This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit

Difference between revisions of "Missing XML Validation"

Jump to: navigation, search
(Reverting to last version not containing links to
Line 1: Line 1:
[ optic nerve hypoplasia.
] [ hwic asia fund
] [ zone alarm with antivirus download
] [ auto bmw discount part
] [ symantec antivirus corporate edition 10.1 0.394
] [ auto edmonton in
] [ automatic archival oracle
] [ asian massage ohio parlor
] [ links] [ crack of norton antivirus 2005 version
] [ absolute recruitment australia
] [ acoustic aphasia
] [ african lion hunting videos
] [ australian visa requirements
] [ anastasiaweb com
] [ phone england from australia
] [ asiago cheese fresco
] [ openantivirus
] [ automotive dge tuner
] [ african american art baby clip free
] [ quotes on euthanasia
] [ australian retailers association nsw
] [ princess auto parts
] [ antivirus free download software
] [ asian teen in thong] [ south african google
] [ african american romantic poetry
] [ larry williams australia
] [ automobile lemon check
] [ map] [ team dream australia
] [ index] [ avg antivirus download free
] [ gate automation south africa
] [ autopia disney
] [ winantivirus pro 2005 download
] [ windows 2000 server antivirus free
] [ asia dvds] [ south east asia earthquakes] [ asian lady beatle
] [ ngo jobs in africa
] [ map of german east africa
] [ campsites australia
] [ merck sharpe dohme australia
] [ domain] [ http] [ reli-on automatic blood pressure monitor
] [ etrust antivirus 7.1 retail
] [ rating antivirus software

Revision as of 18:00, 29 May 2009

This is a Vulnerability. To view all vulnerabilities, please see the Vulnerability Category page.

This article includes content generously donated to OWASP by MicroFocus Logo.png

Last revision (mm/dd/yy): 05/29/2009

Vulnerabilities Table of Contents


Failure to enable validation when parsing XML gives an attacker the opportunity to supply malicious input.

Most successful attacks begin with a violation of the programmer's assumptions. By accepting an XML document without validating it against a DTD or XML schema, the programmer leaves a door open for attackers to provide unexpected, unreasonable, or malicious input. It is not possible for an XML parser to validate all aspects of a document's content; a parser cannot understand the complete semantics of the data. However, a parser can do a complete and thorough job of checking the document's structure and therefore guarantee to the code that processes the document that the content is well-formed.

Risk Factors

  • Talk about the factors that make this vulnerability likely or unlikely to actually happen
  • Discuss the technical impact of a successful exploit of this vulnerability
  • Consider the likely [business impacts] of a successful attack


Short example name

A short example description, small picture, or sample code with links

Short example name

A short example description, small picture, or sample code with links

Related Attacks

Related Vulnerabilities

Related Controls

Related Technical Impacts


Note: A reference to related CWE or CAPEC article should be added when exists. Eg: