Information Exposure Through XML External Entity Reference
Description The product processes an XML document that can contain XML entities with URLs that resolve to documents outside of the intended sphere of control, causing the product to embed incorrect documents into its output. Extended DescriptionXML documents optionally contain a Document Type Definition (DTD), which, among other features, enables the definition of "XML entities". It is possible to define an entity locally by providing a substitution string in the form of a URL whose content is substituted for the XML entity when the DTD is processed. The attack can be launched by defining an XML entity whose content is a file URL (which, when processed by the receiving end, is mapped into a file on the server), that is embedded in the XML document, and thus, is fed to the processing application. This application may echo back the data (e.g. in an error message), thereby exposing the file contents. Applicable PlatformsNone Time Of Introduction
Common Consequences
Detection MethodsNone Potential MitigationsNone Relationships
Demonstrative ExamplesNone Observed Examples
White Box Definitions None Black Box Definitions None Taxynomy Mappings
References:None |