Abstract:
Setting a maxOccurs value to unbounded can lead to resources exhaustion and ultimately a denial of service.
Explanation:
Processing XML documents can be computationally expensive. Attackers may take advantage of schemas that allow unbounded elements by supplying an application with a very large number elements causing the application to exhaust system resources.
The following is an example of a schema that allows unbounded bar elements.
<xs:schema xmlns:xs="http://www.w3.org/2001/XMLSchema" >
<xs:element name="foo" >
<xs:complexType>
<xs:sequence>
<xs:element name="bar" maxOccurs="unbounded" />
</xs:sequence>
</xs:complexType>
</xs:element>
</xs:schema>
Recommendations:
Limit maxOccurs to a reasonable number.
The following is an example of a schema that allows 50 bar elements.
<xs:schema xmlns:xs="http://www.w3.org/2001/XMLSchema" >
<xs:element name="foo" >
<xs:complexType>
<xs:sequence>
<xs:element name="bar" maxOccurs="50" />
</xs:sequence>
</xs:complexType>
</xs:element>
</xs:schema>
0 comments:
Post a Comment