AKIT
    English Eesti

    XML external entity attack

    XML välisolemrünne, XXE-rünne

    olemus
    liik veebirakenduse ründeid,
    kasutab ära XML parseri konfiguratsiooni nõrkusi
    ja paigutab sobiva välisolemiviite
    XML-lähteandmetesse
    =
    attack against web application whose XML input containing a reference to an external entity is processed by a weakly configured XML parser

    ülevaateid
    https://en.wikipedia.org/wiki/XML_external_entity_attack

    https://www.owasp.org/index.php/Top_10-2017_A4-XML_External_Entities_(XXE)

    https://www.linkedin.com/pulse/xxe-attack-basics-nick-frichette

    https://www.sans.org/reading-room/whitepapers/application/hands-on-xml-external-entity-vulnerability-training-module-34397

    http://www.cs.tufts.edu/comp/116/archive/fall2015/rhogue.pdf

    tõrje
    https://www.neuralegion.com/blog/xml-external-entity-xxe-injection/

    https://www.hacksplaining.com/prevention/xml-external-entities

    https://wiki.sei.cmu.edu/confluence/display/java/IDS17-J.+Prevent+XML+External+Entity+Attacks

    https://cheatsheetseries.owasp.org/cheatsheets/XML_External_Entity_Prevention_Cheat_Sheet.html