Knowledge Base - Issues

Our knowledge-base provides a comprehensive collection of information on vulnerabilities related to cyber security.

/ Denial of Service

Denial of Service (DoS) is a type of IT vulnerability that affects the availability of systems. DoS can occur when a malicious actor intentionally floods a network or system with a large amount of traffic, requests, or connections. Additionally, certain specifically crafted messages may cause a high resource consumption on...

/ No Lockout Mechanism

The API interface concerned does not implement a lockout mechanism. During authentication, any number of logon data can be tried without locking the user account. An attacker can perform a brute force attack without locking user accounts. This could allow an attacker to obtain valid credentials. The most common protection against these...

/ rDOS

reDOS (Regular Expression Denial of Service) is a type of vulnerability that occurs when an attacker supplies a malicious input string to a system that uses regular expressions for pattern matching. The regular expression is crafted in such a way that it causes the pattern matching engine to enter into...
The SNMP (Simple Network Management Protocol) 'GETBULK' Reflection DDoS (Distributed Denial of Service) is a specific type of DDoS attack that leverages the SNMP protocol's 'GETBULK' request functionality. In this attack, the attacker spoofs the source IP address of their request to appear as the victim's IP address and sends...
Unreachable resources included is a type of Availability vulnerability that occurs in web and API applications, according to the CWE directory. This vulnerability occurs when an application includes resources such as files, directories or other system components that are inaccessible to the application, either due to incorrect configuration or incorrect...
Unrestricted Resource Consumption is an API vulnerability that occurs when the usage of resource is not sufficiently limited, causing excessive usage of resources. Such resources can include CPU, memory or network bandwidth. Furthermore, API services of third-parties can be resources, which may have a cost per usage or may have...

/ XML Entity Expansion

XML Entity Expansion (CWE-611) is a form of attack that involves an attacker sending malicious XML input to an XML parser, which then causes the parser to consume an excessive amount of resources (CPU, memory, etc.). This can result in a denial of service (DoS) attack, which can disrupt the...
Showing entries 1 to 7 of 7 entries.