VYPR
Unrated severityNVD Advisory· Published Apr 25, 2013· Updated Jun 16, 2026

CVE-2013-1915

CVE-2013-1915

Description

ModSecurity before 2.7.3 allows remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service (CPU and memory consumption) via an XML external entity declaration in conjunction with an entity reference, aka an XML External Entity (XXE) vulnerability.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

11
  • cpe:2.3:a:trustwave:modsecurity:*:*:*:*:*:*:*:*
    Range: <2.7.3
  • Debian/linux2 versions
    cpe:2.3:o:debian:debian_linux:6.0:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:o:debian:debian_linux:6.0:*:*:*:*:*:*:*
    • cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*
  • cpe:2.3:o:fedoraproject:fedora:17:*:*:*:*:*:*:*+ 2 more
    • cpe:2.3:o:fedoraproject:fedora:17:*:*:*:*:*:*:*
    • cpe:2.3:o:fedoraproject:fedora:18:*:*:*:*:*:*:*
    • cpe:2.3:o:fedoraproject:fedora:19:*:*:*:*:*:*:*
  • OpenSUSE/openSUSE3 versions
    cpe:2.3:o:opensuse:opensuse:11.4:*:*:*:*:*:*:*+ 2 more
    • cpe:2.3:o:opensuse:opensuse:11.4:*:*:*:*:*:*:*
    • cpe:2.3:o:opensuse:opensuse:12.2:*:*:*:*:*:*:*
    • cpe:2.3:o:opensuse:opensuse:12.3:*:*:*:*:*:*:*
  • Range: <2.7.3

Patches

Vulnerability mechanics

References

15

News mentions

0

No linked articles in our index yet.