CWE-611

Improper Restriction of XML External Entity Reference

AI Translation Available

The product processes an XML document that can contain XML entities with URIs that resolve to documents outside of the intended sphere of control, causing the product to embed incorrect documents into its output.

Status

draft

Abstraction

base

Affected Platforms

Not Language-Specific XML Not Technology-Specific Web Based

Technical Details

AI Translation

Common Consequences

confidentiality integrity availability

Impacts

read application data read files or directories bypass protection mechanism dos: resource consumption (cpu) dos: resource consumption (memory)

Detection Methods

automated static analysis

Potential Mitigations

Phases:

implementation system configuration

Descriptions:

• Many XML parsers and validators can be configured to disable external entity expansion.

AI Generated Translation

Common Consequences

riservatezza integrità disponibilità

Impacts

leggere dati applicazione leggere file o directory elusione del meccanismo di protezione dos: consumo di risorse (cpu) dos: consumo di risorse (memoria)

Detection Methods

analisi statica automatizzata

Potential Mitigations

Phases:

implementazione configurazione sistema

Descriptions:

• Molti parser e validatori XML possono essere configurati per disabilitare l'espansione delle entità esterne.

CWE-611

Common Consequences

Impacts

Detection Methods

Potential Mitigations

Common Consequences

Impacts

Detection Methods

Potential Mitigations

Iscriviti alla newsletter