Detailedseverity: MediumDraft

CAPEC-228DTD Injection

Abstraction
Detailed
Status
Draft
Severity
Medium

Description

An attacker injects malicious content into an application's DTD in an attempt to produce a negative technical impact. DTDs are used to describe how XML documents are processed. Certain malformed DTDs (for example, those with excessive entity expansion as described in CAPEC 197) can cause the XML parsers that process the DTDs to consume excessive resources resulting in resource depletion.

Related weaknesses· 1

CWE-829

Related attack patterns· 3

CAPEC-250 (ChildOf)CAPEC-197 (CanPrecede)CAPEC-491 (CanPrecede)

Exploits1

TypeTargetConfidenceTier
WeaknessInclusion of Functionality from Untrusted Control Spherecwe-829100%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CAPEC
XML Injection
CAPEC
DEPRECATED: DTD Injection in a SOAP Message
CAPEC
Data Serialization External Entities Blowup
CAPEC
XML Schema Poisoning
CAPEC
XML Flood
CAPEC
Resource Injection
Sourced from MITRE CAPEC. Curated by Adam Lundqvist, SQUR.