CVE-2013-1915

Name of the Vulnerable Software and Affected Versions ModSecurity versions prior to 2.7.3

Description The issue allows remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service (CPU and memory consumption) via an XML external entity declaration in conjunction with an entity reference, also known as an XML External Entity (XXE) vulnerability.

Recommendations For versions prior to 2.7.3, update to version 2.7.3 or later to resolve the issue. As a temporary workaround, consider disabling XML external entity declarations until a patch is available. Restrict access to sensitive files and intranet servers to minimize the risk of exploitation.