XML attribute blowup is a denial of service attack against XML parsers. The attack provides a malicious XML document with many attributes in a single node. Vulnerable XML parsers process these attributes inefficiently, consuming excessive CPU and resulting in a denial of service through resource exhaustion. To prevent this, perimeter technologies should validate incoming XML and enforce limits on the number of attributes per element.
2. XML
XML stand for eXtensible Markup Language
XML is mark up language like HTML
XML was design to store and transport data
XML tags are not predefined, you have to define you own tags
XML design is self descriptive
XML is W3C recommendation
5. XML attribute
XML elements can have attributes, just like HTML.
Attributes are designed to contain data related to a specific element.
Attributed must be quoted with ‘ ’ or “ ”
Example:
<person gender=“Male”>
6. XML Attribute Blowup
XML Attribute Blowup is a denial of service attack against XML parsers
The attacker provides a malicious XML documents, which vulnerable XML
parsers process in a very inefficient manner, leading to excessive CPU load.
The essence of the attack is to include many attributes in the same XML node.
Vulnerable XML parsers manage the attributes in an inefficient manner,
resulting in a non-linear overall run time, leading to a denial of service
condition via CPU exhaustion.
7. XML Attribute Blow Up
Example:
<?xml version=“1.0”?>
<foo
A1=“”
A2=“”
..
..
A1000=“”
/>
8. Perimeter Solution
Perimeter technologies should perform strict schema validation against all
incoming XML documents.
The validation process should enforce the following configurable limits on XML
object definition :
The maximum array size
The maximum number of elements
The maximum number of attributes per element
The maximum size of entity definition
The maximum number of references to entity definitions