ModSecurity < 2.7.3 XML External Entity (XXE) Data Parsing Arbitrary File Disclosure
High Nessus Network Monitor Plugin ID 6991
The remote web application firewall may be affected by a denial of service vulnerability
According to its banner, the version of ModSecurity installed on the remote host is earlier than 2.7.3. It is, therefore, potentially affected by a file disclosure vulnerability. An improperly configured XML parser could allow untrusted XML entities from external sources to be accepted, thus leading to possible arbitrary file disclosure.