CVE-2013-1915
libapache-mod-security - XML external entity processing vulnerability
EPSS 4.8%
Description
ModSecurity before 2.7.3 allows remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service (CPU and memory consumption) via an XML external entity declaration in conjunction with an entity reference, aka an XML External Entity (XXE) vulnerability.
How to fix CVE-2013-1915
To remediate CVE-2013-1915, upgrade the affected package to a fixed version below.
- Debian/libapache-mod-security—upgrade to 2.5.12-1+squeeze2 or later
- Debian/modsecurity-apache—upgrade to 2.6.6-6 or later
Is CVE-2013-1915 being exploited?
Low — EPSS is 4.8%, meaning exploitation activity has not been observed at scale.
Affected packages (2)
- from 0, < 2.5.12-1+squeeze2
- from 0, < 2.6.6-6