Mandriva Linux Security Advisory : apache-mod_security (MDVSA-2013:156)
High Nessus Plugin ID 66266
SynopsisThe remote Mandriva Linux host is missing one or more security updates.
DescriptionA vulnerability has been found and corrected in apache-mod_security :
ModSecurity before 2.7.3 allows remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service (CPU and memory consumption) via an XML external entity declaration in conjunction with an entity reference, aka an XML External Entity (XXE) vulnerability (CVE-2013-1915).
The updated packages have been patched to correct this issue.
SolutionUpdate the affected apache-mod_security and / or mlogc packages.