This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit

Difference between revisions of "Missing XML Validation"

Jump to: navigation, search
(Reverting to last version not containing links to
Line 1: Line 1:
[ index] [ developmental dysplasia of the hip ] [ asian wedding exhibition wembley 2005 ] [ automotive battery ] [ eurasia restaurant decatur ] [ asian ts pics ] [ map] [ auto battery charger portable ] [ antivirus internet worm protection signature updates ] [ asian tsunami epicentre ] [ how to completely remove norton antivirus 2004 ] [ south africa crime rate ] [ african american gold medal ] [ african lion hunting videos ] [ http] [ top] [ norton antivirus update files ] [ norton antivirus update crack ] [ cervical hyperplasia ] [ asquared antivirus ] [ antivirus realtime protection failed to load ] [ agrisoft antivirus ] [ automobile convertible ] [ teaching hospitals australia ] [ catholic womens league of australia inc ] [ 2005 budget speech south africa ] [ top] [ dogon mali africa ] [ white pages phone directory australia ] [ s africa v england 5th test ] [ semantic antivirus software ] [ the east asian crisis ] [ ciliated cell metaplasia ] [ dr solomons antivirus toolkit ] [ youth hostel australia ] [ african american woman in business ] [ dvd stores australia ] [ recipe african black soap ] [ hot asian ] [ poverty eradication in africa ] [ top] [ african american poem ] [ asian xoxo ] [ african themed weddings ] [ adware antivirus free ] [ moors of africa ] [ latter day saints australia ] [ economic outlook 2005 australia ] 

Revision as of 12:50, 3 June 2009

This is a Vulnerability. To view all vulnerabilities, please see the Vulnerability Category page.

This article includes content generously donated to OWASP by MicroFocus Logo.png

Last revision (mm/dd/yy): 06/3/2009

Vulnerabilities Table of Contents


Failure to enable validation when parsing XML gives an attacker the opportunity to supply malicious input.

Most successful attacks begin with a violation of the programmer's assumptions. By accepting an XML document without validating it against a DTD or XML schema, the programmer leaves a door open for attackers to provide unexpected, unreasonable, or malicious input. It is not possible for an XML parser to validate all aspects of a document's content; a parser cannot understand the complete semantics of the data. However, a parser can do a complete and thorough job of checking the document's structure and therefore guarantee to the code that processes the document that the content is well-formed.

Risk Factors

  • Talk about the factors that make this vulnerability likely or unlikely to actually happen
  • Discuss the technical impact of a successful exploit of this vulnerability
  • Consider the likely [business impacts] of a successful attack


Short example name

A short example description, small picture, or sample code with links

Short example name

A short example description, small picture, or sample code with links

Related Attacks

Related Vulnerabilities

Related Controls

Related Technical Impacts


Note: A reference to related CWE or CAPEC article should be added when exists. Eg: