7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.009 Low
EPSS
Percentile
82.6%
ModSecurity before 2.7.3 allows remote attackers to read arbitrary files,
send HTTP requests to intranet servers, or cause a denial of service (CPU
and memory consumption) via an XML external entity declaration in
conjunction with an entity reference, aka an XML External Entity (XXE)
vulnerability.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 10.04 | noarch | libapache-mod-security | <Â 2.5.11-1ubuntu0.1 | UNKNOWN |
ubuntu | 11.10 | noarch | libapache-mod-security | <Â 2.5.12-1+squeeze2build0.11.10.1 | UNKNOWN |
ubuntu | 13.04 | noarch | modsecurity-apache | <Â 2.6.6-6 | UNKNOWN |
ubuntu | 13.10 | noarch | modsecurity-apache | <Â 2.6.6-6 | UNKNOWN |
ubuntu | 14.04 | noarch | modsecurity-apache | <Â 2.6.6-6 | UNKNOWN |
ubuntu | 14.10 | noarch | modsecurity-apache | <Â 2.6.6-6 | UNKNOWN |
ubuntu | 15.04 | noarch | modsecurity-apache | <Â 2.6.6-6 | UNKNOWN |
ubuntu | 15.10 | noarch | modsecurity-apache | <Â 2.6.6-6 | UNKNOWN |
ubuntu | 16.04 | noarch | modsecurity-apache | <Â 2.6.6-6 | UNKNOWN |
ubuntu | 16.10 | noarch | modsecurity-apache | <Â 2.6.6-6 | UNKNOWN |