Candidate: CVE-2013-1915
PublicDate: 2013-04-25 23:55:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1915
 https://github.com/SpiderLabs/ModSecurity/commit/d4d80b38aa85eccb26e3c61b04d16e8ca5de76fe
 http://marc.info/?l=oss-security&m=136499182131283&w=2
Description:
 ModSecurity before 2.7.3 allows remote attackers to read arbitrary files,
 send HTTP requests to intranet servers, or cause a denial of service (CPU
 and memory consumption) via an XML external entity declaration in
 conjunction with an entity reference, aka an XML External Entity (XXE)
 vulnerability.
Ubuntu-Description:
Notes:
Bugs:
 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=704625
 https://bugs.launchpad.net/ubuntu/+source/modsecurity-apache/+bug/1169030
Priority: medium
Discovered-by:
Assigned-to:
CVSS: 

Patches_modsecurity-apache:
upstream_modsecurity-apache: released (2.7.3)
hardy_modsecurity-apache: DNE
lucid_modsecurity-apache: DNE
oneiric_modsecurity-apache: ignored (reached end-of-life)
precise_modsecurity-apache: ignored (reached end-of-life)
precise/esm_modsecurity-apache: DNE (precise was needed)
quantal_modsecurity-apache: ignored (reached end-of-life)
raring_modsecurity-apache: released (2.6.6-6)
saucy_modsecurity-apache: released (2.6.6-6)
trusty_modsecurity-apache: released (2.6.6-6)
trusty/esm_modsecurity-apache: released (2.6.6-6)
utopic_modsecurity-apache: released (2.6.6-6)
vivid_modsecurity-apache: released (2.6.6-6)
vivid/stable-phone-overlay_modsecurity-apache: DNE
vivid/ubuntu-core_modsecurity-apache: DNE
wily_modsecurity-apache: released (2.6.6-6)
xenial_modsecurity-apache: released (2.6.6-6)
yakkety_modsecurity-apache: released (2.6.6-6)
zesty_modsecurity-apache: released (2.6.6-6)
devel_modsecurity-apache: released (2.6.6-6)

Patches_libapache-mod-security:
upstream_libapache-mod-security: released (2.7.3)
hardy_libapache-mod-security: DNE
lucid_libapache-mod-security: released (2.5.11-1ubuntu0.1)
oneiric_libapache-mod-security: released (2.5.12-1+squeeze2build0.11.10.1)
precise_libapache-mod-security: DNE
precise/esm_libapache-mod-security: DNE
quantal_libapache-mod-security: DNE
raring_libapache-mod-security: DNE
saucy_libapache-mod-security: DNE
trusty_libapache-mod-security: DNE
trusty/esm_libapache-mod-security: DNE
utopic_libapache-mod-security: DNE
vivid_libapache-mod-security: DNE
vivid/stable-phone-overlay_libapache-mod-security: DNE
vivid/ubuntu-core_libapache-mod-security: DNE
wily_libapache-mod-security: DNE
xenial_libapache-mod-security: DNE
yakkety_libapache-mod-security: DNE
zesty_libapache-mod-security: DNE
devel_libapache-mod-security: DNE