Name Violating Implicit Assumptions Regarding XML Content (aka XML Denial of Service (XDoS))
Summary XML Denial of Service (XDoS) can be applied to any technology that utilizes XML data. This is, of course, most distributed systems technology including Java, .Net, databases, and so on. XDoS is most closely associated with web services, SOAP, and Rest, because remote service requesters can post malicious XML payloads to the service provider designed to exhaust the service provider's memory, CPU, and/or disk space. The main weakness in XDoS is that the service provider generally must inspect, parse, and validate the XML messages to determine routing, workflow, security considerations, and so on. It is exactly these inspection, parsing, and validation routines that XDoS targets. There are three primary attack vectors that XDoS can navigate Target CPU through recursion: attacker creates a recursive payload and sends to service provider Target memory through jumbo payloads: service provider uses DOM to parse XML. DOM creates in memory representation of XML document, but when document is very large (for example, north of 1 Gb) service provider host may exhaust memory trying to build memory objects. XML Ping of death: attack service provider with numerous small files that clog the system. All of the above attacks exploit the loosely coupled nature of web services, where the service provider has little to no control over the service requester and any messages the service requester sends.
Prerequisites Attacker must be able to send a malicious XML payload to host, such as SOAP or REST web service.
Solutions Design: Utilize a Security Pipeline Interface (SPI) to mediate communications between service requester and service provider The SPI should be designed to throttle up and down and handle a variety of payloads. Design: Utilize clustered and fail over techniques, leverage network transports to provide availability such as HTTP load balancers Implementation: Check size of XML message before parsing
Related Weaknesses
CWE ID Description
CWE-400 Uncontrolled Resource Consumption ('Resource Exhaustion')
CWE-674 Uncontrolled Recursion
CWE-770 Allocation of Resources Without Limits or Throttling
Back to Top