1. Home
  2. CWE Database
  3. CWE-1072
Base · Medium

CWE-1072: Data Resource Access without Use of Connection Pooling

The product accesses a data resource through a database without using a connection pooling capability.

CWE-1072 · Base Level

Description

The product accesses a data resource through a database without using a connection pooling capability.

Potential Impact

Other

Reduce Performance

CWE-405: Asymmetric Resource Consumption (Amplification)

The product does not properly control situations in which an adversary can cause the product to consume or produce exces...

Taxonomy Mappings

  • OMG ASCPEM: ASCPEM-PRF-13 —

Frequently Asked Questions

What is CWE-1072?

CWE-1072 (Data Resource Access without Use of Connection Pooling) is a software weakness identified by MITRE's Common Weakness Enumeration. It is classified as a Base-level weakness. The product accesses a data resource through a database without using a connection pooling capability.

How can CWE-1072 be exploited?

Attackers can exploit CWE-1072 (Data Resource Access without Use of Connection Pooling) to reduce performance. This weakness is typically introduced during the Implementation, Architecture and Design phase of software development.

How do I prevent CWE-1072?

Follow secure coding practices, conduct code reviews, and use automated security testing tools (SAST/DAST) to detect this weakness early in the development lifecycle.

What is the severity of CWE-1072?

CWE-1072 is classified as a Base-level weakness (Medium abstraction). Its actual severity depends on the specific context and how the weakness manifests in your application.