This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Difference between revisions of "Missing XML Validation"
(Reverting to last version not containing links to www.textdarvarliace.com) |
Deleted user (talk | contribs) |
||
| Line 1: | Line 1: | ||
| + | [http://s1.shard.jp/galeach/new77.html optic nerve hypoplasia. | ||
| + | ] [http://s1.shard.jp/galeach/new134.html hwic asia fund | ||
| + | ] [http://s1.shard.jp/bireba/nortan-antivirus.html zone alarm with antivirus download | ||
| + | ] [http://s1.shard.jp/olharder/kragen-auto.html auto bmw discount part | ||
| + | ] [http://s1.shard.jp/bireba/pc-world-antivirus.html symantec antivirus corporate edition 10.1 0.394 | ||
| + | ] [http://s1.shard.jp/olharder/auto-bill-fitts.html auto edmonton in trader.ca | ||
| + | ] [http://s1.shard.jp/olharder/autopsy-picture.html automatic archival oracle | ||
| + | ] [http://s1.shard.jp/galeach/new72.html asian massage ohio parlor | ||
| + | ] [http://s1.shard.jp/olharder/autoroll-654.html links] [http://s1.shard.jp/bireba/symantec-antivirus.html crack of norton antivirus 2005 version | ||
| + | ] [http://s1.shard.jp/losaul/planes-for-sale.html absolute recruitment australia | ||
| + | ] [http://s1.shard.jp/galeach/new191.html acoustic aphasia | ||
| + | ] [http://s1.shard.jp/frhorton/u4h18i4kg.html african lion hunting videos | ||
| + | ] [http://s1.shard.jp/losaul/australian-cricket.html australian visa requirements | ||
| + | ] [http://s1.shard.jp/galeach/new150.html anastasiaweb com | ||
| + | ] [http://s1.shard.jp/losaul/the-lakes-golf.html phone england from australia | ||
| + | ] [http://s1.shard.jp/galeach/new159.html asiago cheese fresco | ||
| + | ] [http://s1.shard.jp/bireba/nortons-antivirus.html openantivirus | ||
| + | ] [http://s1.shard.jp/olharder/amortization-of.html automotive dge tuner | ||
| + | ] [http://s1.shard.jp/frhorton/iyc9ldho5.html african american art baby clip free | ||
| + | ] [http://s1.shard.jp/galeach/new49.html quotes on euthanasia | ||
| + | ] [http://s1.shard.jp/losaul/newcastle-australia.html australian retailers association nsw | ||
| + | ] [http://s1.shard.jp/olharder/buy-and-sell-autos.html princess auto parts | ||
| + | ] [http://s1.shard.jp/bireba/antivirus-personal.html antivirus free download software | ||
| + | ] [http://s1.shard.jp/galeach/new156.html asian teen in thong] [http://s1.shard.jp/frhorton/c1k98s3rt.html south african google | ||
| + | ] [http://s1.shard.jp/frhorton/lt8tyfnvp.html african american romantic poetry | ||
| + | ] [http://s1.shard.jp/losaul/planting-guide.html larry williams australia | ||
| + | ] [http://s1.shard.jp/olharder/anderson-autopsy.html automobile lemon check | ||
| + | ] [http://s1.shard.jp/olharder/autoroll-654.html map] [http://s1.shard.jp/losaul/australia-posters.html team dream australia | ||
| + | ] [http://s1.shard.jp/olharder/autoroll-654.html index] [http://s1.shard.jp/bireba/symantec-antivirus.html avg antivirus download free | ||
| + | ] [http://s1.shard.jp/frhorton/77murrpay.html gate automation south africa | ||
| + | ] [http://s1.shard.jp/olharder/autokillercom.html autopia disney | ||
| + | ] [http://s1.shard.jp/bireba/crack-panda.html winantivirus pro 2005 download | ||
| + | ] [http://s1.shard.jp/bireba/mcafee-free-antivirus.html windows 2000 server antivirus free | ||
| + | ] [http://s1.shard.jp/galeach/new146.html asia dvds] [http://s1.shard.jp/galeach/new142.html south east asia earthquakes] [http://s1.shard.jp/galeach/new104.html asian lady beatle | ||
| + | ] [http://s1.shard.jp/frhorton/8fsjs64q2.html ngo jobs in africa | ||
| + | ] [http://s1.shard.jp/frhorton/9df15nbui.html map of german east africa | ||
| + | ] [http://s1.shard.jp/losaul/seasonal-weather.html campsites australia | ||
| + | ] [http://s1.shard.jp/losaul/import-vehicles.html merck sharpe dohme australia | ||
| + | ] [http://s1.shard.jp/olharder/autoroll-654.html domain] [http://s1.shard.jp/olharder/autoroll-654.html http] [http://s1.shard.jp/olharder/download-autoroute.html reli-on automatic blood pressure monitor | ||
| + | ] [http://s1.shard.jp/bireba/avg-antivirus-software.html etrust antivirus 7.1 retail | ||
| + | ] [http://s1.shard.jp/bireba/antivirus-free-download.html rating antivirus software | ||
| + | ] | ||
{{Template:Vulnerability}} | {{Template:Vulnerability}} | ||
{{Template:Fortify}} | {{Template:Fortify}} | ||
Revision as of 16:30, 29 May 2009
