cbcvebase.
CVE-2013-1915
published 2013-04-25

CVE-2013-1915: ModSecurity before 2.7.3 allows remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service (CPU and memory…

PriorityP340high7.5CVSS 2.0
AVNACLAuNCPIPAP
EPSS
4.21%
89.7th percentile
ModSecurity before 2.7.3 allows remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service (CPU and memory consumption) via an XML external entity declaration in conjunction with an entity reference, aka an XML External Entity (XXE) vulnerability.

Affected

10 ranges
VendorProductVersion rangeFixed in
debiandebian_linux
debiandebian_linux
debianmodsecurity-apache< modsecurity-apache 2.6.6-6 (bookworm)modsecurity-apache 2.6.6-6 (bookworm)
fedoraprojectfedora
fedoraprojectfedora
fedoraprojectfedora
opensuseopensuse
opensuseopensuse
opensuseopensuse
trustwavemodsecurity< 2.7.32.7.3

CVSS provenance

nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
osv7.5HIGH
vendor_debian7.5HIGH
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.