SOAP Alerts

The following alerts are raised by the SOAP add-on. {#id-90026}{#id-90029}{#id-90030}

Alert Reference Name Description Latest Code
90026 Action Spoofing SOAP requests contain some sort of operation that is later executed by the web application. This operation can be found in the first child element of the SOAP Body. However, if HTTP is used to transport the SOAP message the SOAP standard allows the use of an additional HTTP header element called SOAPAction. This header element contains the name of the executed operation. It is supposed to inform the receiving web service of what operation is contained in the SOAP Body, without having to do any XML parsing. This optimization can be used by an attacker to mount an attack, since certain web service frameworks determine the operation to be executed solely on the information contained in the SOAPAction header field.
90029 SOAP XML Injection During an “XML Injection” an attacker tries to add or manipulate various XML Tags in the SOAP message aiming to manipulate the XML structure. Usually a successful XML injection results in the execution of a restricted or unintended operation. Depending on the executed operation various security or business controls might be violated.
90030 WSDL File Detection This alert is raised when the passive scanner detects a WSDL file.

See also

SOAP for an overview of the SOAP support add-on.
SOAP Automation for information about the automation framework support.