VYPR

CWE-776

Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion')

BaseDraftLikelihood: Medium

Description

The product uses XML documents and allows their structure to be defined with a Document Type Definition (DTD), but it does not properly control the number of recursive definitions of entities.

If the DTD contains a large number of nested or recursive entities, this can lead to explosive growth of data when parsed, causing a denial of service.

Hierarchy (View 1000)

Children

none

Related attack patterns (CAPEC)

CAPEC-197

CVEs mapped to this weakness (58)

page 3 of 3
  • CVE-2021-32623Jun 15, 2021
    risk 0.00cvss epss 0.01

    Opencast is a free and open source solution for automated video capture and distribution. Versions of Opencast prior to 9.6 are vulnerable to the billion laughs attack, which allows an attacker to easily execute a (seemingly permanent) denial of service attack, essentially…

  • CVE-2021-23926Jan 14, 2021
    risk 0.00cvss epss 0.06

    The XML parsers used by XMLBeans up to version 2.6.0 did not set the properties needed to protect the user from malicious XML input. Vulnerabilities include possibilities for XML Entity Expansion attacks. Affects XMLBeans up to and including v2.6.0.

  • CVE-2020-2172Apr 7, 2020
    risk 0.00cvss epss 0.01

    Jenkins Code Coverage API Plugin 1.1.4 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.

  • CVE-2012-6685Feb 19, 2020
    risk 0.00cvss epss 0.02

    Nokogiri before 1.5.4 is vulnerable to XXE attacks

  • CVE-2020-5227Jan 28, 2020
    risk 0.00cvss epss 0.02

    Feedgen (python feedgen) before 0.9.0 is susceptible to XML Denial of Service attacks. The *feedgen* library allows supplying XML as content for some of the available fields. This XML will be parsed and integrated into the existing XML tree. During this process, feedgen is…

  • CVE-2017-18640Dec 12, 2019
    risk 0.00cvss epss 0.27

    The Alias feature in SnakeYAML before 1.26 allows entity expansion during a load operation, a related issue to CVE-2003-1564.

  • CVE-2019-8126Nov 5, 2019
    risk 0.00cvss epss 0.01

    An XML entity injection vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated admin user can craft document type definition for an XML representing XML layout. The crafted document type definition and XML layout allow…

  • CVE-2013-6461Nov 5, 2019
    risk 0.00cvss epss 0.02

    Nokogiri gem 1.5.x and 1.6.x has DoS while parsing XML entities by failing to apply limits

  • CVE-2013-6460Nov 5, 2019
    risk 0.00cvss epss 0.02

    Nokogiri gem 1.5.x has Denial of Service via infinite loop when parsing XML documents

  • CVE-2019-15160Aug 19, 2019
    risk 0.00cvss epss 0.02

    The SweetXml (aka sweet_xml) package through 0.6.6 for Erlang and Elixir allows attackers to cause a denial of service (resource consumption) via an XML entity expansion attack with an inline DTD.

  • CVE-2019-5442Jun 12, 2019
    risk 0.00cvss epss 0.01

    XML Entity Expansion (Billion Laughs Attack) on Pippo 1.12.0 results in Denial of Service.Entities are created recursively and large amounts of heap memory is taken. Eventually, the JVM process will run out of memory. Otherwise, if the OS does not bound the memory on that…

  • CVE-2019-5427Apr 22, 2019
    risk 0.00cvss epss 0.05

    c3p0 version < 0.9.5.4 may be exploited by a billion laughs attack when loading XML configuration due to missing protections against recursive entity expansion when loading configuration.

  • CVE-2015-5161Aug 25, 2015
    risk 0.00cvss epss 0.10

    The Zend_Xml_Security::scan in ZendXml before 1.0.1 and Zend Framework before 1.12.14, 2.x before 2.4.6, and 2.5.x before 2.5.2, when running under PHP-FPM in a threaded environment, allows remote attackers to bypass security checks and conduct XML external entity (XXE) and XML…

  • CVE-2014-2683Nov 16, 2014
    risk 0.00cvss epss 0.02

    Zend Framework 1 (ZF1) before 1.12.4, Zend Framework 2 before 2.1.6 and 2.2.x before 2.2.6, ZendOpenId, ZendRest, ZendService_AudioScrobbler, ZendService_Nirvanix, ZendService_SlideShare, ZendService_Technorati, and ZendService_WindowsAzure before 2.0.2, ZendService_Amazon…

  • CVE-2014-2682Nov 16, 2014
    risk 0.00cvss epss 0.02

    Zend Framework 1 (ZF1) before 1.12.4, Zend Framework 2 before 2.1.6 and 2.2.x before 2.2.6, ZendOpenId, ZendRest, ZendService_AudioScrobbler, ZendService_Nirvanix, ZendService_SlideShare, ZendService_Technorati, and ZendService_WindowsAzure before 2.0.2, ZendService_Amazon…

  • CVE-2014-1868Oct 6, 2014
    risk 0.00cvss epss 0.01

    Restlet Framework 2.1.x before 2.1.7 and 2.x.x before 2.2 RC1, when using XMLRepresentation or XML serializers, allows attackers to cause a denial of service via an XML Entity Expansion (XEE) attack.

  • CVE-2012-6532Feb 13, 2013
    risk 0.00cvss epss 0.02

    (1) Zend_Dom, (2) Zend_Feed, (3) Zend_Soap, and (4) Zend_XmlRpc in Zend Framework 1.x before 1.11.13 and 1.12.x before 1.12.0 allow remote attackers to cause a denial of service (CPU consumption) via recursive or circular references in an XML entity definition in an XML DOCTYPE…

  • CVE-2012-6531Feb 13, 2013
    risk 0.00cvss epss 0.03

    (1) Zend_Dom, (2) Zend_Feed, and (3) Zend_Soap in Zend Framework 1.x before 1.11.13 and 1.12.x before 1.12.0 do not properly handle SimpleXMLElement classes, which allow remote attackers to read arbitrary files or create TCP connections via an external entity reference in a…