Summary: | <www-apache/mod_security-2.7.3 : XML External Entity Processing Vulnerability (CVE-2013-1915) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Agostino Sarubbo <ago> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | minor | CC: | flameeyes |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://secunia.com/advisories/52847/ | ||
Whiteboard: | B3 [noglsa] | ||
Package list: | Runtime testing required: | --- |
Description
Agostino Sarubbo
2013-04-02 12:15:58 UTC
Go for it, 2.7.3 is in tree and should be fine to go stable. Arches, please test and mark stable: =www-apache/mod_security-2.7.3 Target keywords : "amd64 ppc sparc x86 amd64 stable ppc stable x86 stable sparc stable CVE-2013-1915 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1915): ModSecurity before 2.7.3 allows remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service (CPU and memory consumption) via an XML external entity declaration in conjunction with an entity reference, aka an XML External Entity (XXE) vulnerability. GLSA vote: no. GLSA vote: no. Closing as [noglsa] |