Generic.XXE.Detection
Description
This indicates a potential XML External Entity attack.
XXE (XML eXternal Entity) attack is a form of attack where applications that parse XML inputs fail to properly validate the inputs. An attacker may be able to exploit this on a vulnerable system to execute arbitrary code within the context of the application or gain unauthorized access to sensitive information.
Affected Products
All web application environments that support XML are susceptible to this attack.
Impact
Remote attackers can execute arbitrary code or gain sensitive information.
Recommended Actions
Sanitize user inputs if possible or contact the vendor of the software for a solution or workaround.
Telemetry
Coverage
IPS (Regular DB) | |
IPS (Extended DB) |