BaseDraft

CWE-776Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion')

Category: other

Description

The product uses XML documents and allows their structure to be defined with a Document Type Definition (DTD), but it does not properly control the number of recursive definitions of entities. If the DTD contains a large number of nested or recursive entities, this can lead to explosive growth of data when parsed, causing a denial of service.

Common consequences· 1

  • Availability — DoS: Resource Consumption (Other)
    If parsed, recursive entity references allow the attacker to expand data exponentially, quickly consuming all system resources.

Potential mitigations· 2

  • [Operation]If possible, prohibit the use of DTDs or use an XML parser that limits the expansion of recursive DTD entities.
  • [Implementation]Before parsing XML files with associated DTDs, scan for recursive entity declarations and do not continue parsing potentially explosive content.

Related CAPEC attack patterns· 1

CAPEC-197

References

  1. https://cwe.mitre.org/data/definitions/776.html

Exploits (incoming)1

TypeTargetConfidenceTier
AttackPatternExponential Data Expansioncapec-197100%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CWE
Improper Restriction of XML External Entity Reference
CWE
Improper Control of Document Type Definition
CWE
Improper Neutralization of Data within XPath Expressions ('XPath Injection')
CWE
Improper Neutralization of Data within XQuery Expressions ('XQuery Injection')
CWE
Improper Handling of Invalid Use of Special Elements
CWE
XML Injection (aka Blind XPath Injection)
Sourced from MITRE CWE 4.20. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.