CVE 2013-1915
ModSecurity before 2.7.3 allows remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service (CPU and memory consumption) via an XML external entity declaration in conjunction with an entity reference, aka an XML External Entity (XXE) vulnerability.
Related bugs and status
CVE-2013-1915 (Candidate) is related to these bugs:
Bug #1016909: (CVE-2009-5031) <modsecurity-apache-2.6.6 : Multipart Quote Parsing Security Bypass Vulnerability (CVE-2009-5031 CVE-2012-2751)
Summary | In | Importance | Status | |||
---|---|---|---|---|---|---|
1016909 | (CVE-2009-5031) <modsecurity-apache-2.6.6 : Multipart Quote Parsing Security Bypass Vulnerability (CVE-2009-5031 CVE-2012-2751) | modsecurity-apache (Ubuntu) | Undecided | Invalid | ||
1016909 | (CVE-2009-5031) <modsecurity-apache-2.6.6 : Multipart Quote Parsing Security Bypass Vulnerability (CVE-2009-5031 CVE-2012-2751) | modsecurity-apache (Debian) | Unknown | Fix Released | ||
1016909 | (CVE-2009-5031) <modsecurity-apache-2.6.6 : Multipart Quote Parsing Security Bypass Vulnerability (CVE-2009-5031 CVE-2012-2751) | libapache-mod-security (Ubuntu) | Undecided | Invalid | ||
1016909 | (CVE-2009-5031) <modsecurity-apache-2.6.6 : Multipart Quote Parsing Security Bypass Vulnerability (CVE-2009-5031 CVE-2012-2751) | libapache-mod-security (Debian) | Unknown | Fix Released |
Bug #1169030: CVE 2013-1915: local files disclosure or resource exhaustion via XML External Entity attack
See the
CVE page on Mitre.org
for more details.