CAPEC-491 - XML Quadratic Expansion

An adversary exploits a few properties of XML(substitution entities and inline DTDs) to cause a denial of service situation due to excessive memory being allocated to fully expand the XML. The result of this denial of service could cause the application to freeze or crash.

Severity

Likelihood

Confidentiality

Integrity

Availability

This type of attack requires a server that accepts XML data and parses the data.

Design: Use libraries and templates that minimize unfiltered input. Use methods that limit entity expansion and throw exceptions on attempted entity expansion.
Implementation: Disable altogether the use of inline DTD schemas in your XML parsing objects. If must use DTD, normalize, filter and white list and parse with methods and routines that will detect entity expansion from untrusted sources.