[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: XML content attacks
We have seen in the past some analysis reporting of
potential XML content attacks on ebMS2 (like on any other schema-defined
protocol that contains extensibility points). This is about preventing tampering that focuses on the parsing
phase, before even the signature check kicks-in: a tampered but schema-valid
header could still do harm in terms of parsing resources even if not passing
security. My current assessment on this: (a) at this time
we do not have any extensibility point in the schema - I believe. We do
have an extensibility structure like MessageProperties, but it is well
constrained schema-wise. (b) We do have
unbounded sequences, though we could limit them arbitrarily (inconvenient) Of course, the payload is another vulnerability point. Some advanced
data validation checks (ADV) can be used. In order to support such techniques, some meta data could be
added, e.g. in a CPA extension (most obvious example would be a max size on
payload parts) Not affecting the header so far, that could remain out of our
immediate concern. Regarding a direct impact on the schema, we still need to
take a stance on (a) and (b) above. Jacques |
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]