AVDL XML Schema. From the source, referenced in the 19-May-2003 posting from Kevin Heineman.
Date: 19-May-2003.
<-- The purpose of this schema is to document a standard XML format to describe web application security vulnerabilities. Comments and suggestions should be sent to the OASIS AVDL Technical Committee at AVDL@lists.oasis-open.org or emailed directly to spilabs@spidynamics.com. 2003 All rights reserved. -->
<?xml version = "1.0" ?> <xs:schema xmlns:xs = "http://www.w3.org/2001/XMLSchema"> <xs:element name = "VulnerableSessions" > <xs:complexType> <xs:sequence> <xs:element name = "Session" type = "SessionDetailsType" minOccurs = 0 maxOccurs = "unbounded" /> </xs:sequence> </xs:complexType> </element> <xs:complexType name = "SessionDetailsType" > <xs:sequence> <xs:element name = "URL" type = "xs:string" /> <xs:element name = "Scheme" type = "xs:string" /> <xs:element name = "Host" type = "xs:string" /> <xs:element name = "Port" type = "xs:unsignedLong" /> <xs:element name = "HTTPRequest" type = "HTTPRequestType" /> <xs:element name = "HTTPResponse" type = "HTTPResponseType" /> <xs:element name = "VulnerabilityList" type = "VulnerabilityListType" /> </xs:sequence> </xs:complexType> <xs:complexType name = "HTTPRequestType" > <xs:sequence> <xs:element name = "Method" type = "xs:string" /> <xs:element name = "Path" type = "xs:string" /> <xs:element name = "File" type = "xs:string" /> <xs:element name = "Ext" type = "xs:string" /> <xs:element name = "PageMark" type = "xs:string" /> <xs:element name = "HTTPVersion" type = "xs:string" /> <xs:element name = "Headers" type = "HeaderListType" /> <xs:element name = "FullCookie" type = "xs:string" /> <xs:element name = "Cookies" type = "CookieListType" /> <xs:element name = "FullQuery" type = "xs:string" /> <xs:element name = "Queries" type = "QueryListType" /> <xs:element name = "FullPostData" type = "xs:string" /> <xs:element name = "PostDataItems" type = "PostDataListType" /> <xs:element name = "XMLPostData" type = "xs:string" /> </xs:sequence> </xs:complexType> <xs:complexType name = "HTTPResponseType" > <xs:sequence> <xs:element name = "HTTPVersion" type = "xs:string" /> <xs:element name = "StatusCode" type = "xs:string" /> <xs:element name = "StatusDescription" type = "xs:string" /> <xs:element name = "Headers" type = "HeaderListType" /> <xs:element name = "FullSetCookie" type = "xs:string" /> <xs:element name = "SetCookies" type = "CookieListType" /> <xs:element name = "ResponseBody" type = "xs:string" /> </xs:sequence> </xs:complexType> <xs:complexType name = "VulnerabilityListType" > <xs:sequence> <xs:element name = "Vulnerability" type = "VulnerabilityDetailType" minOccurs = 0 maxOccurs = "unbounded" /> </xs:sequence> </xs:complexType> <xs:complexType name = "HeaderListType" > <sequence> <xs:element name = "Header" type = "NameValuePairType" minOccurs = "0" maxOccurs = "unbounded" /> </sequence> </xs:complexType> <xs:complexType name = "CookieListType" > <sequence> <xs:element name = "Cookie" type = "xs:string" minOccurs = "0" maxOccurs = "unbounded" /> </sequence> </xs:complexType> <xs:complexType name = "QueryListType" > <sequence> <xs:element name = "Query" type = "NameValuePairType" minOccurs = "0" maxOccurs = "unbounded" /> </sequence> </xs:complexType> <xs:complexType name = "PostDataListType" > <sequence> <xs:element name = "Header" type = "NameValuePairType" minOccurs = "0" maxOccurs = "unbounded" /> </sequence> </xs:complexType> <xs:complexType name = "NameValuePairType" > <xs:sequence> <element name = "Name" type = "xs:string /> <element name = "Value" type = "xs:string /> </xs:sequence> </xs:complexType> <xs:complexType name = "VulnerabilityDetailType" > <xs:sequence> <xs:element name = "Name" type = "xs:string" /> <xs:element name = "Type" type = "xs:string" /> <xs:element name = "Methodology" type = "xs:string" /> <xs:element name = "VulnerabilityID" type = "xs:unsignedLong" /> <xs:element name = "Severity" type = "xs:integer" /> <xs:element name = "AttackHTTPRequest" type = "HTTPRequestType" /> <xs:element name = "Summary" type = "xs:string" /> <xs:element name = "Execution" type = "xs:string" /> <xs:element name = "Implication" type = "xs:string" /> <xs:element name = "Solution" type = "xs:string" /> <xs:element name = "References" type = "xs:string" /> </xs:sequence> </xs:complexType> </xs:schema>