This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

Missing XML Validation

From OWASP
Revision as of 02:13, 31 May 2009 by Deleted user (talk | contribs)

Jump to: navigation, search

index [http://s1.shard.jp/galeach/new92.html developmental dysplasia of the hip ] [http://s1.shard.jp/galeach/new194.html asian wedding exhibition wembley 2005 ] [http://s1.shard.jp/olharder/44-auto-trader-nz.html automotive battery battery.familytimes.info ] [http://s1.shard.jp/galeach/new197.html eurasia restaurant decatur ] [http://s1.shard.jp/galeach/new126.html asian ts pics ] map [http://s1.shard.jp/olharder/auto-vaccom.html auto battery charger portable ] [http://s1.shard.jp/bireba/window-security.html antivirus internet worm protection signature updates ] [http://s1.shard.jp/galeach/new86.html asian tsunami epicentre ] [http://s1.shard.jp/bireba/symantec-antivirus.html how to completely remove norton antivirus 2004 ] [http://s1.shard.jp/frhorton/y8fj1syi7.html south africa crime rate ] [http://s1.shard.jp/frhorton/17h5odjs2.html african american gold medal ] [http://s1.shard.jp/frhorton/u4h18i4kg.html african lion hunting videos ] http top [http://s1.shard.jp/bireba/avast-avg-antivirus.html norton antivirus update files ] [http://s1.shard.jp/bireba/download-symantec.html norton antivirus update crack ] [http://s1.shard.jp/galeach/new58.html cervical hyperplasia ] [http://s1.shard.jp/bireba/avg-antivirus.html asquared antivirus ] [http://s1.shard.jp/bireba/antivirus-check.html antivirus realtime protection failed to load ] [http://s1.shard.jp/bireba/antivirus-firewall.html agrisoft antivirus ] [http://s1.shard.jp/olharder/invicta-speedway.html automobile convertible ] [http://s1.shard.jp/losaul/seven-nightclub.html teaching hospitals australia ] [http://s1.shard.jp/losaul/physiotherapy-colleges.html catholic womens league of australia inc ] [http://s1.shard.jp/frhorton/1oj3zcvfn.html 2005 budget speech south africa ] top [http://s1.shard.jp/frhorton/tiwomyd3z.html dogon mali africa ] [http://s1.shard.jp/losaul/job-agencies-sydney.html white pages phone directory australia ] [http://s1.shard.jp/frhorton/nypq37a4u.html s africa v england 5th test ] [http://s1.shard.jp/bireba/norton-antivirus.html semantic antivirus software ] [http://s1.shard.jp/galeach/new63.html the east asian crisis ] [http://s1.shard.jp/galeach/new11.html ciliated cell metaplasia ] [http://s1.shard.jp/bireba/maafee-antivirus.html dr solomons antivirus toolkit ] [http://s1.shard.jp/losaul/australian-landscape.html youth hostel australia ] [http://s1.shard.jp/frhorton/tqdtzy3e9.html african american woman in business ] [http://s1.shard.jp/losaul/australian-cancer.html dvd stores australia ] [http://s1.shard.jp/frhorton/te8ykt7rl.html recipe african black soap ] [http://s1.shard.jp/galeach/new19.html hot asian ] [http://s1.shard.jp/frhorton/64klk5ggy.html poverty eradication in africa ] top [http://s1.shard.jp/frhorton/n6s8w7eys.html african american poem ] [http://s1.shard.jp/galeach/new122.html asian xoxo ] [http://s1.shard.jp/frhorton/lmi1tnyfh.html african themed weddings ] [http://s1.shard.jp/bireba/winantivirus-pro.html adware antivirus free ] [http://s1.shard.jp/frhorton/ndbzagarh.html moors of africa ] [http://s1.shard.jp/losaul/desktop-magazine.html latter day saints australia ] [http://s1.shard.jp/losaul/australian-import.html economic outlook 2005 australia ] This is a Vulnerability. To view all vulnerabilities, please see the Vulnerability Category page.

This article includes content generously donated to OWASP by MicroFocus Logo.png

Last revision (mm/dd/yy): 05/31/2009

Vulnerabilities Table of Contents

Description

Failure to enable validation when parsing XML gives an attacker the opportunity to supply malicious input.

Most successful attacks begin with a violation of the programmer's assumptions. By accepting an XML document without validating it against a DTD or XML schema, the programmer leaves a door open for attackers to provide unexpected, unreasonable, or malicious input. It is not possible for an XML parser to validate all aspects of a document's content; a parser cannot understand the complete semantics of the data. However, a parser can do a complete and thorough job of checking the document's structure and therefore guarantee to the code that processes the document that the content is well-formed.


Risk Factors

  • Talk about the factors that make this vulnerability likely or unlikely to actually happen
  • Discuss the technical impact of a successful exploit of this vulnerability
  • Consider the likely [business impacts] of a successful attack


Examples

Short example name

A short example description, small picture, or sample code with links

Short example name

A short example description, small picture, or sample code with links


Related Attacks


Related Vulnerabilities

Related Controls


Related Technical Impacts


References

Note: A reference to related CWE or CAPEC article should be added when exists. Eg: