Attack surface: Key resolution, reference resolution
Attack impact: Denial of service
Exploit scenario: Complex XPath expressions can be costly to process. XPath Filters allow Union, Intersection and Subtraction operations on an XML node set using multiple XPath selections. Intended as a performance optimization, large filter sets specifying many complex XPath expressions can quickly consume many system resources.
Mitigation: Do not process KeyInfo, or keys identified by RetrievalMethod. Restrict the total number of transforms. Reject, via out-of-band schema or DTD validation, any Reference or RetrievalMethod specifying XPath or XPath Filter 2.0 transforms unless required. Identifying content by a whole document reference or by ID is preferable.
Applies to XML Encryption? Yes
Attack impact: Denial of service
Exploit scenario: Complex XPath expressions can be costly to process. XPath Filters allow Union, Intersection and Subtraction operations on an XML node set using multiple XPath selections. Intended as a performance optimization, large filter sets specifying many complex XPath expressions can quickly consume many system resources.
Mitigation: Do not process KeyInfo, or keys identified by RetrievalMethod. Restrict the total number of transforms. Reject, via out-of-band schema or DTD validation, any Reference or RetrievalMethod specifying XPath or XPath Filter 2.0 transforms unless required. Identifying content by a whole document reference or by ID is preferable.
Applies to XML Encryption? Yes
No comments:
Post a Comment