU module R00CPU 5.3 Medium2024-02-27
CVE-2023-38505 DietPi-Dashboard 安全漏洞 — DietPi-Dashboard 7.5 High2023-07-27
CVE-2022-40224 Moxa SDS-3008 安全漏洞 — SDS-3008 Series Industrial Ethernet Switch 7.5 -2023-02-07
CVE-2022-46679 Dell PowerScale OneFS 安全漏洞 — PowerScale OneFS 6.5 Medium2023-02-01
CVE-2022-20937 Cisco Identity Services Engine 资源管理错误漏洞 — Cisco Identity Services Engine Software 5.3 Medium2022-11-03
CVE-2022-2048 Eclipse Jetty 安全漏洞 — Eclipse Jetty 7.5 High2022-07-07
CVE-2022-22191 Juniper Networks Junos OS 资源管理错误漏洞 — Junos OS 6.5 Medium2022-04-14
CVE-2021-1615 Cisco Embedded Wireless Controller 安全漏洞 — Cisco IOS XE Software 8.6 High2021-09-23
CVE-2019-13921 Siemens SIMATIC WinAC RTX(F)2010 资源管理错误漏洞 — SIMATIC WinAC RTX (F) 2010 7.5 -2019-10-10
CVE-2019-0056 瞻博网络 Juniper Networks Junos OS 安全漏洞 — Junos OS 7.5 High2019-10-09
CVE-2018-13815 Siemens SIMATIC S7-1200和SIMATIC S7-1500 安全漏洞 — SIMATIC S7-1200, SIMATIC S7-1500 7.5 -2018-12-13

CWE-410(不充分的资源池) 是常见的弱点类别,本平台收录该类弱点关联的 18 条 CVE 漏洞。