XML External Entity Processing
Variants:
Direct
Also Known As:
XML DTD External Entity Attack, XML DTD Injection
Vector Type:
Attack
Relevance:
Generic
Layer:
Application-Level
Platforms:
Any
Target Type:
Web Application, Web Service
Affected Mechanisms:
Scheme Validation
Invented In:
29/10/2002
Added In:
25/12/2014
Quick Introduction to the Topic:
Vector Operation Method:
Malicious inputs can cause the application XML parser to open arbitrary internal files or TCP connections
