Summary

Acunetix 360 identified a MySQL denial of service due to too many connections.

Several triggers cause this, including: possible DoS attack, high usage, not optimized MySQL server, or poorly developed server-side code.

Remediation

In order to fix this problem, you should first determine what causes this. Some suggestions:
  • Check max_connections settings in the MySQL configuration file, which is located in the MySQL installation folder for Windows systems, and /etc/my.cnf for Unix/Linux-like systems.
  • Do not use persistent connections on your code. This is possible only for PHP systems by disabling it through the setting on php.ini.
    mysql.allow_persistent=Off
    
  • Ensure you explicitly close the database connections.
  • Ensure you close opened database connections when an error occurs in the code.
  • Lower the MySQL connection timeout.

Severity

Information

Classification

CWE-400 ISO27001-A.14.1.2 WASC-10 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H