CAPEC-528 - XML Flood

An adversary may execute a flooding attack using XML messages with the intent to deny legitimate users access to a web service. These attacks are accomplished by sending a large number of XML based requests and letting the service attempt to parse each one.

Severity

Likelihood

Confidentiality

Integrity

Availability

This type of an attack requires the ability to generate a large amount of XML based messages to send to a target service.