An adversary may execute a flooding attack using XML messages with the intent to deny legitimate users access to a web service. These attacks are accomplished by sending a large number of XML based requests and letting the service attempt to parse each one. In many cases this type of an attack will result in a XML Denial of Service (XDoS) due to an application becoming unstable, freezing, or crashing.
Description
Attack Execution Flow
3
1
Step 1
Explore[Survey the target] Using a browser or an automated tool, an attacker records all instance of web services to process XML requests.
Use an automated tool to record all instances of URLs to process XML requests.
Use a browser to manually explore the website and analyze how the application processes XML requests.
AI Translation
[Survey the target] Utilizzando un browser o uno strumento automatizzato, un attaccante registra tutte le istanze di servizi web per elaborare richieste XML.
Utilizza uno strumento automatizzato per registrare tutte le istanze di URL per elaborare richieste XML.
Utilizza un browser per esplorare manualmente il sito web e analizzare come l'applicazione elabora le richieste XML.
Attack Techniques
-
Use a browser to manually explore the website and analyze how the application processes XML requests.
-
Use an automated tool to record all instances of URLs to process XML requests.IT: Utilizza un browser per esplorare manualmente il sito web e analizzare come l'applicazione gestisce le richieste XML.
2
Step 2
ExperimentAn adversary crafts input data that may have an adverse effect on the operation of the web service when the XML data sent to the service.
AI Translation
Un avversario crea dati di input che potrebbero avere un effetto negativo sul funzionamento del servizio web quando i dati XML inviati al servizio.
3
Step 3
Exploit[Launch a resource depletion attack] The attacker delivers a large number of XML messages to the target URLs found in the explore phase at a sufficiently rapid rate. It causes denial of service to the target application.
Send a large number of crafted XML messages to the target URL.
AI Translation
[Lancia un attacco di esaurimento delle risorse] L'attaccante invia un gran numero di messaggi XML agli URL di destinazione trovati nella fase di esplorazione a una velocità sufficientemente elevata. Questo provoca un denial of service all'applicazione target.
Invia un gran numero di messaggi XML appositamente creati all'URL di destinazione.
Attack Techniques
-
Send a large number of crafted XML messages to the target URL.
Mitigations
2
Design: Build Throttling Mechanism Into The Resource Allocation. Provide For A Timeout Mechanism For Allocated Resources Whose Transaction Does Not Complete Within A Specified Interval.
Implementation: Provide For Network Flow Control And Traffic Shaping To Control Access To The Resources.
Consequences
Security Scopes Affected
Availability
Potential Impacts
Resource Consumption
Indicators
1
A large amount of data is passed to the XML parser possibly making it crash or otherwise unavailable to end users.
Relationships
Parent CAPECs
Child CAPECs
Related ATT&CK Techniques
2
T1498.001
Direct Network Flood
Adversaries may attempt to cause a denial of service (DoS) by directly sending a high-volume of network traffic to a …
T1499.002
Service Exhaustion Flood
Adversaries may target the different network services provided by systems to conduct a denial of service (DoS). Adversaries often target …