Common Attack Pattern Enumeration and Classification
A Community Resource for Identifying and Understanding Attacks
An adversary exploits a few properties of XML(substitution entities and inline DTDs) to cause a denial of service situation due to excessive memory being allocated to fully expand the XML. The result of this denial of service could cause the application to freeze or crash.
In this example the attacker defines one large entity and refers to it many times.
<!DOCTYPE bomb [<!ENTITY x "AAAAA
... [100K of them] ...
... [100K of them]...
This results in a relatively small message of 100KBs that will expand to a message in the GB range.
Design: Use libraries and templates that minimize unfiltered input. Use methods that limit entity expansion and throw exceptions on attempted entity expansion.
Implementation: Disable altogether the use of inline DTD schemas in your XML parsing objects. If must use DTD, normalize, filter and white list and parse with methods and routines that will detect entity expansion from untrusted sources.
More information is available — Please select a different filter.