ModSecurity prior to 2.7.3 allows remote malicious users to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service (CPU and memory consumption) via an XML external entity declaration in conjunction with an entity reference, aka an XML External Entity (XXE) vulnerability.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
trustwave modsecurity |
||
opensuse opensuse 11.4 |
||
opensuse opensuse 12.2 |
||
opensuse opensuse 12.3 |
||
fedoraproject fedora 17 |
||
fedoraproject fedora 18 |
||
fedoraproject fedora 19 |
||
debian debian linux 6.0 |
||
debian debian linux 7.0 |