| VID |
210159 |
| Severity |
40 |
| Port |
80, ... |
| Protocol |
TCP |
| Class |
CGI |
| Detailed Description |
Web server on the host system is vulnerable to XML Injection.
XML Injection is an attack technique used to manipulate or compromise the logic of an XML application or service. The injection of unintended XML content and/or structures into an XML message can alter the intend logic of the application. Further, XML injection can cause the insertion of malicious content into the resulting message/document.
* Platforms Affected:
Any HTTP server Any version
Any operating system Any version |
| Recommendation |
Take the following steps:
1. Make sure that the characters users can input is limited.
2. All characters except one that selected by developer should be filtered.
for instance, special characters should be modified as the following.
< -> %lt;
> -> >
" -> "
( -> (
) -> )
# -> #
& -> & |
| Related URL |
(CVE) |
| Related URL |
(SecurityFocus) |
| Related URL |
(ISS) |
|
