HawkScan Test Info for SOAP Action Spoofing

SOAP Action Spoofing


Plugin Id: 90026


To remediate the vulnerability of “SOAP Action Spoofing” and prevent unintended SOAP operations from being executed by the server, the following steps can be taken:

  1. Validate SOAP Action header: Implement strict validation of the SOAP Action header to ensure that only authorized SOAP operations are allowed. This can be done by comparing the received SOAP Action header value with a whitelist of allowed SOAP actions. Any SOAP Action header that does not match the whitelist should be rejected.

    Example configuration in Java using Apache CXF:

    // Define a whitelist of allowed SOAP actions
    List<String> allowedActions = Arrays.asList("GetUserInfo", "UpdateUser");
    // Validate SOAP Action header
    if (!allowedActions.contains(request.getSOAPAction())) {
        throw new SOAPFaultException("Invalid SOAP Action");
  2. Implement strong authentication and authorization: Ensure that only authenticated and authorized users are allowed to perform SOAP operations. This can be achieved by implementing a robust authentication mechanism, such as username/password authentication or token-based authentication, and enforcing proper authorization checks before executing any SOAP operation.

    Example configuration in ASP.NET Web API:

    // Apply authentication and authorization filters to SOAP operations
    public class UserController : ApiController
        public IHttpActionResult UpdateUser(User user)
            // Perform update operation
            // ...
  3. Regularly update and patch SOAP server: Keep the SOAP server software up to date with the latest security patches and updates. This helps to address any known vulnerabilities and ensures that the server is protected against potential exploits.


The vulnerability of “SOAP Action Spoofing” occurs when an unintended SOAP operation is executed by the server. This can happen when an attacker manipulates the SOAP Action header to trick the server into performing an unauthorized or unintended operation. By exploiting this vulnerability, an attacker may be able to gain unauthorized access to sensitive data, modify data, or perform other malicious actions on the server.


The risks associated with the vulnerability of “SOAP Action Spoofing” include:

  • Unauthorized access: Attackers can exploit this vulnerability to gain unauthorized access to sensitive data or functionality exposed by the SOAP server.
  • Data manipulation: By tricking the server into performing unintended SOAP operations, attackers can modify data stored on the server, potentially leading to data corruption or integrity issues.
  • Server compromise: If an attacker successfully exploits this vulnerability, they may be able to compromise the entire SOAP server, gaining control over its resources and potentially launching further attacks on other systems connected to the server.