CWE-776Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion')

PUBLISHEDweakness recordMedium
released 2009-07-27 · last modified 2025-12-11

Metadata

CWE ID:
CWE-776
摘要:
Base
结构:
Simple
状态:
Draft
发布日期:
2009-07-27
更新日期:
2025-12-11

名称

Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion')

描述

The product uses XML documents and allows their structure to be defined with a Document Type Definition (DTD), but it does not properly control the number of recursive definitions of entities.

If the DTD contains a large number of nested or recursive entities, this can lead to explosive growth of data when parsed, causing a denial of service.

常见后果

范围:
Availability
影响:
DoS: Resource Consumption (Other)
注释:
If parsed, recursive entity references allow the attacker to expand data exponentially, quickly consuming all system resources.

相关 CWE

相关警报