Statements (119)
| Predicate | Object |
|---|---|
| gptkbp:instance_of |
gptkb:Common_Weakness_Enumeration
|
| gptkbp:bfsLayer |
6
|
| gptkbp:bfsParent |
gptkb:CWE-200
gptkb:CWE-23 |
| gptkbp:category |
Input Validation and Representation
|
| gptkbp:consequences |
Data loss
Data corruption Denial of service Information disclosure |
| gptkbp:difficulty |
gptkb:High
|
| gptkbp:discovered_by |
Penetration testing
Static analysis Dynamic analysis Manual code review |
| gptkbp:enemy |
gptkb:television_channel
|
| gptkbp:example |
An attacker can send a specially crafted XML document to a vulnerable application.
|
| gptkbp:game_components |
Web applications
XML parsers AP Is |
| gptkbp:has_weakness |
gptkb:CWE-74
gptkb:CWE-20 CWE-XML Injection |
| https://www.w3.org/2000/01/rdf-schema#label |
CWE-611
|
| gptkbp:impact |
Data exposure
|
| gptkbp:is_described_as |
A weakness that allows an attacker to interfere with the processing of XML data.
|
| gptkbp:is_protected_by |
Use a safe XML parser.
|
| gptkbp:is_referenced_in |
OWASPXML External Entity (XXE) Prevention Cheat Sheet
|
| gptkbp:is_vulnerable_to |
gptkb:High
|
| gptkbp:name |
XML External Entity (XXE) Injection
|
| gptkbp:related_to |
gptkb:CWE-22
gptkb:CWE-601 gptkb:CWE-703 gptkb:CWE-327 gptkb:CWE-611 gptkb:CWE-918 gptkb:CWE-125 CWE-915 CWE-917 CWE-919 CWE-920 CWE-921 CWE-922 CWE-923 CWE-924 CWE-925 CWE-926 CWE-927 CWE-928 CWE-929 CWE-930 CWE-931 CWE-932 CWE-933 CWE-934 CWE-935 CWE-936 CWE-937 CWE-938 CWE-939 CWE-940 CWE-941 CWE-942 CWE-943 CWE-944 CWE-945 CWE-946 CWE-947 CWE-948 CWE-949 CWE-950 CWE-951 CWE-952 CWE-953 CWE-954 CWE-955 CWE-956 CWE-957 CWE-958 CWE-959 CWE-960 CWE-961 CWE-962 CWE-963 CWE-964 CWE-965 CWE-966 CWE-967 CWE-968 CWE-969 CWE-970 CWE-971 CWE-972 CWE-973 CWE-974 CWE-975 CWE-976 CWE-977 CWE-978 CWE-979 CWE-980 CWE-981 CWE-982 CWE-983 CWE-984 CWE-985 CWE-986 CWE-987 CWE-988 CWE-989 CWE-990 CWE-991 CWE-992 CWE-993 CWE-994 CWE-995 CWE-996 CWE-997 CWE-998 CWE-999 |