CWE-776
Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion')
Description
The product uses XML documents and allows their structure to be defined with a Document Type Definition (DTD), but it does not properly control the number of recursive definitions of entities.
Hierarchy (View 1000)
Related attack patterns (CAPEC)
CAPEC-197
CVEs mapped to this weakness (58)
page 3 of 3| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2021-32623 | 0.00 | — | 0.01 | Jun 15, 2021 | Opencast is a free and open source solution for automated video capture and distribution. Versions of Opencast prior to 9.6 are vulnerable to the billion laughs attack, which allows an attacker to easily execute a (seemingly permanent) denial of service attack, essentially… | |||
| CVE-2021-23926 | 0.00 | — | 0.06 | Jan 14, 2021 | The XML parsers used by XMLBeans up to version 2.6.0 did not set the properties needed to protect the user from malicious XML input. Vulnerabilities include possibilities for XML Entity Expansion attacks. Affects XMLBeans up to and including v2.6.0. | |||
| CVE-2020-2172 | 0.00 | — | 0.01 | Apr 7, 2020 | Jenkins Code Coverage API Plugin 1.1.4 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. | |||
| CVE-2012-6685 | — | 0.00 | — | 0.02 | Feb 19, 2020 | Nokogiri before 1.5.4 is vulnerable to XXE attacks | ||
| CVE-2020-5227 | 0.00 | — | 0.02 | Jan 28, 2020 | Feedgen (python feedgen) before 0.9.0 is susceptible to XML Denial of Service attacks. The *feedgen* library allows supplying XML as content for some of the available fields. This XML will be parsed and integrated into the existing XML tree. During this process, feedgen is… | |||
| CVE-2017-18640 | — | 0.00 | — | 0.27 | Dec 12, 2019 | The Alias feature in SnakeYAML before 1.26 allows entity expansion during a load operation, a related issue to CVE-2003-1564. | ||
| CVE-2019-8126 | 0.00 | — | 0.01 | Nov 5, 2019 | An XML entity injection vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated admin user can craft document type definition for an XML representing XML layout. The crafted document type definition and XML layout allow… | |||
| CVE-2013-6461 | — | 0.00 | — | 0.02 | Nov 5, 2019 | Nokogiri gem 1.5.x and 1.6.x has DoS while parsing XML entities by failing to apply limits | ||
| CVE-2013-6460 | — | 0.00 | — | 0.02 | Nov 5, 2019 | Nokogiri gem 1.5.x has Denial of Service via infinite loop when parsing XML documents | ||
| CVE-2019-15160 | — | 0.00 | — | 0.02 | Aug 19, 2019 | The SweetXml (aka sweet_xml) package through 0.6.6 for Erlang and Elixir allows attackers to cause a denial of service (resource consumption) via an XML entity expansion attack with an inline DTD. | ||
| CVE-2019-5442 | — | 0.00 | — | 0.01 | Jun 12, 2019 | XML Entity Expansion (Billion Laughs Attack) on Pippo 1.12.0 results in Denial of Service.Entities are created recursively and large amounts of heap memory is taken. Eventually, the JVM process will run out of memory. Otherwise, if the OS does not bound the memory on that… | ||
| CVE-2019-5427 | 0.00 | — | 0.05 | Apr 22, 2019 | c3p0 version < 0.9.5.4 may be exploited by a billion laughs attack when loading XML configuration due to missing protections against recursive entity expansion when loading configuration. | |||
| CVE-2015-5161 | 0.00 | — | 0.10 | Aug 25, 2015 | The Zend_Xml_Security::scan in ZendXml before 1.0.1 and Zend Framework before 1.12.14, 2.x before 2.4.6, and 2.5.x before 2.5.2, when running under PHP-FPM in a threaded environment, allows remote attackers to bypass security checks and conduct XML external entity (XXE) and XML… | |||
| CVE-2014-2683 | 0.00 | — | 0.02 | Nov 16, 2014 | Zend Framework 1 (ZF1) before 1.12.4, Zend Framework 2 before 2.1.6 and 2.2.x before 2.2.6, ZendOpenId, ZendRest, ZendService_AudioScrobbler, ZendService_Nirvanix, ZendService_SlideShare, ZendService_Technorati, and ZendService_WindowsAzure before 2.0.2, ZendService_Amazon… | |||
| CVE-2014-2682 | 0.00 | — | 0.02 | Nov 16, 2014 | Zend Framework 1 (ZF1) before 1.12.4, Zend Framework 2 before 2.1.6 and 2.2.x before 2.2.6, ZendOpenId, ZendRest, ZendService_AudioScrobbler, ZendService_Nirvanix, ZendService_SlideShare, ZendService_Technorati, and ZendService_WindowsAzure before 2.0.2, ZendService_Amazon… | |||
| CVE-2014-1868 | 0.00 | — | 0.01 | Oct 6, 2014 | Restlet Framework 2.1.x before 2.1.7 and 2.x.x before 2.2 RC1, when using XMLRepresentation or XML serializers, allows attackers to cause a denial of service via an XML Entity Expansion (XEE) attack. | |||
| CVE-2012-6532 | 0.00 | — | 0.02 | Feb 13, 2013 | (1) Zend_Dom, (2) Zend_Feed, (3) Zend_Soap, and (4) Zend_XmlRpc in Zend Framework 1.x before 1.11.13 and 1.12.x before 1.12.0 allow remote attackers to cause a denial of service (CPU consumption) via recursive or circular references in an XML entity definition in an XML DOCTYPE… | |||
| CVE-2012-6531 | 0.00 | — | 0.03 | Feb 13, 2013 | (1) Zend_Dom, (2) Zend_Feed, and (3) Zend_Soap in Zend Framework 1.x before 1.11.13 and 1.12.x before 1.12.0 do not properly handle SimpleXMLElement classes, which allow remote attackers to read arbitrary files or create TCP connections via an external entity reference in a… |
- CVE-2021-32623Jun 15, 2021risk 0.00cvss —epss 0.01
Opencast is a free and open source solution for automated video capture and distribution. Versions of Opencast prior to 9.6 are vulnerable to the billion laughs attack, which allows an attacker to easily execute a (seemingly permanent) denial of service attack, essentially…
- CVE-2021-23926Jan 14, 2021risk 0.00cvss —epss 0.06
The XML parsers used by XMLBeans up to version 2.6.0 did not set the properties needed to protect the user from malicious XML input. Vulnerabilities include possibilities for XML Entity Expansion attacks. Affects XMLBeans up to and including v2.6.0.
