| Name |
Schema Poisoning |
|
| Likelyhood of attack |
Typical severity |
| Low |
High |
|
| Summary |
An adversary corrupts or modifies the content of a schema for the purpose of undermining the security of the target. Schemas provide the structure and content definitions for resources used by an application. By replacing or modifying a schema, the adversary can affect how the application handles or interprets a resource, often leading to possible denial of service, entering into an unexpected state, or recording incomplete data. |
| Prerequisites |
Some level of access to modify the target schema. The schema used by the target application must be improperly secured against unauthorized modification and manipulation. |
| Solutions | Design: Protect the schema against unauthorized modification. Implementation: For applications that use a known schema, use a local copy or a known good repository instead of the schema reference supplied in the schema document. Implementation: For applications that leverage remote schemas, use the HTTPS protocol to prevent modification of traffic in transit and to avoid unauthorized modification. |
| Related Weaknesses |
|
CWE ID
|
Description
|
| CWE-15 |
External Control of System or Configuration Setting |
|
| Related CAPECS |
|
CAPEC ID
|
Description
|
| CAPEC-176 |
An attacker manipulates files or settings external to a target application which affect the behavior of that application. For example, many applications use external configuration files and libraries - modification of these entities or otherwise affecting the application's ability to use them would constitute a configuration/environment manipulation attack. |
|