[Date Prev]
| [Thread Prev]
| [Thread Next]
| [Date Next]
--
[Date Index]
| [Thread Index]
RE: [xml-dev] XML processor attacks
- From: Richard Salz <rsalz@us.ibm.com>
- To: "Shlomo Yona" <S.Yona@F5.com>
- Date: Wed, 31 Jan 2007 14:26:59 -0500
It's pretty easy to cause a denial of service with short messages such as
a million elements deep:
<x><x><x><x><x><x>....</x></x>
Or badly fragmented:
<x><y>.</y><y>.</y>....</x>
Maximum element, attribute or namespace prefix name
<xxx... xxx...='...' xmlns:xxx...='...'
Excessively long attribute or namespace values (the '...' above)
Excessive attributes or namespace declarations
<x a1='.' a2='.' a3='.' ...
Schema validation won't save you as long as there's an xs:any extension
point in the schema.
The key point here is that these attacks are asymmetric -- it's trivial to
generate these with print statements, but the recipient has to expend a
lot of horsepower.
/r$
--
STSM
Senior Security Architect
DataPower SOA Appliances
[Date Prev]
| [Thread Prev]
| [Thread Next]
| [Date Next]
--
[Date Index]
| [Thread Index]
