The product allows an entity to perform a legitimate but expensive operation before authentication or authorization has taken place.
View on MITRESystem resources, CPU and memory, can be quickly consumed. This can lead to poor system performance or system crash.
No mitigation information available for this CWE.
No detection method information available for this CWE.
This function prints the contents of a specified file requested by a user.
This code first reads a specified file into memory, then prints the file if the user is authorized to see its contents. The read of the file into memory may be resource intensive and is unnecessary if the user is not allowed to see the file anyway.
CWE-408: Incorrect Behavior Order: Early Amplification is a Common Weakness Enumeration (CWE) entry maintained by MITRE. The product allows an entity to perform a legitimate but expensive operation before authentication or authorization has taken place.
If exploited, CWE-408 (Incorrect Behavior Order: Early Amplification) it can compromise Availability, leading to outcomes such as DoS: Amplification, DoS: Crash, Exit, or Restart, DoS: Resource Consumption (CPU) and DoS: Resource Consumption (Memory).
CWE-408 commonly affects Not Language-Specific. Note that weaknesses are often language-agnostic patterns, so secure coding practices apply broadly.
MITRE documents real CVEs mapped to CWE-408, including CVE-2004-2458. You can look up the full details of each CVE, including CVSS scores and remediation guidance, on our CVE Lookup tool.
A CWE (Common Weakness Enumeration) like CWE-408 describes a category of software weakness — the underlying flaw type. A CVE (Common Vulnerabilities and Exposures) identifies a specific, real-world vulnerability in a particular product. In short, a CWE is the kind of mistake, and a CVE is an instance of that mistake being found in software.