CWE-611 (Improper Restriction of XML External Entity Reference)
GPTKB entity
Statements (22)
| Predicate | Object |
|---|---|
| gptkbp:instanceOf |
gptkb:Common_Weakness_Enumeration
|
| gptkbp:affects |
Web Applications
XML Parsers |
| gptkbp:alsoKnownAs |
XXE
|
| gptkbp:category |
Software Weakness
|
| gptkbp:cause |
gptkb:Denial_of_Service
gptkb:Server_Side_Request_Forgery Remote Code Execution Information Disclosure |
| gptkbp:citation |
https://cwe.mitre.org/data/definitions/611.html
|
| gptkbp:describes |
The software processes an XML document that can contain XML entities with URIs that resolve to external resources, without properly restricting the entities.
|
| gptkbp:example |
Parsing untrusted XML with external entity references enabled
|
| https://www.w3.org/2000/01/rdf-schema#label |
CWE-611 (Improper Restriction of XML External Entity Reference)
|
| gptkbp:name |
Improper Restriction of XML External Entity Reference
|
| gptkbp:prevention |
Disable external entity processing in XML parsers
Use less complex data formats Validate and sanitize XML input |
| gptkbp:relatedTo |
CVE vulnerabilities
OWASP Top 10 A4:2017 (XML External Entities) |
| gptkbp:vulnerableTo |
gptkb:CWE-611
|
| gptkbp:bfsParent |
gptkb:Common_Weakness_Enumeration_(CWE)
|
| gptkbp:bfsLayer |
7
|