SOAP Action Spoofing

Risk:
High

Type:
Active

Summary: An unintended SOAP operation was executed by the server.

Solution: If not required, the SOAPAction attribute should be disabled. If needed, the operation within the SOAPAction and the SOAP body should always be compared before executing any operation. Any mismatch should be regarded as an attack.

Other info: An unintended SOAP operation was executed by the server.

References: https://www.nds.ruhr-uni-bochum.de/media/nds/veroeffentlichungen/2012/07/11/camera-ready.pdf

Free security scan for your website

Don't show website scan report rating on the leaderboard