Standardlikelihood: Lowseverity: MediumDraft

CAPEC-528XML Flood

Abstraction
Standard
Status
Draft
Likelihood
Low
Severity
Medium

Description

An adversary may execute a flooding attack using XML messages with the intent to deny legitimate users access to a web service. These attacks are accomplished by sending a large number of XML based requests and letting the service attempt to parse each one. In many cases this type of an attack will result in a XML Denial of Service (XDoS) due to an application becoming unstable, freezing, or crashing.

Related weaknesses· 1

CWE-770

MITRE ATT&CK crosswalk· 2

T1499.002: Endpoint Denial of Service:Service Exhaustion FloodT1498.001: Network Denial of Service:Direct Network Flood

Related attack patterns· 1

CAPEC-125 (ChildOf)

Exploits1

TypeTargetConfidenceTier
WeaknessAllocation of Resources Without Limits or Throttlingcwe-770100%live

Related to2

TypeTargetConfidenceTier
SubTechniqueDirect Network Floodt1498.001100%live
SubTechniqueService Exhaustion Floodt1499.002100%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CAPEC
XML Ping of the Death
CAPEC
HTTP Flood
CAPEC
Flooding
CAPEC
SSL Flood
CAPEC
ICMP Flood
CAPEC
XML Injection
Sourced from MITRE CAPEC. Curated by Adam Lundqvist, SQUR.