CAPEC-256: SOAP Array Overflow
ID
CAPEC-256
Typical Severity
High
Status
Draft
An attacker sends a SOAP request with an array whose actual length exceeds the length indicated in the request. If the server processing the transmission naively trusts the specified size, then an attacker can intentionally understate the size of the array, possibly resulting in a buffer overflow if the server attempts to read the entire data set into the memory it allocated for a smaller array.
Weaknesses
# ID | Name | Type |
---|---|---|
CWE-805 | Buffer Access with Incorrect Length Value | weakness |
Taxonomiy Mapping
Type | # ID | Name |
---|---|---|
WASC | 35 | SOAP Array Abuse |