- What is CWE-404?
- The product does not release or incorrectly releases a resource before it is made available for re-use.
- What CVEs are caused by CWE-404?
- 510 recorded CVEs are attributed to CWE-404, including CVE-2018-8639, CVE-2018-8611, CVE-2018-8405. 5 are listed in CISA's Known Exploited Vulnerabilities (KEV) catalog.
- Is CWE-404 part of the OWASP Top 10?
- CWE-404 maps to OWASP Top Ten 2004: Denial of Service (A9) in the OWASP security taxonomy.
- How do you prevent CWE-404?
- Use a language that does not allow this weakness to occur or provides constructs that make this weakness easier to avoid.
- How is CWE-404 detected?
- Automated Dynamic Analysis: This weakness can be detected using dynamic tools and techniques that interact with the software using large test suites with many diverse inputs, such as fuzz testing (fuzzing), robustness testing, and fault injection. The software's operation may slow down, but it should not become unstable, crash, or generate incorrect results.
- What are the consequences of CWE-404?
- Exploiting CWE-404 can lead to: DoS: Resource Consumption (Other), Varies by Context, Read Application Data.
- Is CWE-404 actively exploited?
- Yes. 5 CWE-404 vulnerabilities are in CISA's KEV catalog of actively exploited flaws, out of 510 recorded CVEs.