This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

Difference between revisions of "OWASP Periodic Table of Vulnerabilities - Routing Detour"

From OWASP
Jump to: navigation, search
(initial page setup)
 
m
 
(One intermediate revision by one other user not shown)
Line 8: Line 8:
 
=== Browser / Standards Solution ===
 
=== Browser / Standards Solution ===
  
 +
None
  
 
=== Perimeter Solution ===
 
=== Perimeter Solution ===
  
Use SSL/TLS for connections between all trusted locations, and verify each host.
+
None
  
 
=== Generic Framework Solution ===
 
=== Generic Framework Solution ===
  
 +
Provide configuration-based whitelist for WS Routing destinations.
  
 
=== Custom Framework Solution ===
 
=== Custom Framework Solution ===
  
 +
None
  
 
=== Custom Code Solution ===
 
=== Custom Code Solution ===
  
 +
None
  
 
=== Discussion / Controversy ===
 
=== Discussion / Controversy ===
  
This is actually a type of attack and not a vulnerability
+
None
  
 
=== References ===
 
=== References ===

Latest revision as of 22:08, 20 July 2013

Return to Periodic Table Working View

Routing Detour

Root Cause Summary

This is a man in the middle type of attack, where (XML) content processors can be injected to route sensitive information to an attacker-controlled outside location. The attacker can modify the contents of the package and send it back to the original processor, unaware of the modifications.

Browser / Standards Solution

None

Perimeter Solution

None

Generic Framework Solution

Provide configuration-based whitelist for WS Routing destinations.

Custom Framework Solution

None

Custom Code Solution

None

Discussion / Controversy

None

References

XML Routing Detour Attacks (MITRE)
Routing Detour (WASC)