forked from aquasecurity/vuln-list
-
Notifications
You must be signed in to change notification settings - Fork 0
/
CWE-1094.json
27 lines (27 loc) · 894 Bytes
/
CWE-1094.json
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
{
"ID": 1094,
"Name": "Excessive Index Range Scan for a Data Resource",
"Description": "The product contains an index range scan for a large data table,\n\t\t\t\t\tbut the scan can cover a large number of rows.",
"PotentialMitigations": {
"Mitigation": null
},
"RelatedAttackPatterns": {
"RelatedAttackPattern": null
},
"CommonConsequences": {
"Consequence": [
{
"Scope": [
"Other"
],
"Impact": [
"Reduce Performance"
]
}
]
},
"ExtendedDescription": [
"This issue can make the product perform more slowly. If the relevant code is reachable by an attacker, then this performance problem might introduce a vulnerability.",
"While the interpretation of \"large data table\" and \"excessive index range\" may vary for each product or developer, CISQ recommends a threshold of 1000000 table rows and a threshold of 10 for the index range."
]
}