logo

CWE-1094 - Excessive Index Range Scan for a Data Resource

CWE-1094

  • Abstraction:
  • Base
  • Structure:
  • Simple
  • Status:
  • Incomplete
Weakness Name

Excessive Index Range Scan for a Data Resource

Description

The product contains an index range scan for a large data table, but the scan can cover a large number of rows.

This issue can make the product perform more slowly. If the relevant code is reachable by an attacker, then this performance problem might introduce a vulnerability. While the interpretation of "large data table" and "excessive index range" may vary for each product or developer, CISQ recommends a threshold of 1000000 table rows and a threshold of 10 for the index range.

Common Consequences

Scope: Other

Impact: Reduce Performance

Related Weaknesses
  • Release Date:
  • 2019-01-03
  • Latest Modification Date:
  • 2024-02-29

Free security scan for your website