Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
CAPEC-229:Serialized Data Parameter Blowup
Attack Pattern ID:229
Version:v3.9
Attack Pattern Name:Serialized Data Parameter Blowup
Abstraction:Detailed
Status:Draft
Likelihood of Attack:High
Typical Severity:High
DetailsContent HistoryRelated WeaknessesReports
▼Description
This attack exploits certain serialized data parsers (e.g., XML, YAML, etc.) which manage data in an inefficient manner. The attacker crafts an serialized data file with multiple configuration parameters in the same dataset. In a vulnerable parser, this results in a denial of service condition where CPU resources are exhausted because of the parsing algorithm. The weakness being exploited is tied to parser implementation and not language specific.
▼Extended Description
▼Alternate Terms
▼Relationships
NatureTypeIDName
ChildOfS231Oversized Serialized Data Payloads
Nature: ChildOf
Type: Standard
ID: 231
Name: Oversized Serialized Data Payloads
▼Execution Flow
Explore
1.

Survey the target

Using a browser or an automated tool, an attacker records all instances of web services to process requests using serialized data.

Technique
Use an automated tool to record all instances of URLs to process requests from serialized data.
Use a browser to manually explore the website and analyze how the application processes requests using serialized data.
Exploit
1.

Launch a Blowup attack

The attacker crafts malicious messages that contain multiple configuration parameters in the same dataset.

Technique
Send the malicious crafted message containing the multiple configuration parameters to the target URL, causing a denial of service.
▼Prerequisites
The server accepts input in the form of serialized data and is using a parser with a runtime longer than O(n) for the insertion of a new configuration parameter in the data container.(examples are .NET framework 1.0 and 1.1)
▼Skills Required
▼Resources Required
▼Indicators
▼Consequences
ScopeLikelihoodImpactNote
▼Mitigations
This attack may be mitigated completely by using a parser that is not using a vulnerable container.
Mitigation may limit the number of configuration parameters per dataset.
▼Example Instances
▼Related Weaknesses
IDName
CWE-770Allocation of Resources Without Limits or Throttling
ID: CWE-770
Name: Allocation of Resources Without Limits or Throttling
▼Taxonomy Mappings
Taxonomy NameEntry IDEntry Name
WASC41XML Attribute Blowup
Taxonomy Name: WASC
Entry ID: 41
Entry Name: XML Attribute Blowup
▼Notes
▼References
Details not found