- Listen to our monthly AppSec Stats Flash podcast
- LEARN MORE
In SOAP Array Abuse, a service that expects an array can be the target of an XML DoS attack by forcing the SOAP server to build a huge array in the machine’s memory.
XML SOAP arrays are a common target for malicious abuse. SOAP arrays have one or more dimensions (rank) whose members are distinguished by ordinal position. An array value is represented as a series of elements reflecting the array, with members appearing in ascending ordinal sequence. For multidimensional arrays, the dimension on the right side varies most rapidly. Each member element is named as an independent element.
A web service that expects an array can be the target of SOAP Array Abuse, specifically an XML DoS attack that forces the SOAP server to build an enormous array in the machine's memory. This causes a DoS condition on the machine due to the extreme demands of memory pre-allocation.