VDB
CVE-2013-1915
CVE-2013-1915
PUBLISHED
CVSS 7.5 HIGH
ModSecurity before 2.7.3 allows remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service (CPU and memory consumption) via an XML external entity declaration in conjunction with an entity reference, aka an XML External Entity (XXE) vulnerability.
EPSS 4.85% · 89.7th percentile
Risk Scores
CVSS 2.0
7.5
EPSS Score
4.85%
89.7th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| trustwave | modsecurity | 0 |
| opensuse | opensuse | 12.3, 11.4, 12.2 |
| debian | debian_linux | 7.0, 6.0 |
| n/a | n/a | n/a |
| fedoraproject | fedora | 19, 17, 18 |
Exploit Intelligence
- MDVSA-2013:156 (circl)
- FEDORA-2013-4908 (circl)
- https://github.com/SpiderLabs/ModSecurity/commit/d4d80b38aa85eccb26e3c61b04d16e8ca5de76fe (circl)
- openSUSE-SU-2013:1331 (circl)
- 58810 (circl)
- FEDORA-2013-4831 (circl)
- openSUSE-SU-2013:1342 (circl)
- FEDORA-2013-4834 (circl)
- openSUSE-SU-2013:1336 (circl)
- https://github.com/SpiderLabs/ModSecurity/blob/master/CHANGES (circl)
…and 5 more exploits
Timeline
- Apr 25, 2013 CVE Published
- Feb 4, 2022 EPSS Score
- Mar 29, 2022 EPSS Score
- May 20, 2022 EPSS Score
- Jul 12, 2022 EPSS Score
- Oct 26, 2022 EPSS Score
- Dec 18, 2022 EPSS Score
- Feb 8, 2023 EPSS Score
- Mar 7, 2023 EPSS Score
- Apr 2, 2023 EPSS Score
- May 25, 2023 EPSS Score
- Jul 16, 2023 EPSS Score
References
- openSUSE-SU-2013:1342 vendor-advisory
- https://github.com/SpiderLabs/ModSecurity/commit/d4d80b38aa85eccb26e3c61b04d16e8ca5de76fe url
- openSUSE-SU-2013:1331 vendor-advisory
- [oss-security] 20130403 Re: CVE Request -- ModSecurity (X < 2.7.3): Vulnerable to XXE attacks mailing-list
- 58810 vdb
- FEDORA-2013-4831 vendor-advisory
- MDVSA-2013:156 vendor-advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=947842 url
- FEDORA-2013-4834 vendor-advisory
- https://github.com/SpiderLabs/ModSecurity/blob/master/CHANGES url
- FEDORA-2013-4908 vendor-advisory
- 52977 third-party-advisory
- 52847 third-party-advisory
- DSA-2659 vendor-advisory
- openSUSE-SU-2013:1336 vendor-advisory
- https://nvd.nist.gov/vuln/detail/CVE-2013-1915 advisory