CodeAnt AI home pagelight logodark logo
  • Dashboard
  • Dashboard
  • Documentation
  • Demo Call with CEO
  • Blog
  • Slack
    • Get Started
    • CodeAnt AI
    • Setup
    • Control Center
    • Pull Request Review
    • IDE
    • Compliance
    • Anti-Patterns
    • Code Governance
    • Infrastructure Security Database
    • Application Security Database
      • Apex
      • Bash
      • C
      • Clojure
      • Cpp
      • Csharp
      • Dockerfile
      • Elixir
      • Fingerprints
      • Generic
      • Go
      • Html
      • Java
        • Android
        • Aws-lambda
        • Castor
        • Java-jwt
        • Jax-rs
        • Jboss
        • Jdo
        • Jedis
        • Jjwt
        • Jsch
        • Kryo
        • Lang
        • Micronaut
        • Mongo
        • Mongodb
        • Mysql
        • Okhttp
        • Rmi
        • Servlets
          • Security
          • Security
            • Audit
            • Castor-deserialization-deepsemgrep
            • Crlf-injection-logs-deepsemgrep
            • Crlf-injection-logs
            • Httpservlet-path-traversal-deepsemgrep
            • Httpservlet-path-traversal
            • Kryo-deserialization-deepsemgrep
            • No-direct-response-writer-deepsemgrep
            • No-direct-response-writer
            • Nosql-injection-servlets
            • Objectinputstream-deserialization-servlets
            • Servletresponse-writer-xss-deepsemgrep
            • Servletresponse-writer-xss
            • Tainted-cmd-from-http-request-deepsemgrep
            • Tainted-cmd-from-http-request
            • Tainted-code-injection-from-http-request-deepsemgrep
            • Tainted-code-injection-from-http-request
            • Tainted-ldapi-from-http-request-deepsemgrep
            • Tainted-ldapi-from-http-request
            • Tainted-session-from-http-request-deepsemgrep
            • Tainted-session-from-http-request
            • Tainted-sql-from-http-request-deepsemgrep
            • Tainted-sql-from-http-request
            • Tainted-ssrf-deepsemgrep-add
            • Tainted-ssrf-deepsemgrep-format
            • Tainted-ssrf-deepsemgrep
            • Tainted-ssrf
            • Tainted-xml-decoder-deepsemgrep
            • Tainted-xml-decoder
            • Tainted-xpath-from-http-request-deepsemgrep
            • Tainted-xpath-from-http-request
            • Xstream-anytype-deserialization-deepsemgrep
            • Xxe
              • Tainted-documentbuilderfactory-xxe-servlet
              • Tainted-saxbuilder-xxe-servlet
              • Tainted-saxparser-xxe-servlet
                • Tainted saxparser xxe servlet
              • Tainted-saxreader-xxe-servlet
              • Tainted-saxtransformerfactory-xxe-servlet
              • Tainted-schemafactory-xxe-servlet
              • Tainted-validator-xxe-servlet
              • Tainted-xmlreader-xxe-servlet
        • Spring
        • Thymeleaf
        • Xstream
      • Javascript
      • Json
      • Kotlin
      • Ocaml
      • Php
      • Problem-based-packs
      • Python
      • Ruby
      • Rust
      • Scala
      • Solidity
      • Swift
      • Terraform
      • Typescript
      • Yaml
    Tainted-saxparser-xxe-servlet

    Tainted saxparser xxe servlet

    tainted-saxparser-xxe-servlet

    The application is using an XML parser that has not been safely configured. This might lead to XML External Entity (XXE) vulnerabilities when parsing user-controlled input. An attacker can include document type definitions (DTDs) which can interact with internal or external hosts. XXE can lead to other vulnerabilities, such as Local File Inclusion (LFI), Remote Code Execution (RCE), and Server-side request forgery (SSRF), depending on the application configuration. An attacker can also use DTDs to expand recursively, leading to a Denial-of-Service (DoS) attack, also known as a Billion Laughs Attack. It is our recommendation to secure this parser against XXE attacks by configuring the SAXParserFactory with factory.setFeature(http://apache.org/xml/features/disallow-doctype-decl, true). Alternatively, the following configurations for the SAXParserFactory also provide protection against XXE attacks. factory.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, true), enabling both of factory.setFeature("http://xml.org/sax/features/external-general-entities", and factory.setFeature(“http://xml.org/sax/features/external-parameter-entities”, false). Furthermore, you can configure the SAXParser itself with parser.setProperty(XMLConstants.ACCESS_EXTERNAL_DTD, "")` to provide protection against XXE attacks. For more information, see: Java XXE prevention
    Likelihood: MEDIUM
    Confidence: HIGH
    CWE:
    - CWE-611: Improper Restriction of XML External Entity Reference
    - CWE-776: Improper Restriction of Recursive Entity References in DTDs (‘XML Entity Expansion’)
    OWASP:
    - A04:2017 - XML External Entities (XXE)
    - A05:2021 - Security Misconfiguration

    Tainted saxbuilder xxe servletTainted saxreader xxe servlet
    twitterlinkedin
    Powered by Mintlify
    Assistant
    Responses are generated using AI and may contain mistakes.