Dark Mode

Settings

Capec-493 Detail

SOAP Array Blowup

Standard Software

Parents: 130

Threats: T61 T64 T74 T77 T269 T282 T289 T374 T401

Description

An adversary may execute an attack on a web service that uses SOAP messages in communication. By sending a very large SOAP array declaration to the web service, the attacker forces the web service to allocate space for the array elements before they are parsed by the XML parser. The attacker message is typically small in size containing a large array declaration of say 1,000,000 elements and a couple of array elements. This attack targets exhaustion of the memory resources of the web service.

Not present

External ID Source Link Description
CAPEC-493 capec https://capec.mitre.org/data/definitions/493.html
CWE-770 cwe http://cwe.mitre.org/data/definitions/770.html
REF-422 reference_from_CAPEC http://www.ws-attacks.org/index.php/Soap_Array_Attack SOAP Array Attack

Not present

  1. This type of an attack requires the attacker to know the endpoint of the web service, and be able to reach the endpoint with a malicious SOAP message.

Not present

Not present

Not present

Not present

We use cookies to ensure you get the best experience on our website.