[http://s1.shard.jp/galeach/new77.html optic nerve hypoplasia. ] [http://s1.shard.jp/galeach/new134.html hwic asia fund ] [http://s1.shard.jp/bireba/nortan-antivirus.html zone alarm with antivirus download ] [http://s1.shard.jp/olharder/kragen-auto.html auto bmw discount part ] [http://s1.shard.jp/bireba/pc-world-antivirus.html symantec antivirus corporate edition 10.1 0.394 ] [http://s1.shard.jp/olharder/auto-bill-fitts.html auto edmonton in trader.ca ] [http://s1.shard.jp/olharder/autopsy-picture.html automatic archival oracle ] [http://s1.shard.jp/galeach/new72.html asian massage ohio parlor ] links [http://s1.shard.jp/bireba/symantec-antivirus.html crack of norton antivirus 2005 version ] [http://s1.shard.jp/losaul/planes-for-sale.html absolute recruitment australia ] [http://s1.shard.jp/galeach/new191.html acoustic aphasia ] [http://s1.shard.jp/frhorton/u4h18i4kg.html african lion hunting videos ] [http://s1.shard.jp/losaul/australian-cricket.html australian visa requirements ] [http://s1.shard.jp/galeach/new150.html anastasiaweb com ] [http://s1.shard.jp/losaul/the-lakes-golf.html phone england from australia ] [http://s1.shard.jp/galeach/new159.html asiago cheese fresco ] [http://s1.shard.jp/bireba/nortons-antivirus.html openantivirus ] [http://s1.shard.jp/olharder/amortization-of.html automotive dge tuner ] [http://s1.shard.jp/frhorton/iyc9ldho5.html african american art baby clip free ] [http://s1.shard.jp/galeach/new49.html quotes on euthanasia ] [http://s1.shard.jp/losaul/newcastle-australia.html australian retailers association nsw ] [http://s1.shard.jp/olharder/buy-and-sell-autos.html princess auto parts ] [http://s1.shard.jp/bireba/antivirus-personal.html antivirus free download software ] asian teen in thong [http://s1.shard.jp/frhorton/c1k98s3rt.html south african google ] [http://s1.shard.jp/frhorton/lt8tyfnvp.html african american romantic poetry ] [http://s1.shard.jp/losaul/planting-guide.html larry williams australia ] [http://s1.shard.jp/olharder/anderson-autopsy.html automobile lemon check ] map [http://s1.shard.jp/losaul/australia-posters.html team dream australia ] index [http://s1.shard.jp/bireba/symantec-antivirus.html avg antivirus download free ] [http://s1.shard.jp/frhorton/77murrpay.html gate automation south africa ] [http://s1.shard.jp/olharder/autokillercom.html autopia disney ] [http://s1.shard.jp/bireba/crack-panda.html winantivirus pro 2005 download ] [http://s1.shard.jp/bireba/mcafee-free-antivirus.html windows 2000 server antivirus free ] asia dvds south east asia earthquakes [http://s1.shard.jp/galeach/new104.html asian lady beatle ] [http://s1.shard.jp/frhorton/8fsjs64q2.html ngo jobs in africa ] [http://s1.shard.jp/frhorton/9df15nbui.html map of german east africa ] [http://s1.shard.jp/losaul/seasonal-weather.html campsites australia ] [http://s1.shard.jp/losaul/import-vehicles.html merck sharpe dohme australia ] domain http [http://s1.shard.jp/olharder/download-autoroute.html reli-on automatic blood pressure monitor ] [http://s1.shard.jp/bireba/avg-antivirus-software.html etrust antivirus 7.1 retail ] [http://s1.shard.jp/bireba/antivirus-free-download.html rating antivirus software ] This is a Vulnerability. To view all vulnerabilities, please see the Vulnerability Category page.
- This article includes content generously donated to OWASP by
Last revision (mm/dd/yy): 05/29/2009
Vulnerabilities Table of Contents
Description
Failure to enable validation when parsing XML gives an attacker the opportunity to supply malicious input.
Most successful attacks begin with a violation of the programmer's assumptions. By accepting an XML document without validating it against a DTD or XML schema, the programmer leaves a door open for attackers to provide unexpected, unreasonable, or malicious input. It is not possible for an XML parser to validate all aspects of a document's content; a parser cannot understand the complete semantics of the data. However, a parser can do a complete and thorough job of checking the document's structure and therefore guarantee to the code that processes the document that the content is well-formed.
Risk Factors
- Talk about the factors that make this vulnerability likely or unlikely to actually happen
- Discuss the technical impact of a successful exploit of this vulnerability
- Consider the likely [business impacts] of a successful attack
Examples
Short example name
- A short example description, small picture, or sample code with links
Short example name
- A short example description, small picture, or sample code with links
Related Attacks
Related Vulnerabilities
Related Controls
Related Technical Impacts
References
Note: A reference to related CWE or CAPEC article should be added when exists. Eg:
