XML Bomb

What Does XML Bomb Mean?

An XML bomb is a piece of XML code that is syntactically valid and correct but can cause a program that compiles or runs it to crash or hang. An XML bomb can be used to test the security level of a server. In an HTML code, an XML code is either parsed internally or referenced as an external file that is sent to a server. Typically, a normal server without adequate protection is expected to crash with this attack.


Techopedia Explains XML Bomb

An XML bomb is a small but dangerous piece of code that is written and sent with the intent of crashing the targeted server or program that tries to read and decode it. When an XML parser tries to process an XML bomb, the nested data entities start growing exponentially. This can result in the shutting down of a server or ISP, making it vulnerable to unauthorized access by hackers, which can result in serious threat to data privacy. An XML bomb takes advantage of three properties of XML, namely, entity substitution, nested entities and inline DTDs, to cause a “data explosion,” hence the “bomb” in the name.


Related Terms

Latest Cyber Threats Terms

Related Reading

Margaret Rouse

Margaret Rouse is an award-winning technical writer and teacher known for her ability to explain complex technical subjects to a non-technical, business audience. Over the past twenty years her explanations have appeared on TechTarget websites and she's been cited as an authority in articles by the New York Times, Time Magazine, USA Today, ZDNet, PC Magazine and Discovery Magazine.Margaret's idea of a fun day is helping IT and business professionals learn to speak each other’s highly specialized languages. If you have a suggestion for a new definition or how to improve a technical explanation, please email Margaret or contact her…