OWASP Periodic Table of Vulnerabilities - Routing Detour

Return to Periodic Table Working View

Root Cause Summary
This is a man in the middle type of attack, where (XML) content processors can be injected to route sensitive information to an attacker-controlled outside location. The attacker can modify the contents of the package and send it back to the original processor, unaware of the modifications.

Browser / Standards Solution
None

Perimeter Solution
None

Generic Framework Solution
Provide configuration-based whitelist for WS Routing destinations.

Custom Framework Solution
None

Custom Code Solution
None

Discussion / Controversy
None