Threat Encyclopedia

Generic.XXE.Detection

description-logoDescription

This indicates a potential XML External Entity attack.
XXE (XML eXternal Entity) attack is a form of attack where applications that parse XML inputs fail to properly validate the inputs. An attacker may be able to exploit this on a vulnerable system to execute arbitrary code within the context of the application or gain unauthorized access to sensitive information.

affected-products-logoAffected Products

All web application environments that support XML are susceptible to this attack.

Impact

Remote attackers can execute arbitrary code or gain sensitive information.

recomended-action-logoRecommended Actions

Sanitize user inputs if possible or contact the vendor of the software for a solution or workaround.