Generic.XXE.Detection

description-logoDescription

This indicates a potential XML External Entity attack.
XXE (XML eXternal Entity) attack is a form of attack where applications that parse XML inputs fail to properly validate the inputs. An attacker may be able to exploit this on a vulnerable system to execute arbitrary code within the context of the application or gain unauthorized access to sensitive information.

affected-products-logoAffected Products

All web application environments that support XML are susceptible to this attack.

Impact logoImpact

Remote attackers can execute arbitrary code or gain sensitive information.

recomended-action-logoRecommended Actions

Sanitize user inputs if possible or contact the vendor of the software for a solution or workaround.

Telemetry logoTelemetry

Coverage

IPS (Regular DB)
IPS (Extended DB)

Version Updates

Date Version Detail
2019-05-16 14.615 Sig Added
2019-05-08 14.609 Name:HTTP.
XXE:Generic.
XXE.
Detection
2019-05-07 14.608 Sig Added
2019-05-01 14.605 Sig Added
2018-11-01 13.483 Sig Added