XML bomb definition
An XML bomb is a type of DDoS attack where a small piece of code is sent to overwhelm the program that parses XML files and crash the server. It works similarly to a zip bomb: when an XML parser tries to process the message, nested data entities inside of it start growing exponentially and crash the server.
How to stop an XML attack
- Limit the number of characters the entity can expand.
- Limit the memory allocated to a parser.
