External Entity Attack
|Attack Pattern ID: 201 (Standard Attack Pattern Completeness: Stub)||Typical Severity: Medium||Status: Draft|
An attacker creates an XML document that with an external entity reference. External entity references can take the form of <!ENTITY name system "uri"> tags in a DTD. Because processors may not validate documents with external entities, there may be no checks on the nature of the reference in the external entity. This can allow an attacker to open arbitrary files or connections. For example, the following DTD would attempt to open the /dev/tty device:
The target must follow external entity references without validating the validity of the reference target.
The attacker must be able to trick the target into loading an XML document with crafted external entity reference.
Configure the XML processor to only retrieve external entities from trusted sources.
|Vulnerability ID||Relationship Description|
The XML parsing code in Sun Java Runtime Environment JDK and JRE 6 Update 3 and earlier processes external entity references even when the "external general entities" property is false, which allows remote attackers to conduct XML external entity (XXE) attacks and cause a denial of service or access restricted resources.
|Nature||Type||ID||Name||Description||View(s) this relationship pertains to|
|ChildOf||Category||278||Web Services Protocol Manipulation|
Mechanism of Attack (primary)1000