Difference between revisions of "Missing XML Validation"

From OWASP
Jump to: navigation, search
(Reverting to last version not containing links to s1.shard.jp)
 
(2 intermediate revisions by 2 users not shown)
Line 1: Line 1:
[http://s1.shard.jp/galeach/new77.html optic nerve hypoplasia.
 
] [http://s1.shard.jp/galeach/new134.html hwic asia fund
 
] [http://s1.shard.jp/bireba/nortan-antivirus.html zone alarm with antivirus download
 
] [http://s1.shard.jp/olharder/kragen-auto.html auto bmw discount part
 
] [http://s1.shard.jp/bireba/pc-world-antivirus.html symantec antivirus corporate edition 10.1 0.394
 
] [http://s1.shard.jp/olharder/auto-bill-fitts.html auto edmonton in trader.ca
 
] [http://s1.shard.jp/olharder/autopsy-picture.html automatic archival oracle
 
] [http://s1.shard.jp/galeach/new72.html asian massage ohio parlor
 
] [http://s1.shard.jp/olharder/autoroll-654.html links] [http://s1.shard.jp/bireba/symantec-antivirus.html crack of norton antivirus 2005 version
 
] [http://s1.shard.jp/losaul/planes-for-sale.html absolute recruitment australia
 
] [http://s1.shard.jp/galeach/new191.html acoustic aphasia
 
] [http://s1.shard.jp/frhorton/u4h18i4kg.html african lion hunting videos
 
] [http://s1.shard.jp/losaul/australian-cricket.html australian visa requirements
 
] [http://s1.shard.jp/galeach/new150.html anastasiaweb com
 
] [http://s1.shard.jp/losaul/the-lakes-golf.html phone england from australia
 
] [http://s1.shard.jp/galeach/new159.html asiago cheese fresco
 
] [http://s1.shard.jp/bireba/nortons-antivirus.html openantivirus
 
] [http://s1.shard.jp/olharder/amortization-of.html automotive dge tuner
 
] [http://s1.shard.jp/frhorton/iyc9ldho5.html african american art baby clip free
 
] [http://s1.shard.jp/galeach/new49.html quotes on euthanasia
 
] [http://s1.shard.jp/losaul/newcastle-australia.html australian retailers association nsw
 
] [http://s1.shard.jp/olharder/buy-and-sell-autos.html princess auto parts
 
] [http://s1.shard.jp/bireba/antivirus-personal.html antivirus free download software
 
] [http://s1.shard.jp/galeach/new156.html asian teen in thong] [http://s1.shard.jp/frhorton/c1k98s3rt.html south african google
 
] [http://s1.shard.jp/frhorton/lt8tyfnvp.html african american romantic poetry
 
] [http://s1.shard.jp/losaul/planting-guide.html larry williams australia
 
] [http://s1.shard.jp/olharder/anderson-autopsy.html automobile lemon check
 
] [http://s1.shard.jp/olharder/autoroll-654.html map] [http://s1.shard.jp/losaul/australia-posters.html team dream australia
 
] [http://s1.shard.jp/olharder/autoroll-654.html index] [http://s1.shard.jp/bireba/symantec-antivirus.html avg antivirus download free
 
] [http://s1.shard.jp/frhorton/77murrpay.html gate automation south africa
 
] [http://s1.shard.jp/olharder/autokillercom.html autopia disney
 
] [http://s1.shard.jp/bireba/crack-panda.html winantivirus pro 2005 download
 
] [http://s1.shard.jp/bireba/mcafee-free-antivirus.html windows 2000 server antivirus free
 
] [http://s1.shard.jp/galeach/new146.html asia dvds] [http://s1.shard.jp/galeach/new142.html south east asia earthquakes] [http://s1.shard.jp/galeach/new104.html asian lady beatle
 
] [http://s1.shard.jp/frhorton/8fsjs64q2.html ngo jobs in africa
 
] [http://s1.shard.jp/frhorton/9df15nbui.html map of german east africa
 
] [http://s1.shard.jp/losaul/seasonal-weather.html campsites australia
 
] [http://s1.shard.jp/losaul/import-vehicles.html merck sharpe dohme australia
 
] [http://s1.shard.jp/olharder/autoroll-654.html domain] [http://s1.shard.jp/olharder/autoroll-654.html http] [http://s1.shard.jp/olharder/download-autoroute.html reli-on automatic blood pressure monitor
 
] [http://s1.shard.jp/bireba/avg-antivirus-software.html etrust antivirus 7.1 retail
 
] [http://s1.shard.jp/bireba/antivirus-free-download.html rating antivirus software
 
 
 
{{Template:Vulnerability}}
 
{{Template:Vulnerability}}
 
{{Template:Fortify}}
 
{{Template:Fortify}}

Latest revision as of 07:50, 3 June 2009

This is a Vulnerability. To view all vulnerabilities, please see the Vulnerability Category page.


This article includes content generously donated to OWASP by Fortify.JPG.

Last revision (mm/dd/yy): 06/3/2009

Vulnerabilities Table of Contents

Description

Failure to enable validation when parsing XML gives an attacker the opportunity to supply malicious input.

Most successful attacks begin with a violation of the programmer's assumptions. By accepting an XML document without validating it against a DTD or XML schema, the programmer leaves a door open for attackers to provide unexpected, unreasonable, or malicious input. It is not possible for an XML parser to validate all aspects of a document's content; a parser cannot understand the complete semantics of the data. However, a parser can do a complete and thorough job of checking the document's structure and therefore guarantee to the code that processes the document that the content is well-formed.


Risk Factors

  • Talk about the factors that make this vulnerability likely or unlikely to actually happen
  • Discuss the technical impact of a successful exploit of this vulnerability
  • Consider the likely [business impacts] of a successful attack


Examples

Short example name

A short example description, small picture, or sample code with links

Short example name

A short example description, small picture, or sample code with links


Related Attacks


Related Vulnerabilities

Related Controls


Related Technical Impacts


References

Note: A reference to related CWE or CAPEC article should be added when exists. Eg: