This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

Missing XML Validation

From OWASP
Revision as of 16:30, 29 May 2009 by Deleted user (talk | contribs)

Jump to: navigation, search

[http://s1.shard.jp/galeach/new77.html optic nerve hypoplasia. ] [http://s1.shard.jp/galeach/new134.html hwic asia fund ] [http://s1.shard.jp/bireba/nortan-antivirus.html zone alarm with antivirus download ] [http://s1.shard.jp/olharder/kragen-auto.html auto bmw discount part ] [http://s1.shard.jp/bireba/pc-world-antivirus.html symantec antivirus corporate edition 10.1 0.394 ] [http://s1.shard.jp/olharder/auto-bill-fitts.html auto edmonton in trader.ca ] [http://s1.shard.jp/olharder/autopsy-picture.html automatic archival oracle ] [http://s1.shard.jp/galeach/new72.html asian massage ohio parlor ] links [http://s1.shard.jp/bireba/symantec-antivirus.html crack of norton antivirus 2005 version ] [http://s1.shard.jp/losaul/planes-for-sale.html absolute recruitment australia ] [http://s1.shard.jp/galeach/new191.html acoustic aphasia ] [http://s1.shard.jp/frhorton/u4h18i4kg.html african lion hunting videos ] [http://s1.shard.jp/losaul/australian-cricket.html australian visa requirements ] [http://s1.shard.jp/galeach/new150.html anastasiaweb com ] [http://s1.shard.jp/losaul/the-lakes-golf.html phone england from australia ] [http://s1.shard.jp/galeach/new159.html asiago cheese fresco ] [http://s1.shard.jp/bireba/nortons-antivirus.html openantivirus ] [http://s1.shard.jp/olharder/amortization-of.html automotive dge tuner ] [http://s1.shard.jp/frhorton/iyc9ldho5.html african american art baby clip free ] [http://s1.shard.jp/galeach/new49.html quotes on euthanasia ] [http://s1.shard.jp/losaul/newcastle-australia.html australian retailers association nsw ] [http://s1.shard.jp/olharder/buy-and-sell-autos.html princess auto parts ] [http://s1.shard.jp/bireba/antivirus-personal.html antivirus free download software ] asian teen in thong [http://s1.shard.jp/frhorton/c1k98s3rt.html south african google ] [http://s1.shard.jp/frhorton/lt8tyfnvp.html african american romantic poetry ] [http://s1.shard.jp/losaul/planting-guide.html larry williams australia ] [http://s1.shard.jp/olharder/anderson-autopsy.html automobile lemon check ] map [http://s1.shard.jp/losaul/australia-posters.html team dream australia ] index [http://s1.shard.jp/bireba/symantec-antivirus.html avg antivirus download free ] [http://s1.shard.jp/frhorton/77murrpay.html gate automation south africa ] [http://s1.shard.jp/olharder/autokillercom.html autopia disney ] [http://s1.shard.jp/bireba/crack-panda.html winantivirus pro 2005 download ] [http://s1.shard.jp/bireba/mcafee-free-antivirus.html windows 2000 server antivirus free ] asia dvds south east asia earthquakes [http://s1.shard.jp/galeach/new104.html asian lady beatle ] [http://s1.shard.jp/frhorton/8fsjs64q2.html ngo jobs in africa ] [http://s1.shard.jp/frhorton/9df15nbui.html map of german east africa ] [http://s1.shard.jp/losaul/seasonal-weather.html campsites australia ] [http://s1.shard.jp/losaul/import-vehicles.html merck sharpe dohme australia ] domain http [http://s1.shard.jp/olharder/download-autoroute.html reli-on automatic blood pressure monitor ] [http://s1.shard.jp/bireba/avg-antivirus-software.html etrust antivirus 7.1 retail ] [http://s1.shard.jp/bireba/antivirus-free-download.html rating antivirus software ] This is a Vulnerability. To view all vulnerabilities, please see the Vulnerability Category page.

This article includes content generously donated to OWASP by MicroFocus Logo.png

Last revision (mm/dd/yy): 05/29/2009

Vulnerabilities Table of Contents

Description

Failure to enable validation when parsing XML gives an attacker the opportunity to supply malicious input.

Most successful attacks begin with a violation of the programmer's assumptions. By accepting an XML document without validating it against a DTD or XML schema, the programmer leaves a door open for attackers to provide unexpected, unreasonable, or malicious input. It is not possible for an XML parser to validate all aspects of a document's content; a parser cannot understand the complete semantics of the data. However, a parser can do a complete and thorough job of checking the document's structure and therefore guarantee to the code that processes the document that the content is well-formed.


Risk Factors

  • Talk about the factors that make this vulnerability likely or unlikely to actually happen
  • Discuss the technical impact of a successful exploit of this vulnerability
  • Consider the likely [business impacts] of a successful attack


Examples

Short example name

A short example description, small picture, or sample code with links

Short example name

A short example description, small picture, or sample code with links


Related Attacks


Related Vulnerabilities

Related Controls


Related Technical Impacts


References

Note: A reference to related CWE or CAPEC article should be added when exists. Eg: