Page tree
Skip to end of metadata
Go to start of metadata

Security Assessment


Risk Probability Impact
3.7 2.2 1.4

CSVV Vector: AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N




Vulnerability Information


Many older or poorly configured XML processors evaluate external entity references within XML documents. External entities can be used to disclose internal files using the file URI handler, internal file shares, internal port scanning, remote code execution, and denial of service attacks.

An attacker may use an XXE vulnerability to access secret files of the machine running the XML processor.




Table of Contents


Contribute


You are facing an issue that is not covered in our guides, we are happy to include solutions here. Please send us an e-mail to support@crashtest-security.com.




Crashtest Security


Crashtest Security is a Munich, Germany based start-up that redefines web application vulnerability scans.  The Crashtest Security Suite is differentiating itself as a fully automated vulnerability scanner enhanced with artificial intelligence developed for the needs of the agile developer or SecDevOps. Clear vulnerability insights are provided as well as contextual actionable insights for risk mitigation. 




  • No labels