CVE-2013-1915
NONE
Published Apr 25, 201313y ago · Modified Jun 16, 20262w ago
Published Apr 25, 2013 13y ago
Last Modified Jun 16, 2026 2w ago
Description
ModSecurity before 2.7.3 allows remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service (CPU and memory consumption) via an XML external entity declaration in conjunction with an entity reference, aka an XML External Entity (XXE) vulnerability.
Threat Intelligence
No active exploitation signals — not in CISA KEV and no EPSS score yet.
Exploit & Patch Status
No Known Exploit
Patch Available
Weaknesses 1
CWE-611
Affected Products 9
| Vendor | Product | Version | Range |
|---|---|---|---|
| trustwave | modsecurity | * | <2.7.3 |
| opensuse | opensuse | 11.4 | any |
| opensuse | opensuse | 12.2 | any |
| opensuse | opensuse | 12.3 | any |
| fedoraproject | fedora | 17 | any |
| fedoraproject | fedora | 18 | any |
| fedoraproject | fedora | 19 | any |
| debian | debian_linux | 6.0 | any |
| debian | debian_linux | 7.0 | any |
References 15
- lists.fedoraproject.org http://lists.fedoraproject.org/pipermail/package-announce/2013-April/101898.html
- lists.fedoraproject.org http://lists.fedoraproject.org/pipermail/package-announce/2013-April/101911.html
- lists.fedoraproject.org http://lists.fedoraproject.org/pipermail/package-announce/2013-April/102616.html
- lists.opensuse.org http://lists.opensuse.org/opensuse-updates/2013-08/msg00020.html
- lists.opensuse.org http://lists.opensuse.org/opensuse-updates/2013-08/msg00025.html
- lists.opensuse.org http://lists.opensuse.org/opensuse-updates/2013-08/msg00031.html
- secunia.com http://secunia.com/advisories/52847
- secunia.com http://secunia.com/advisories/52977
- debian.org http://www.debian.org/security/2013/dsa-2659
- mandriva.com http://www.mandriva.com/security/advisories?name=MDVSA-2013:156
- openwall.com http://www.openwall.com/lists/oss-security/2013/04/03/7
- securityfocus.com http://www.securityfocus.com/bid/58810
- bugzilla.redhat.com https://bugzilla.redhat.com/show_bug.cgi?id=947842
- github.com https://github.com/SpiderLabs/ModSecurity/blob/master/CHANGES
- github.com https://github.com/SpiderLabs/ModSecurity/commit/d4d80b38aa85eccb26e3c61b04d16e8ca5de76fe
Remediation
- openwall.com http://www.openwall.com/lists/oss-security/2013/04/03/7
- bugzilla.redhat.com https://bugzilla.redhat.com/show_bug.cgi?id=947842
- github.com https://github.com/SpiderLabs/ModSecurity/commit/d4d80b38aa85eccb26e3c61b04d16e8ca5de76fe