CVE-2013-1915

Trustwave Modsecurity < 2.7.3 - XXE

Title source: rule

Description

ModSecurity before 2.7.3 allows remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service (CPU and memory consumption) via an XML external entity declaration in conjunction with an entity reference, aka an XML External Entity (XXE) vulnerability.

References (15)

Core 15

Core References

Mailing List, Third Party Advisory vendor-advisory x_refsource_suse

http://lists.opensuse.org/opensuse-updates/2013-08/msg00031.html

Patch, Third Party Advisory x_refsource_confirm

https://github.com/SpiderLabs/ModSecurity/commit/d4d80b38aa85eccb26e3c61b04d16e8ca5de76fe

View Patch ZIP pw:eip

Mailing List, Third Party Advisory vendor-advisory x_refsource_suse

http://lists.opensuse.org/opensuse-updates/2013-08/msg00020.html

Mailing List, Patch, Third Party Advisory mailing-list x_refsource_mlist

http://www.openwall.com/lists/oss-security/2013/04/03/7

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/58810

Third Party Advisory vendor-advisory x_refsource_fedora

http://lists.fedoraproject.org/pipermail/package-announce/2013-April/101911.html

Third Party Advisory vendor-advisory x_refsource_mandriva

http://www.mandriva.com/security/advisories?name=MDVSA-2013:156

Issue Tracking, Patch, Third Party Advisory x_refsource_misc

https://bugzilla.redhat.com/show_bug.cgi?id=947842

Third Party Advisory vendor-advisory x_refsource_fedora

http://lists.fedoraproject.org/pipermail/package-announce/2013-April/101898.html

Release Notes, Third Party Advisory x_refsource_confirm

https://github.com/SpiderLabs/ModSecurity/blob/master/CHANGES

View Writeup ZIP pw:eip

Third Party Advisory vendor-advisory x_refsource_fedora

http://lists.fedoraproject.org/pipermail/package-announce/2013-April/102616.html

Third Party Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/52977

Third Party Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/52847

Third Party Advisory vendor-advisory x_refsource_debian

http://www.debian.org/security/2013/dsa-2659

Mailing List, Third Party Advisory vendor-advisory x_refsource_suse

http://lists.opensuse.org/opensuse-updates/2013-08/msg00025.html

Scores

EPSS 0.0485

EPSS Percentile 89.6%

Details

CWE

CWE-611

Status published

Products (9)

debian/debian_linux 6.0

debian/debian_linux 7.0

fedoraproject/fedora 17

fedoraproject/fedora 18

fedoraproject/fedora 19

opensuse/opensuse 11.4

opensuse/opensuse 12.2

opensuse/opensuse 12.3

trustwave/modsecurity < 2.7.3

Published Apr 25, 2013

Tracked Since Feb 18, 2026