Your IP: Unknown · Your Status: ProtectedUnprotectedUnknown
XML bomb

XML bomb

(also billion laughs attack)

XML bomb definition

A type of DDoS attack where a small piece of code is sent to overwhelm the program that parses XML files and crash the server. It works similarly to a zip bomb: when an XML parser tries to process the message, nested data entities inside of it start growing exponentially and crash the server.

How to stop an XML attack

  • Limit the number of characters the entity can expand.
  • Limit the memory allocated to a parser.

Further reading

Ultimate digital security