CAPEC-CAPEC-271 - CERT CVE
Naziv

Schema Poisoning

Sažetak An adversary corrupts or modifies the content of a schema for the purpose of undermining the security of the target. Schemas provide the structure and content definitions for resources used by an application. By replacing or modifying a schema, the adversary can affect how the application handles or interprets a resource, often leading to possible denial of service, entering into an unexpected state, or recording incomplete data.
Preduvjeti Some level of access to modify the target schema.|The schema used by the target application must be improperly secured against unauthorized modification and manipulation.
Rješenja ['Design: Protect the schema against unauthorized modification.', 'Implementation: For applications that use a known schema, use a local copy or a known good repository instead of the schema reference supplied in the schema document.', 'Implementation: For applications that leverage remote schemas, use the HTTPS protocol to prevent modification of traffic in transit and to avoid unauthorized modification.']