Back to search
CVE-2013-1915
Published: Apr 25, 2013
Modified: Aug 6, 2024
PUBLISHED
Description
ModSecurity before 2.7.3 allows remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service (CPU and memory consumption) via an XML external entity declaration in conjunction with an entity reference, aka an XML External Entity (XXE) vulnerability.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
openSUSE-SU-2013:1342
vendor-advisory
x_refsource_SUSE
openSUSE-SU-2013:1331
vendor-advisory
x_refsource_SUSE
[oss-security] 20130403 Re: CVE Request -- ModSecurity (X < 2.7.3): Vulnerable to XXE attacks
mailing-list
x_refsource_MLIST
58810
vdb-entry
x_refsource_BID
FEDORA-2013-4831
vendor-advisory
x_refsource_FEDORA
MDVSA-2013:156
vendor-advisory
x_refsource_MANDRIVA
https://bugzilla.redhat.com/show_bug.cgi?id=947842
x_refsource_MISC
FEDORA-2013-4834
vendor-advisory
x_refsource_FEDORA
https://github.com/SpiderLabs/ModSecurity/blob/master/CHANGES
x_refsource_CONFIRM
FEDORA-2013-4908
vendor-advisory
x_refsource_FEDORA
52977
third-party-advisory
x_refsource_SECUNIA
52847
third-party-advisory
x_refsource_SECUNIA
DSA-2659
vendor-advisory
x_refsource_DEBIAN
openSUSE-SU-2013:1336
vendor-advisory
x_refsource_SUSE
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now