|
|
|
|
CWE-611 Individual Dictionary Definition (Draft 9)
Weakness ID
| Status: Draft 611 (Weakness Variant) | | Description | Summary The product processes an XML document that can contain XML entities with URLs that resolve to documents outside of the intended sphere of control, causing the product to embed incorrect documents into its output. Extended Description XML documents optionally contain a Document Type Definition (DTD), which, among other
features, enables the definition of "XML entities". It is possible to define an entity locally by
providing a substitution string in the form of a URL whose content is substituted for the XML
entity when the DTD is processed. The attack can be launched by defining an XML entity whose
content is a file URL (which, when processed by the receiving end, is mapped into a file on the
server), that is embedded in the XML document, and thus, is fed to the processing application.
This application may echo back the data (e.g. in an error message), thereby exposing the file
contents. | | Observed Examples | | Reference | Description |
|---|
| CVE-2005-1306 -A browser control can allow remote attackers to determine the
existence of files via Javascript containing XML script, aka the "XML External Entity
vulnerability." |
| | Context Notes | It's important to note that a URL can have non-HTTP schemes, especially, that a URL
such as "file:///c:/winnt/win.ini" designates (in Windows) the file C:\Winnt\win.ini. Similarly, a
URL can be used to designate any file on any drive. | | Relationships | | | Source Taxonomies | Anonymous Tool Vendor (under NDA) - |
|
- Weakness
- Base
- Variant
- Class
- Chain
- Composite
- Category
- View
- Deprecated