- CVE-2020-2172Apr 7, 2020risk 0.00cvss —epss 0.01
Jenkins Code Coverage API Plugin 1.1.4 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.
- CVE-2012-6685Feb 19, 2020risk 0.00cvss —epss 0.02
Nokogiri before 1.5.4 is vulnerable to XXE attacks
- CVE-2020-5227Jan 28, 2020risk 0.00cvss —epss 0.02
Feedgen (python feedgen) before 0.9.0 is susceptible to XML Denial of Service attacks. The *feedgen* library allows supplying XML as content for some of the available fields. This XML will be parsed and integrated into the existing XML tree. During this process, feedgen is…
- CVE-2017-18640Dec 12, 2019risk 0.00cvss —epss 0.27
The Alias feature in SnakeYAML before 1.26 allows entity expansion during a load operation, a related issue to CVE-2003-1564.
- CVE-2019-8126Nov 5, 2019risk 0.00cvss —epss 0.01
An XML entity injection vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated admin user can craft document type definition for an XML representing XML layout. The crafted document type definition and XML layout allow…
- CVE-2013-6461Nov 5, 2019risk 0.00cvss —epss 0.02
Nokogiri gem 1.5.x and 1.6.x has DoS while parsing XML entities by failing to apply limits
- CVE-2013-6460Nov 5, 2019risk 0.00cvss —epss 0.02
Nokogiri gem 1.5.x has Denial of Service via infinite loop when parsing XML documents
- CVE-2019-15160Aug 19, 2019risk 0.00cvss —epss 0.02
The SweetXml (aka sweet_xml) package through 0.6.6 for Erlang and Elixir allows attackers to cause a denial of service (resource consumption) via an XML entity expansion attack with an inline DTD.
- CVE-2019-5442Jun 12, 2019risk 0.00cvss —epss 0.01
XML Entity Expansion (Billion Laughs Attack) on Pippo 1.12.0 results in Denial of Service.Entities are created recursively and large amounts of heap memory is taken. Eventually, the JVM process will run out of memory. Otherwise, if the OS does not bound the memory on that…
- CVE-2019-5427Apr 22, 2019risk 0.00cvss —epss 0.05
c3p0 version < 0.9.5.4 may be exploited by a billion laughs attack when loading XML configuration due to missing protections against recursive entity expansion when loading configuration.
- CVE-2015-5161Aug 25, 2015risk 0.00cvss —epss 0.10
The Zend_Xml_Security::scan in ZendXml before 1.0.1 and Zend Framework before 1.12.14, 2.x before 2.4.6, and 2.5.x before 2.5.2, when running under PHP-FPM in a threaded environment, allows remote attackers to bypass security checks and conduct XML external entity (XXE) and XML…
- CVE-2014-2683Nov 16, 2014risk 0.00cvss —epss 0.02
Zend Framework 1 (ZF1) before 1.12.4, Zend Framework 2 before 2.1.6 and 2.2.x before 2.2.6, ZendOpenId, ZendRest, ZendService_AudioScrobbler, ZendService_Nirvanix, ZendService_SlideShare, ZendService_Technorati, and ZendService_WindowsAzure before 2.0.2, ZendService_Amazon…
- CVE-2014-2682Nov 16, 2014risk 0.00cvss —epss 0.02
Zend Framework 1 (ZF1) before 1.12.4, Zend Framework 2 before 2.1.6 and 2.2.x before 2.2.6, ZendOpenId, ZendRest, ZendService_AudioScrobbler, ZendService_Nirvanix, ZendService_SlideShare, ZendService_Technorati, and ZendService_WindowsAzure before 2.0.2, ZendService_Amazon…
- CVE-2014-1868Oct 6, 2014risk 0.00cvss —epss 0.01
Restlet Framework 2.1.x before 2.1.7 and 2.x.x before 2.2 RC1, when using XMLRepresentation or XML serializers, allows attackers to cause a denial of service via an XML Entity Expansion (XEE) attack.
- CVE-2012-6532Feb 13, 2013risk 0.00cvss —epss 0.02
(1) Zend_Dom, (2) Zend_Feed, (3) Zend_Soap, and (4) Zend_XmlRpc in Zend Framework 1.x before 1.11.13 and 1.12.x before 1.12.0 allow remote attackers to cause a denial of service (CPU consumption) via recursive or circular references in an XML entity definition in an XML DOCTYPE…
- CVE-2012-6531Feb 13, 2013risk 0.00cvss —epss 0.03
(1) Zend_Dom, (2) Zend_Feed, and (3) Zend_Soap in Zend Framework 1.x before 1.11.13 and 1.12.x before 1.12.0 do not properly handle SimpleXMLElement classes, which allow remote attackers to read arbitrary files or create TCP connections via an external entity reference in a…