olemus
liik veebirakenduse ründeid,
kasutab ära XML parseri konfiguratsiooni nõrkusi
ja paigutab sobiva välisolemiviite
XML-lähteandmetesse
=
attack against web application whose XML input containing a reference to an external entity is processed by a weakly configured XML parser

ülevaateid
https://en.wikipedia.org/wiki/XML_external_entity_attack

https://www.owasp.org/index.php/Top_10-2017_A4-XML_External_Entities_(XXE)

https://www.linkedin.com/pulse/xxe-attack-basics-nick-frichette

https://www.sans.org/reading-room/whitepapers/application/hands-on-xml-external-entity-vulnerability-training-module-34397

http://www.cs.tufts.edu/comp/116/archive/fall2015/rhogue.pdf

tõrje
https://www.neuralegion.com/blog/xml-external-entity-xxe-injection/

https://www.hacksplaining.com/prevention/xml-external-entities

https://wiki.sei.cmu.edu/confluence/display/java/IDS17-J.+Prevent+XML+External+Entity+Attacks

https://cheatsheetseries.owasp.org/cheatsheets/XML_External_Entity_Prevention_Cheat_Sheet.html