Description
The product contains a data query against an SQL table or view that is configured in a way that does not utilize an index and may cause sequential searches to be performed.
Potential Impact
Availability
Reduce Performance
Related Weaknesses
Taxonomy Mappings
- OMG ASCPEM: ASCPEM-PRF-5 —
Frequently Asked Questions
What is CWE-1067?
CWE-1067 (Excessive Execution of Sequential Searches of Data Resource) is a software weakness identified by MITRE's Common Weakness Enumeration. It is classified as a Base-level weakness. The product contains a data query against an SQL table or view that is configured in a way that does not utilize an index and may cause sequential searches to be performed.
How can CWE-1067 be exploited?
Attackers can exploit CWE-1067 (Excessive Execution of Sequential Searches of Data Resource) to reduce performance. This weakness is typically introduced during the Implementation, Architecture and Design phase of software development.
How do I prevent CWE-1067?
Follow secure coding practices, conduct code reviews, and use automated security testing tools (SAST/DAST) to detect this weakness early in the development lifecycle.
What is the severity of CWE-1067?
CWE-1067 is classified as a Base-level weakness (Medium abstraction). Its actual severity depends on the specific context and how the weakness manifests in your application.