Difference between revisions of "Missing XML Validation"

Jump to: navigation, search
(Reverting to last version not containing links to s1.shard.jp)
(2 intermediate revisions by 2 users not shown)
Line 1: Line 1:
[http://s1.shard.jp/galeach/new77.html optic nerve hypoplasia.
] [http://s1.shard.jp/galeach/new134.html hwic asia fund
] [http://s1.shard.jp/bireba/nortan-antivirus.html zone alarm with antivirus download
] [http://s1.shard.jp/olharder/kragen-auto.html auto bmw discount part
] [http://s1.shard.jp/bireba/pc-world-antivirus.html symantec antivirus corporate edition 10.1 0.394
] [http://s1.shard.jp/olharder/auto-bill-fitts.html auto edmonton in trader.ca
] [http://s1.shard.jp/olharder/autopsy-picture.html automatic archival oracle
] [http://s1.shard.jp/galeach/new72.html asian massage ohio parlor
] [http://s1.shard.jp/olharder/autoroll-654.html links] [http://s1.shard.jp/bireba/symantec-antivirus.html crack of norton antivirus 2005 version
] [http://s1.shard.jp/losaul/planes-for-sale.html absolute recruitment australia
] [http://s1.shard.jp/galeach/new191.html acoustic aphasia
] [http://s1.shard.jp/frhorton/u4h18i4kg.html african lion hunting videos
] [http://s1.shard.jp/losaul/australian-cricket.html australian visa requirements
] [http://s1.shard.jp/galeach/new150.html anastasiaweb com
] [http://s1.shard.jp/losaul/the-lakes-golf.html phone england from australia
] [http://s1.shard.jp/galeach/new159.html asiago cheese fresco
] [http://s1.shard.jp/bireba/nortons-antivirus.html openantivirus
] [http://s1.shard.jp/olharder/amortization-of.html automotive dge tuner
] [http://s1.shard.jp/frhorton/iyc9ldho5.html african american art baby clip free
] [http://s1.shard.jp/galeach/new49.html quotes on euthanasia
] [http://s1.shard.jp/losaul/newcastle-australia.html australian retailers association nsw
] [http://s1.shard.jp/olharder/buy-and-sell-autos.html princess auto parts
] [http://s1.shard.jp/bireba/antivirus-personal.html antivirus free download software
] [http://s1.shard.jp/galeach/new156.html asian teen in thong] [http://s1.shard.jp/frhorton/c1k98s3rt.html south african google
] [http://s1.shard.jp/frhorton/lt8tyfnvp.html african american romantic poetry
] [http://s1.shard.jp/losaul/planting-guide.html larry williams australia
] [http://s1.shard.jp/olharder/anderson-autopsy.html automobile lemon check
] [http://s1.shard.jp/olharder/autoroll-654.html map] [http://s1.shard.jp/losaul/australia-posters.html team dream australia
] [http://s1.shard.jp/olharder/autoroll-654.html index] [http://s1.shard.jp/bireba/symantec-antivirus.html avg antivirus download free
] [http://s1.shard.jp/frhorton/77murrpay.html gate automation south africa
] [http://s1.shard.jp/olharder/autokillercom.html autopia disney
] [http://s1.shard.jp/bireba/crack-panda.html winantivirus pro 2005 download
] [http://s1.shard.jp/bireba/mcafee-free-antivirus.html windows 2000 server antivirus free
] [http://s1.shard.jp/galeach/new146.html asia dvds] [http://s1.shard.jp/galeach/new142.html south east asia earthquakes] [http://s1.shard.jp/galeach/new104.html asian lady beatle
] [http://s1.shard.jp/frhorton/8fsjs64q2.html ngo jobs in africa
] [http://s1.shard.jp/frhorton/9df15nbui.html map of german east africa
] [http://s1.shard.jp/losaul/seasonal-weather.html campsites australia
] [http://s1.shard.jp/losaul/import-vehicles.html merck sharpe dohme australia
] [http://s1.shard.jp/olharder/autoroll-654.html domain] [http://s1.shard.jp/olharder/autoroll-654.html http] [http://s1.shard.jp/olharder/download-autoroute.html reli-on automatic blood pressure monitor
] [http://s1.shard.jp/bireba/avg-antivirus-software.html etrust antivirus 7.1 retail
] [http://s1.shard.jp/bireba/antivirus-free-download.html rating antivirus software

Revision as of 07:50, 3 June 2009

This is a Vulnerability. To view all vulnerabilities, please see the Vulnerability Category page.

This article includes content generously donated to OWASP by Fortify.JPG.

Last revision (mm/dd/yy): 06/3/2009

Vulnerabilities Table of Contents


Failure to enable validation when parsing XML gives an attacker the opportunity to supply malicious input.

Most successful attacks begin with a violation of the programmer's assumptions. By accepting an XML document without validating it against a DTD or XML schema, the programmer leaves a door open for attackers to provide unexpected, unreasonable, or malicious input. It is not possible for an XML parser to validate all aspects of a document's content; a parser cannot understand the complete semantics of the data. However, a parser can do a complete and thorough job of checking the document's structure and therefore guarantee to the code that processes the document that the content is well-formed.

Risk Factors

  • Talk about the factors that make this vulnerability likely or unlikely to actually happen
  • Discuss the technical impact of a successful exploit of this vulnerability
  • Consider the likely [business impacts] of a successful attack


Short example name

A short example description, small picture, or sample code with links

Short example name

A short example description, small picture, or sample code with links

Related Attacks

Related Vulnerabilities

Related Controls

Related Technical Impacts


Note: A reference to related CWE or CAPEC article should be added when exists. Eg: