Detailedlikelihood: Lowseverity: MediumDraft

CAPEC-147XML Ping of the Death

Abstraction
Detailed
Status
Draft
Likelihood
Low
Severity
Medium

Description

An attacker initiates a resource depletion attack where a large number of small XML messages are delivered at a sufficiently rapid rate to cause a denial of service or crash of the target. Transactions such as repetitive SOAP transactions can deplete resources faster than a simple flooding attack because of the additional resources used by the SOAP protocol and the resources necessary to process SOAP messages. The transactions used are immaterial as long as they cause resource utilization on the target. In other words, this is a normal flooding attack augmented by using messages that will require extra processing on the target.

Related weaknesses· 2

CWE-400CWE-770

Related attack patterns· 1

CAPEC-528 (ChildOf)

Exploits2

TypeTargetConfidenceTier
WeaknessAllocation of Resources Without Limits or Throttlingcwe-770100%live
WeaknessUncontrolled Resource Consumptioncwe-400100%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CAPEC
XML Flood
CAPEC
DEPRECATED: Violating Implicit Assumptions Regarding XML Content (aka XML Denial of Service (XDoS))
CAPEC
SOAP Array Blowup
CAPEC
ICMP Flood
CAPEC
Flooding
CAPEC
XML Schema Poisoning
Sourced from MITRE CAPEC. Curated by Adam Lundqvist, SQUR.