Home > CAPEC List > CAPEC-229: XML Attribute Blowup (Version 2.10)  

CAPEC-229: XML Attribute Blowup

 
XML Attribute Blowup
Definition in a New Window Definition in a New Window
Attack Pattern ID: 229
Abstraction: Detailed
Status: Draft
Completeness: Stub
Presentation Filter:
+ Summary

This attack exploits certain XML parsers which manage data in an inefficient manner. The attacker crafts an XML document with many attributes in the same XML node. In a vulnerable parser, this results in a denial of service condition where CPU resources are exhausted because of the parsing algorithm.

+ Attack Prerequisites
  • The server accepts XML input and is using a parser with a runtime longer than O(n) for the insertion of a new attribute in the data container.(examples are .NET framework 1.0 and 1.1)

+ Examples-Instances

Description

In this example, assume that the victim is running a vulnerable parser such as .NET framework 1.0. This results in a quadratic runtime of O(n^2).

<?xml version="1.0"?>
<foo
aaa=""
ZZZ=""
...
999=""
/>

A document with n attributes results in (n^2)/2 operations to be performed. If an operation takes 100 nanoseconds then a document with 100,000 operations would take 500s to process. In this fashion a small message of less than 1MB causes a denial of service condition on the CPU resources.

+ Solutions and Mitigations

This attack may be mitigated completely by using a parser that is not using a vulnerable container. Mitigation may also limit the number of attributes per XML element.

+ Content History
Submissions
SubmitterOrganizationDateSource
CAPEC Content TeamThe MITRE Corporation2014-06-23Internal_CAPEC_Team
More information is available — Please select a different filter.
Page Last Updated or Reviewed: May 01, 2017