This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Difference between revisions of "OWASP Periodic Table of Vulnerabilities - Routing Detour"
From OWASP
m |
James Landis (talk | contribs) m |
||
Line 8: | Line 8: | ||
=== Browser / Standards Solution === | === Browser / Standards Solution === | ||
+ | None | ||
=== Perimeter Solution === | === Perimeter Solution === | ||
− | + | None | |
− | |||
=== Generic Framework Solution === | === Generic Framework Solution === | ||
+ | Provide configuration-based whitelist for WS Routing destinations. | ||
=== Custom Framework Solution === | === Custom Framework Solution === | ||
+ | None | ||
=== Custom Code Solution === | === Custom Code Solution === | ||
+ | None | ||
=== Discussion / Controversy === | === Discussion / Controversy === | ||
− | + | None | |
=== References === | === References === |
Latest revision as of 22:08, 20 July 2013
Return to Periodic Table Working View
Routing Detour
Root Cause Summary
This is a man in the middle type of attack, where (XML) content processors can be injected to route sensitive information to an attacker-controlled outside location. The attacker can modify the contents of the package and send it back to the original processor, unaware of the modifications.
Browser / Standards Solution
None
Perimeter Solution
None
Generic Framework Solution
Provide configuration-based whitelist for WS Routing destinations.
Custom Framework Solution
None
Custom Code Solution
None
Discussion / Controversy
None