CAPEC-82 - Violating Implicit Assumptions Regarding XML Content (aka XML Denial of Service (XDoS))

XML Denial of Service (XDoS) can be applied to any technology that utilizes XML data. This is, of course, most distributed systems technology including Java, .Net, databases, and so on. XDoS is most closely associated with web services, SOAP, and Rest, because remote service requesters can post malicious XML payloads to the service provider designed to exhaust the service provider's memory, CPU, and/or disk space. The main weakness in XDoS is that the service provider generally must inspect, parse, and validate the XML messages to determine routing, workflow, security considerations, and so on. It is exactly these inspection, parsing, and validation routines that XDoS targets.

There are three primary attack vectors that XDoS can navigate

All of the above attacks exploit the loosely coupled nature of web services, where the service provider has little to no control over the service requester and any messages the service requester sends.

Severity

Likelihood

Confidentiality

Integrity

Availability

  • Attack Methods 1
  • Injection
  • Purposes 1
  • Exploitation
  • Scopes 1
  • DoS: resource consumption (memory)
  • Availability

Low level: Crafting malicious XML content and injecting it through standard interfaces

Attacker must be able to send a malicious XML payload to host, such as SOAP or REST web service.

Design: Utilize a Security Pipeline Interface (SPI) to mediate communications between service requester and service provider The SPI should be designed to throttle up and down and handle a variety of payloads.

Design: Utilize clustered and fail over techniques, leverage network transports to provide availability such as HTTP load balancers

Implementation: Check size of XML message before parsing