General Information

XML Schema Poisoning

Variants:
Direct 

Also Known As:
WSDL Metadata Spoofing

Vector Type:
Attack

Relevance:
Generic

Layer:
Application-Level

Platforms:
Any

Target Type:
Web Application, Web Service

Affected Mechanisms:
Web Server Configuration, Hardening

Invented In:
01/01/2009

Added In:
30/12/2014


Vector Operation Method:
An attacker modifying or corrupting the content of XML schema information sent from the client and server may cause unexpected behaviors in the application, such as exceptions, or sending mass amounts of nested data to trigger XDoS denial of service effects.


Direct Variant:

XML Schema Poisoning

Also Known As:
WSDL Metadata Spoofing

Typical Severity:
Medium

Learn More: