Web.Service.SAX.Injection
| Release Date | Sep 15, 2009 |
| Severity | Medium |
| Impact | System compromise |
| Description | This indicates an attack attempt to exploit a SAX-injection vulnerability in Web Services which communicate through the use of SOAP requests.
The vulnerability is a result of the application's failure to properly sanitize user input before using it in web services. As a result, a remote attacker can send a crafted request to execute a function defined in the web service definition language (WSDL) file. |
| Affected Products | All web application environments are susceptible to SAX injection.� |
| Recommended Actions | The signature can be enabled to block this traffic. |
Reference: VID-17700
|