FreeBSD : ModSecurity -- XML External Entity Processing Vulnerability (2070c79a-8e1e-11e2-b34d-000c2957946c)

This script is Copyright (C) 2013-2015 Tenable Network Security, Inc.


Synopsis :

The remote FreeBSD host is missing a security-related update.

Description :

Positive Technologies has reported a vulnerability in ModSecurity,
which can be exploited by malicious people to disclose potentially
sensitive information or cause a DoS (Denial Of Serice).

The vulnerability is caused due to an error when parsing external XML
entities and can be exploited to e.g. disclose local files or cause
excessive memory and CPU consumption.

.

See also :

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-1915
https://bugs.gentoo.org/show_bug.cgi?id=464188
http://www.nessus.org/u?5262771b

Solution :

Update the affected package.

Risk factor :

High / CVSS Base Score : 7.5
(CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)

Family: FreeBSD Local Security Checks

Nessus Plugin ID: 65989 ()

Bugtraq ID:

CVE ID: CVE-2013-1915

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now