Documentation - V-222608

V-222608

Application Security and Development Security Technical Implementation Guide

CAT I

Title

The application must not be vulnerable to XML-oriented attacks.

Description

<VulnDiscussion>Extensible Markup Language (XML) is widely employed in web technology and applications like web services (SOAP, REST, and WSDL) and is also used for configuration files. XML vulnerability examples include XML injection, XML Spoofing, XML-based Denial of Service attacks and information disclosure attacks. When utilizing XML, web applications must take steps to ensure they are addressing XML-related security issues. This is accomplished by choosing well-designed application compon...

Fix Text (Documentation Requirement)

Design the application to utilize components that are not vulnerable to XML attacks. Patch the application components when vulnerabilities are discovered.

View Full STIG Details →

Documentation Status

Status

Documented Verified - link to a ship document Awaiting Review Evidence submitted, needs verification Pending Needs documentation Not Required Documentation not needed Not Applicable STIG doesn't apply

Notes (Optional)

Cancel