Web Service Attacks By Category

This wiki aims at listing all web service specific attacks. It includes attacks that are:

• based on flaws in standards
• implementation specific weaknesses across all major platforms

Attacks that are implementation specific for certain versions of certain frameworks are not included in this wiki to date.

Attack categories

The web service specific attacks are not listed alphabetically. Instead 4 different categories were created that are used to list the web service specific attacks. In order to view the attacks just click on one of the four categories, depending on your point of view. Each categorisation contains the same attacks.

• Attack Categorisation by violated security objective
• Attack Categorisation by number of involved parties
• Attack Categorisation by attacked web service component
• Attack Categorisation by attack spreading

List of all attacks

Attacks primarily violating the security objective “Availability”

BPEL Instantiation Flooding

BPEL Indirect Flooding

BPEL State Deviation

• BPEL Correlation Invalidation

• BPEL State Invalidation

Coercive Parsing

Oversized XML DOS aka Oversized XML attack

• XML Extra Long Names aka XML MegaTags aka XML Jumbo Tag Names

• XML Namespace Prefix Attack

• XML Oversized Attribute Content

• XML Oversized Attribute Count

Reference Redirect

• Signature Redirect

• Encryption Redirect

Recursive Cryptography aka Oversized Cryptography aka Cryptography DOS aka XML Complexity Attack in Soap Header

• Chained Cryptographic Keys aka Public Key DOS

• Nested Encrypted Blocks

Soap Array Attack

SOAP Parameter DOS aka Parameter Tampering

WS-Addressing spoofing

• WS-Addressing spoofing - Generic

• WS-Addressing spoofing - BPEL Rollback

• WS-Addressing spoofing - Middleware Hijacking

XML Document Size Attack aka Oversize payload attack aka Jumbo payload Attack

• Oversized SOAP Header

• Oversized SOAP Body

• Oversized SOAP Envelope

XML Encryption - Transformation DOS

• XML Encryption - XSLT DOS

• XML Encryption - Xpath DOS

XML External Entity DOS

XML Entity Expansion

• XML Generic Entity Expansion

• XML Recursive Entity Expansion

• XML Remote Entity Expansion

• XML C14N Entity Expansion

XML Entity Reference Attack

XML Flooding

• Distributed XML Flooding

• Single XML Flooding

XML Signature - Key Retrieval DOS

XML Signature – Transformation DOS

• XML Signature - C14N DOS

• XML Signature - XSLT DOS

• XML Signature - Xpath DOS

Attacks primarily violating the security objective "Integrity"

Active WS-MITM

• Malicious Morphing aka Message Tampering aka Content Tampering aka Message Alternation aka Data Tampering aka Falsified Message

• Routing Detour

Metadata Spoofing aka Schema Poisoning

• WSDL Spoofing aka WSDL Parameter Tampering

• WS Security Policy Spoofing

XML Signature Wrapping aka XML Rewriting

• XML Signature Wrapping - Simple Context

• XML Signature Wrapping - Optional Element

• XML Signature Wrapping - Optional Element in Security Header

• XML Signature Wrapping - with Namespace Injection

XML Signature Exclusion

Attacks primarily violating the security objective “Confidentiality”

Passive WS-MITM aka Message Sniffing aka Message Snopping

WSDL Disclosure

• WSDL Enumeration aka WSDL Scanning

• WSDL Google Hacking

Adaptive Chosen-Ciphertext Attacks

• Adaptive Chosen-Ciphertext Attack on Cipher Block Chaining Mode of Operation

• Adaptive Chosen-Ciphertext Attack on RSA PKCS1 v1.5

Backwards Compatibility Attacks

Attacks primarily violating the security objective “Access Control”

Replay Attack

SOAPAction Spoofing

• SOAPAction Spoofing - MITM Attack

• SOAPAction Spoofing - Bypass Attack

Other attacks

Attack Obfuscation

XML Injection

XML Signature - Key Retrieval XSA (Cross Site Attack)

XML Signature – XSLT Code Execution

Xpath Injection