CAPEC-219: XML Routing Detour Attacks

Description

An attacker subverts an intermediate system used to process XML content and forces the intermediate to modify and/or re-route the processing of the content. XML Routing Detour Attacks are Adversary in the Middle type attacks (CAPEC-94). The attacker compromises or inserts an intermediate system in the processing of the XML message. For example, WS-Routing can be used to specify a series of nodes or intermediaries through which content is passed. If any of the intermediate nodes in this route are compromised by an attacker they could be used for a routing detour attack. From the compromised system the attacker is able to route the XML process to other nodes of their choice and modify the responses so that the normal chain of processing is unaware of the interception. This system can forward the message to an outside entity and hide the forwarding and processing from the legitimate processing systems by altering the header information.

Extended Description

By observing logs and error messages, the attacker can learn details about the configuration of the target application and might be able to cause the target to disclose sensitive information. In applications that return a stack trace along with the error, this can enumerate the chain of methods that led up to the point where the error was encountered. This can not only reveal the names of the methods (some of which may have known weaknesses) but possibly also the location of class files and libraries as well as parameter values. In some cases, the stack trace might even disclose sensitive configuration or user information.

Severity :

Medium

Possibility :

High

Type :

Standard

Relationships with other CAPECs

This table shows the other attack patterns and high level categories that are related to this attack pattern.

CAPEC-94: Adversary in the Middle (AiTM) Adversary in the Middle (AiTM)

Prerequisites

This table shows the other attack patterns and high level categories that are related to this attack pattern.

The targeted system must have multiple stages processing of XML content.

Skills required

This table shows the other attack patterns and high level categories that are related to this attack pattern.

Low To inject a bogus node in the XML routing table

Taxonomy mappings

Mappings to ATT&CK, OWASP and other frameworks.

WASC | Routing Detour WASC | XML Entity Expansion

Resources required

The attacker must be able to insert or compromise a system into the processing path for the transaction.

Related CWE

A Related Weakness relationship associates a weakness with this attack pattern. Each association implies a weakness that must exist for a given attack to be successful.

CWE-441: Unintended Proxy or Intermediary ('Confused Deputy')

CWE-610: Externally Controlled Reference to a Resource in Another Sphere

Visit http://capec.mitre.org/ for more details.