CVE-2013-1915

NONE
Published Apr 25, 201313y ago · Modified Jun 16, 20262w ago
Find Similar
Published Apr 25, 2013 13y ago
Last Modified Jun 16, 2026 2w ago

Description

ModSecurity before 2.7.3 allows remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service (CPU and memory consumption) via an XML external entity declaration in conjunction with an entity reference, aka an XML External Entity (XXE) vulnerability.

Threat Intelligence

No active exploitation signals — not in CISA KEV and no EPSS score yet.

Exploit & Patch Status
No Known Exploit
Patch Available

Weaknesses 1

CWE-611

Affected Products 9

VendorProductVersionRange
trustwavemodsecurity* <2.7.3
opensuseopensuse11.4any
opensuseopensuse12.2any
opensuseopensuse12.3any
fedoraprojectfedora17any
fedoraprojectfedora18any
fedoraprojectfedora19any
debiandebian_linux6.0any
debiandebian_linux7.0any

References 15

  • lists.fedoraproject.org http://lists.fedoraproject.org/pipermail/package-announce/2013-April/101898.html
    Third Party Advisory
  • lists.fedoraproject.org http://lists.fedoraproject.org/pipermail/package-announce/2013-April/101911.html
    Third Party Advisory
  • lists.fedoraproject.org http://lists.fedoraproject.org/pipermail/package-announce/2013-April/102616.html
    Third Party Advisory
  • lists.opensuse.org http://lists.opensuse.org/opensuse-updates/2013-08/msg00020.html
    Mailing ListThird Party Advisory
  • lists.opensuse.org http://lists.opensuse.org/opensuse-updates/2013-08/msg00025.html
    Mailing ListThird Party Advisory
  • lists.opensuse.org http://lists.opensuse.org/opensuse-updates/2013-08/msg00031.html
    Mailing ListThird Party Advisory
  • secunia.com http://secunia.com/advisories/52847
    Third Party Advisory
  • secunia.com http://secunia.com/advisories/52977
    Third Party Advisory
  • debian.org http://www.debian.org/security/2013/dsa-2659
    Third Party Advisory
  • mandriva.com http://www.mandriva.com/security/advisories?name=MDVSA-2013:156
    Third Party Advisory
  • openwall.com http://www.openwall.com/lists/oss-security/2013/04/03/7
    Mailing ListPatchThird Party Advisory
  • securityfocus.com http://www.securityfocus.com/bid/58810
    Third Party AdvisoryVDB Entry
  • bugzilla.redhat.com https://bugzilla.redhat.com/show_bug.cgi?id=947842
    Issue TrackingPatchThird Party Advisory
  • github.com https://github.com/SpiderLabs/ModSecurity/blob/master/CHANGES
    Release NotesThird Party Advisory
  • github.com https://github.com/SpiderLabs/ModSecurity/commit/d4d80b38aa85eccb26e3c61b04d16e8ca5de76fe
    PatchThird Party Advisory

Remediation

  • openwall.com http://www.openwall.com/lists/oss-security/2013/04/03/7
    Mailing ListPatchThird Party Advisory
  • bugzilla.redhat.com https://bugzilla.redhat.com/show_bug.cgi?id=947842
    Issue TrackingPatchThird Party Advisory
  • github.com https://github.com/SpiderLabs/ModSecurity/commit/d4d80b38aa85eccb26e3c61b04d16e8ca5de76fe
    PatchThird Party Advisory