This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

OWASP Periodic Table of Vulnerabilities - Routing Detour

From OWASP
Revision as of 22:08, 20 July 2013 by James Landis (talk | contribs)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search

Return to Periodic Table Working View

Routing Detour

Root Cause Summary

This is a man in the middle type of attack, where (XML) content processors can be injected to route sensitive information to an attacker-controlled outside location. The attacker can modify the contents of the package and send it back to the original processor, unaware of the modifications.

Browser / Standards Solution

None

Perimeter Solution

None

Generic Framework Solution

Provide configuration-based whitelist for WS Routing destinations.

Custom Framework Solution

None

Custom Code Solution

None

Discussion / Controversy

None

References

XML Routing Detour Attacks (MITRE)
Routing Detour (WASC)

Retrieved from "https://wiki.owasp.org/index.php?title=OWASP_Periodic_Table_of_Vulnerabilities_-_Routing_Detour&oldid=155735"