CWE-611 (Improper Restriction of XML External Entity Reference)

GPTKB entity

Statements (22)
Predicate Object
gptkbp:instanceOf gptkb:Common_Weakness_Enumeration
gptkbp:affects Web Applications
XML Parsers
gptkbp:alsoKnownAs XXE
gptkbp:category Software Weakness
gptkbp:cause gptkb:Denial_of_Service
gptkb:Server_Side_Request_Forgery
Remote Code Execution
Information Disclosure
gptkbp:citation https://cwe.mitre.org/data/definitions/611.html
gptkbp:describes The software processes an XML document that can contain XML entities with URIs that resolve to external resources, without properly restricting the entities.
gptkbp:example Parsing untrusted XML with external entity references enabled
https://www.w3.org/2000/01/rdf-schema#label CWE-611 (Improper Restriction of XML External Entity Reference)
gptkbp:name Improper Restriction of XML External Entity Reference
gptkbp:prevention Disable external entity processing in XML parsers
Use less complex data formats
Validate and sanitize XML input
gptkbp:relatedTo CVE vulnerabilities
OWASP Top 10 A4:2017 (XML External Entities)
gptkbp:vulnerableTo gptkb:CWE-611
gptkbp:bfsParent gptkb:Common_Weakness_Enumeration_(CWE)
gptkbp:bfsLayer 7