SOAP Action Spoofing
- Risk:
High
- Type:
- Active
- Summary
- An unintended SOAP operation was executed by the server.
- Solution
- If not required, the SOAPAction attribute should be disabled. If needed, the operation within the SOAPAction and the SOAP body should always be compared before executing any operation. Any mismatch should be regarded as an attack.
- Other info
- An unintended SOAP operation was executed by the server.