CVE-2013-1915 — Vulnetix

Try Vulnetix Request Demo

CVE-2013-1915 PUBLISHED CVSS 7.5 HIGH

ModSecurity before 2.7.3 allows remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service (CPU and memory consumption) via an XML external entity declaration in conjunction with an entity reference, aka an XML External Entity (XXE) vulnerability.

EPSS 4.85% · 89.5th percentile

Risk Scores

CVSS v2.0

7.5

EPSS Score

4.85%

89.5th percentile

Affected Products

Vendor	Product	Versions
trustwave	modsecurity	0
opensuse	opensuse	11.4, 12.2, 12.3
debian	debian_linux	6.0, 7.0
n/a	n/a	n/a
fedoraproject	fedora	19, 18, 17

Timeline

Apr 25, 2013 CVE Published
Feb 4, 2022 EPSS Score
Mar 28, 2022 EPSS Score
May 19, 2022 EPSS Score
Jul 10, 2022 EPSS Score
Oct 23, 2022 EPSS Score
Dec 14, 2022 EPSS Score
Feb 4, 2023 EPSS Score
Mar 7, 2023 EPSS Score
Mar 28, 2023 EPSS Score
May 19, 2023 EPSS Score
Jul 10, 2023 EPSS Score

References

openSUSE-SU-2013:1342 vendor-advisory
https://github.com/SpiderLabs/ModSecurity/commit/d4d80b38aa85eccb26e3c61b04d16e8ca5de76fe url
openSUSE-SU-2013:1331 vendor-advisory
[oss-security] 20130403 Re: CVE Request -- ModSecurity (X < 2.7.3): Vulnerable to XXE attacks mailing-list
58810 vdb
FEDORA-2013-4831 vendor-advisory
MDVSA-2013:156 vendor-advisory
https://bugzilla.redhat.com/show_bug.cgi?id=947842 url
FEDORA-2013-4834 vendor-advisory
https://github.com/SpiderLabs/ModSecurity/blob/master/CHANGES url
FEDORA-2013-4908 vendor-advisory
52977 third-party-advisory
52847 third-party-advisory
DSA-2659 vendor-advisory
openSUSE-SU-2013:1336 vendor-advisory
https://nvd.nist.gov/vuln/detail/CVE-2013-1915 advisory

Open in Interactive Console →