Home > CAPEC List > CAPEC-119: Deplete Resources (Version 2.9)  

CAPEC CATEGORY: Deplete Resources

Deplete Resources
Definition in a New Window Definition in a New Window
Category ID: 119
Status: Deprecated
+ Description


Attack patterns within this category focus on the depletion of a resource to the point that the target's functionality is affected. Virtually any resource necessary for the target's operation can be targeted in this attack. The result of a successful resource depletion attack is usually the degrading or denial of one or more services offered by the target. Resources required will depend on the nature of the resource being depleted, the amount of resources the target has access to, and other mitigating circumstances such as the target's ability to shift load or acquire additional resources to deal with the depletion. The more protected the resource and the greater the quantity of it that must be consumed, the more skill the adversary will need to successfully execute attacks in this category.
+ Attack Prerequisites
  • The target must rely on a vulnerable resource for its operations and be unable to replace it in a reasonable amount of time if it is unavailable.

  • The attacker must have the ability to consume, destroy, or disrupt a resource required for normal operation of the target.

+ Resources Required

In order to deplete the target's resources the attacker must interact with the target in a programmatic way. Depending on the nature of the resource the attacker may need a client or script capable of making repeated requests over a network, or the ability to craft specific requests, such as an HTTP request containing thousands of slashes. If the attacker has some privileges on the system the required resource will likely be the ability to run a binary or upload a compiled exploit, or write and execute a script or program that consumes resources. Depending on the defenses of the targeted system, the attacker may need access to extensive computational and network resources in order to overwhelm the target.

+ Relationships
NatureTypeIDNameView(s) this relationship pertains toView(s)
+ Content History
CAPEC Content TeamThe MITRE Corporation2014-06-23Internal_CAPEC_Team
CAPEC Content TeamThe MITRE Corporation2017-01-09Updated RelationshipsInternal

More information is available — Please select a different filter.
Page Last Updated or Reviewed: December 07, 2015