logo

CWE-776 - Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion')

CWE-776 Medium

  • Abstraction:
  • Base
  • Structure:
  • Simple
  • Status:
  • Draft
Weakness Name

Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion')

Description

The product uses XML documents and allows their structure to be defined with a Document Type Definition (DTD), but it does not properly control the number of recursive definitions of entities.

If the DTD contains a large number of nested or recursive entities, this can lead to explosive growth of data when parsed, causing a denial of service.

Common Consequences

Scope: Availability

Impact: DoS: Resource Consumption (Other)

Notes: If parsed, recursive entity references allow the attacker to expand data exponentially, quickly consuming all system resources.

Related Weaknesses
Related Alerts
  • Release Date:
  • 2009-07-27
  • Latest Modification Date:
  • 2023-06-29

Free security scan for your website