ByteOS Network

CWE-776:Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion')

Weakness ID:776

Version:v4.17

Weakness Name:Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion')

Vulnerability Mapping:Allowed

Abstraction:Base

Structure:Simple

Status:Draft

Likelihood of Exploit:Medium

Details Content History Observed CVE Examples Reports

▼Submissions

Submission Date	Release Date	Submitter	Organization	Version	Comment
2009-06-30	2009-07-27	CWE Content Team	MITRE	1.5	N/A

Submission Date: 2009-06-30

Release Date: 2009-07-27

Submitter: CWE Content Team

Organization: MITRE

Version: 1.5

Comment:

N/A

▼Modifications

Modification Date	Release Date	Modifier	Organization	Version	Importance	Comment
2010-02-16	N/A	CWE Content Team	MITRE	N/A	N/A	updated Taxonomy_Mappings
2010-12-13	N/A	CWE Content Team	MITRE	N/A	N/A	updated Relationships
2011-06-01	N/A	CWE Content Team	MITRE	N/A	N/A	updated Common_Consequences
2012-05-11	N/A	CWE Content Team	MITRE	N/A	N/A	updated Demonstrative_Examples
2013-02-21	N/A	CWE Content Team	MITRE	N/A	N/A	updated Alternate_Terms, Applicable_Platforms, Description, Name, Observed_Examples, References, Relationships
2017-11-08	N/A	CWE Content Team	MITRE	N/A	N/A	updated Likelihood_of_Exploit, References
2018-03-27	N/A	CWE Content Team	MITRE	N/A	N/A	updated Relationships
2019-06-20	N/A	CWE Content Team	MITRE	N/A	N/A	updated Relationships, Type
2020-02-24	N/A	CWE Content Team	MITRE	N/A	N/A	updated Applicable_Platforms, Relationships
2021-10-28	N/A	CWE Content Team	MITRE	N/A	N/A	updated Relationships
2022-04-28	N/A	CWE Content Team	MITRE	N/A	N/A	updated Related_Attack_Patterns
2023-01-31	N/A	CWE Content Team	MITRE	N/A	N/A	updated Description
2023-04-27	N/A	CWE Content Team	MITRE	N/A	N/A	updated Detection_Factors, References, Relationships
2023-06-29	N/A	CWE Content Team	MITRE	N/A	N/A	updated Mapping_Notes

Modification Date: 2010-02-16

Release Date: N/A

Modifier: CWE Content Team

Organization: MITRE

Version: N/A

Importance: N/A

Comment:

updated Taxonomy_Mappings

Modification Date: 2010-12-13

Release Date: N/A

Modifier: CWE Content Team

Organization: MITRE

Version: N/A

Importance: N/A

Comment:

updated Relationships

Modification Date: 2011-06-01

Release Date: N/A

Modifier: CWE Content Team

Organization: MITRE

Version: N/A

Importance: N/A

Comment:

updated Common_Consequences

Modification Date: 2012-05-11

Release Date: N/A

Modifier: CWE Content Team

Organization: MITRE

Version: N/A

Importance: N/A

Comment:

updated Demonstrative_Examples

Modification Date: 2013-02-21

Release Date: N/A

Modifier: CWE Content Team

Organization: MITRE

Version: N/A

Importance: N/A

Comment:

updated Alternate_Terms, Applicable_Platforms, Description, Name, Observed_Examples, References, Relationships

Modification Date: 2017-11-08

Release Date: N/A

Modifier: CWE Content Team

Organization: MITRE

Version: N/A

Importance: N/A

Comment:

updated Likelihood_of_Exploit, References

Modification Date: 2018-03-27

Release Date: N/A

Modifier: CWE Content Team

Organization: MITRE

Version: N/A

Importance: N/A

Comment:

updated Relationships

Modification Date: 2019-06-20

Release Date: N/A

Modifier: CWE Content Team

Organization: MITRE

Version: N/A

Importance: N/A

Comment:

updated Relationships, Type

Modification Date: 2020-02-24

Release Date: N/A

Modifier: CWE Content Team

Organization: MITRE

Version: N/A

Importance: N/A

Comment:

updated Applicable_Platforms, Relationships

Modification Date: 2021-10-28

Release Date: N/A

Modifier: CWE Content Team

Organization: MITRE

Version: N/A

Importance: N/A

Comment:

updated Relationships

Modification Date: 2022-04-28

Release Date: N/A

Modifier: CWE Content Team

Organization: MITRE

Version: N/A

Importance: N/A

Comment:

updated Related_Attack_Patterns

Modification Date: 2023-01-31

Release Date: N/A

Modifier: CWE Content Team

Organization: MITRE

Version: N/A

Importance: N/A

Comment:

updated Description

Modification Date: 2023-04-27

Release Date: N/A

Modifier: CWE Content Team

Organization: MITRE

Version: N/A

Importance: N/A

Comment:

updated Detection_Factors, References, Relationships

Modification Date: 2023-06-29

Release Date: N/A

Modifier: CWE Content Team

Organization: MITRE

Version: N/A

Importance: N/A

Comment:

updated Mapping_Notes

▼Previous Name Entries

Change Date	Previous Entry Name	Version
2013-02-21	Unrestricted Recursive Entity References in DTDs ('XML Bomb')	N/A

Change Date: 2013-02-21

Version: N/A

Previous Entry Name: Unrestricted Recursive Entity References in DTDs ('XML Bomb')