Lucene search
RootSSV:60777HistoryApr 28, 2013 - 12:00 a.m.
ModSecurity XML外部实体信息泄露漏洞(CVE-2013-1915)
2013-04-2800:00:00
Root
www.seebug.org
11
0.009 Low
EPSS
Percentile
80.8%
Bugtraq ID:58810
CVE ID:CVE-2013-1915
ModSecurity是一个入侵侦测与防护引擎,它主要是用于Web应用程序,所以也被称为Web应用程序防火墙
ModSecurity存在安全漏洞,允许远程攻击者通过XML外部实体声明结合实体引用,可读取任意文件,发送HTTP请求到内网服务器或进行拒绝服务攻击
0
ModSecurity < 2.7.3
厂商解决方案
ModSecurity 2.7.3已经修复此漏洞,建议用户下载更新:
http://www.modsecurity.org/
Related
openvas
openvas
Debian Security Advisory DSA 2659-1 (libapache-mod-security - XML external entity processing vulnerability)
2013-04-09 00:00:00
Fedora Update for mod_security FEDORA-2013-4831
2013-04-15 00:00:00
Fedora Update for mod_security FEDORA-2013-4831
2013-04-15 00:00:00
securityvulns
securityvulns
[SECURITY] [DSA 2659-1] libapache-mod-security security update
2013-04-15 00:00:00
Apache mod_security security vulnerabilities
2013-04-15 00:00:00
nessus
nessus
Mandriva Linux Security Advisory : apache-mod_security (MDVSA-2013:156)
2013-04-30 00:00:00
ModSecurity < 2.7.3 XML External Entity (XXE) Data Parsing Arbitrary File Disclosure
2013-07-02 00:00:00
Fedora 17 : mod_security-2.7.3-1.fc17 (2013-4834)
2013-04-14 00:00:00
freebsd
freebsd
ModSecurity -- XML External Entity Processing Vulnerability
2013-04-02 00:00:00
fedora
fedora
[SECURITY] Fedora 19 Update: mod_security-2.7.3-1.fc19
2013-04-20 19:30:49
[SECURITY] Fedora 18 Update: mod_security-2.7.3-1.fc18
2013-04-14 00:29:50
[SECURITY] Fedora 17 Update: mod_security-2.7.3-1.fc17
2013-04-14 00:26:53
cve
cve
CVE-2013-1915
2013-04-25 23:55:00
debian
debian
[SECURITY] [DSA 2659-1] libapache-mod-security security update
2013-04-10 18:11:40
cvelist
cvelist
CVE-2013-1915
2013-04-25 23:00:00
osv
osv
libapache-mod-security - XML external entity processing vulnerability
2013-04-09 00:00:00
prion
prion
Xxe
2013-04-25 23:55:00
ubuntucve
ubuntucve
CVE-2013-1915
2013-04-25 00:00:00
debiancve
debiancve
CVE-2013-1915
2013-04-25 23:55:00