XML External Entity Attack
- Risk:
High
- Type:
- Active
- CWE:
- CWE-611
- Summary
This technique takes advantage of a feature of XML to build documents dynamically at the time of processing. An XML message can either provide data explicitly or by pointing to an URI where the data exists. In the attack technique, external entities may replace the entity value with malicious data, alternate referrals or may compromise the security of the data the server/XML application has access to.
Attackers may also use External Entities to have the web services server download malicious code or content to the server for use in secondary or follow on attacks.
- Solution
XML External Entities vulnerabilities arise because the application's XML parsing library supports potentially dangerous XML features. To prevent XML External Entities vulnerabilities disable the resolution of external entities and the support for XInclude.
- References
https://owasp.org/www-community/vulnerabilities/XML_External_Entity_(XXE)_Processing
https://cheatsheetseries.owasp.org/cheatsheets/XML_External_Entity_Prevention_Cheat_Sheet.html
Microsoft: Office 2016 and Office 2019 have reach end of support
Gladinet fixes actively exploited zero-day in file-sharing software
North Korean Hackers Use EtherHiding to Hide Malware Inside Blockchain Smart Contracts
Hackers Abuse Blockchain Smart Contracts to Spread Malware via Infected WordPress Sites
LinkPro Linux Rootkit Uses eBPF to Hide and Activates via Magic TCP Packets
North Korean hackers use EtherHiding to hide malware on the blockchain
Microsoft debuts Copilot Actions for agentic AI-driven Windows tasks
Hackers Deploy Linux Rootkits via Cisco SNMP Flaw in "Zero Disco' Attacks
CVE-2021-43226 Microsoft Windows Privilege Escalation Vulnerability
CVE-2025-59230 Microsoft Windows Improper Access Control Vulnerability
CVE-2016-7836 SKYSEA Client View Improper Authentication Vulnerability
CVE-2013-3918 Microsoft Windows Out-of-Bounds Write Vulnerability
CVE-2025-6264 Rapid7 Velociraptor Incorrect Default Permissions Vulnerability
CVE-2010-3765 Mozilla Multiple Products Remote Code Execution Vulnerability
CVE-2011-3402 Microsoft Windows Remote Code Execution Vulnerability
CVE-2017-3881 Cisco IOS and IOS XE Remote Code Execution Vulnerability
CVE-2023-50224 TP-Link TL-WR841N Authentication Bypass by Spoofing Vulnerability
Free online web security scanner