Home > CAPEC List > CAPEC-146: XML Schema Poisoning (Version 2.11)  

CAPEC-146: XML Schema Poisoning

 
XML Schema Poisoning
Definition in a New Window Definition in a New Window
Attack Pattern ID: 146
Abstraction: Detailed
Status: Draft
Completeness: Stub
Presentation Filter:
+ Summary

An attacker corrupts or modifies the content of XML schema information passed between a client and server for the purpose of undermining the security of the target. XML Schemas provide the structure and content definitions for XML documents. Schema poisoning is the ability to manipulate a schema either by replacing or modifying it to compromise the programs that process documents that use this schema. Possible attacks are denial of service attacks by modifying the schema so that it does not contain required information for subsequent processing. For example, the unaltered schema may require a @name attribute in all submitted documents. If the attacker removes this attribute from the schema then documents created using the new grammar may lack this field, which may cause the processing application to enter an unexpected state or record incomplete data. In addition, manipulation of the data types described in the schema may affect the results of calculations taken by the document reader. For example, a float field could be changed to an int field. Finally, the attacker may change the encoding defined in the schema for certain fields allowing the contents to bypass filters that scan for dangerous strings. For example, the modified schema might us a URL encoding instead of ASCII, and a filter that catches a semicolon (;) might fail to detect its URL encoding (%3B).

+ Attack Prerequisites
  • The schema used by the target application must be improperly secured against unauthorized modification and manipulation.

+ Typical Severity

High

+ Resources Required

Access to the schema and the knowledge and ability modify it. Ability to replace or redirect access to the modified schema.

+ Solutions and Mitigations

Design: Protect the schema against unauthorized modification.

Implementation: For applications that use a known schema, use a local copy or a known good repository instead of the schema reference supplied in the XML document.

+ Content History
Submissions
SubmitterOrganizationDateSource
CAPEC Content TeamThe MITRE Corporation2014-06-23Internal_CAPEC_Team
Modifications
ModifierOrganizationDateCommentsSource
CAPEC Content TeamThe MITRE Corporation2017-01-09Updated Description SummaryInternal

More information is available — Please select a different filter.
Page Last Updated or Reviewed: July 31, 2017