OWASP Periodic Table of Vulnerabilities - Routing Detour

Return to Periodic Table Working View

Root Cause Summary
This is a man in the middle type of attack, where (XML) content processors can be injected to route sensitive information to an attacker-controlled outside location. The attacker can modify the contents of the package and send it back to the original processor, unaware of the modifications.

Perimeter Solution
Use SSL/TLS for connections between all trusted locations, and verify each host.

Discussion / Controversy
This is actually a type of attack and not a vulnerability