CWE-776 - Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion')
CWE-776 Medium
- Abstraction:
- Base
- Structure:
- Simple
- Status:
- Draft
- Weakness Name
Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion')
- Description
The product uses XML documents and allows their structure to be defined with a Document Type Definition (DTD), but it does not properly control the number of recursive definitions of entities.
If the DTD contains a large number of nested or recursive entities, this can lead to explosive growth of data when parsed, causing a denial of service.
- Common Consequences
Scope: Availability
Impact: DoS: Resource Consumption (Other)
Notes: If parsed, recursive entity references allow the attacker to expand data exponentially, quickly consuming all system resources.
- Related Weaknesses
- Related Alerts
- Release Date:
- 2009-07-27
- Latest Modification Date:
- 2023-06-29
Free security scan for your website