Missing XML Validation
Description The software accepts XML from an untrusted source but does not validate the XML against the proper schema. Extended DescriptionMost successful attacks begin with a violation of the programmer's assumptions. By accepting an XML document without validating it against a DTD or XML schema, the programmer leaves a door open for attackers to provide unexpected, unreasonable, or malicious input. Applicable PlatformsLanguage Class: All Time Of Introduction
Related Attack Patterns Common Consequences
Detection MethodsNone Potential Mitigations
Relationships
Demonstrative Examples (Details)
White Box Definitions None Black Box Definitions None Taxynomy Mappings
References:None |