Detail

Denial of Service (MySQL)

Severity: Information

Summary #

Invicti identified a MySQL denial of service due to too many connections.

Several triggers cause this, including: possible DoS attack, high usage, not optimized MySQL server, or poorly developed server-side code.

Remediation #
In order to fix this problem, you should first determine what causes this. Some suggestions:
  • Check max_connections settings in the MySQL configuration file, which is located in the MySQL installation folder for Windows systems, and /etc/my.cnf for Unix/Linux-like systems.
  • Do not use persistent connections on your code. This is possible only for PHP systems by disabling it through the setting on php.ini.
    mysql.allow_persistent=Off
  • Ensure you explicitly close the database connections.
  • Ensure you close opened database connections when an error occurs in the code.
  • Lower the MySQL connection timeout.
Classifications #
CWE-400; ISO27001-A.14.1.2; WASC-10; OWASP PC-C9 , CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
Vulnerability Index

Vulnerability Index

You can search and find all vulnerabilities

Select Category

OR

Search Vulnerability

Related Vulnerabilities

Netsparker

Dead accurate, fast & easy-to-use Web Application Security Scanner

Get a demo

Invicti Security Corp
220 Industrial Blvd Ste 102
Austin, TX 78745

© Invicti 2022

RESOURCES

USE CASES

WEB SECURITY

COMPANY

© Invicti 2022

SSA Privacy Policy California Privacy Rights Terms of Use Accessibility Sitemap