DerScanner
Home / Vulnerability Database / Config files : XML schema insecure settings
Config files

Config files : XML schema insecure settings

Classification

OWASP Top 10 2013
A5-Security Misconfiguration
OWASP Top 10 2017
A6-Security Misconfiguration
OWASP Top 10 2021
A5-Security Misconfiguration
PCI DSS 4.0
6.2.4
CWE
CWE-1031

Overview

An unsafe XML schema setting maxOccurs="unbounded" is set. It can lead to a DOS attack.

Processing XML files requires significant resources. If an unlimited size of an XML file is allowed in the schema, an attacker can exploit it and submit an XML file with a large number of elements to the input of the application, which will cause a large amount of computation and may disrupt the normal work of the application.

References

  1. OWASP Top 10 2017-A6-Security Misconfiguration
  2. OWASP Top 10 2013-A5-Security Misconfiguration
  3. Reviewing Web Services
  4. CWE CATEGORY: OWASP Top Ten 2017 Category A5 - Broken Access Control
MEDIUM

DerScanner Severity Score

Do you want to fix Config files : XML schema insecure settings in your application?

See also

Config files

Config files : Text4Shell Vulnerability

Config files

Config files : Incorrect directory deletion

Config files

Config files : Code injection