Improper Restriction of XML External Entity Reference
| Property | |
|---|---|
| Language | java |
| Severity |  |
| CWE | CWE-611: Improper Restriction of XML External Entity Reference |
| OWASP | A04:2017 - XML External Entities (XXE) |
| Confidence Level | High |
| Impact Level | High |
| Likelihood Level | Low |
Description#
The code enables external parameter entities in XML parsing, which makes the application vulnerable to XML External Entity (XXE) attacks. This happens when the parser is allowed to access external resources referenced in XML documents.
Impact#
If exploited, attackers could read sensitive files from the server, perform server-side request forgery (SSRF), or cause denial of service. This can lead to data breaches or allow attackers to interact with internal systems and resources.