An adversary determines the input data stream that is being processed by an serialized data parser on the victim's side.
An adversary crafts input data that may have an adverse effect on the operation of the data parser when the data is parsed on the victim's system.
Weakness Name | |
---|---|
Missing XML Validation The product accepts XML from an untrusted source but does not validate the XML against the proper schema. |
|
Improper Input Validation The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly. |
|
Uncontrolled Recursion The product does not properly control the amount of recursion that takes place, consuming excessive resources, such as allocated memory or the program stack. |
|
Allocation of Resources Without Limits or Throttling The product allocates a reusable resource or group of resources on behalf of an actor without imposing any restrictions on the size or number of resources that can be allocated, in violation of the intended security policy for that actor. |
Name | Organization | Date | Date Release |
---|---|---|---|
CAPEC Content Team | The MITRE Corporation |
Name | Organization | Date | Comment |
---|---|---|---|
CAPEC Content Team | The MITRE Corporation | Updated Alternate_Terms, Description, Execution_Flow, Related_Attack_Patterns | |
CAPEC Content Team | The MITRE Corporation | Updated @Name, Description, Execution_Flow, Indicators, Mitigations, Prerequisites | |
CAPEC Content Team | The MITRE Corporation | Updated Description, Notes | |
CAPEC Content Team | The MITRE Corporation | Updated Related_Weaknesses | |
CAPEC Content Team | The MITRE Corporation | Updated Description, Extended_Description |