Django REST framework

Vulnerability Instance

Lookup for vulnerabilities affecting packages.

Vulnerability_idVCID-y2r9-myqj-yye3
SummaryModSecurity before 2.7.3 allows remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service (CPU and memory consumption) via an XML external entity declaration in conjunction with an entity reference, aka an XML External Entity (XXE) vulnerability.
Aliases
0
alias CVE-2013-1915
Fixed_packages
0
url pkg:deb/debian/modsecurity-apache@2.6.6-6?distro=trixie
purl pkg:deb/debian/modsecurity-apache@2.6.6-6?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/modsecurity-apache@2.6.6-6%3Fdistro=trixie
1
url pkg:deb/debian/modsecurity-apache@2.9.3-3%2Bdeb11u2?distro=trixie
purl pkg:deb/debian/modsecurity-apache@2.9.3-3%2Bdeb11u2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/modsecurity-apache@2.9.3-3%252Bdeb11u2%3Fdistro=trixie
2
url pkg:deb/debian/modsecurity-apache@2.9.7-1%2Bdeb12u2?distro=trixie
purl pkg:deb/debian/modsecurity-apache@2.9.7-1%2Bdeb12u2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/modsecurity-apache@2.9.7-1%252Bdeb12u2%3Fdistro=trixie
3
url pkg:deb/debian/modsecurity-apache@2.9.11-1%2Bdeb13u1?distro=trixie
purl pkg:deb/debian/modsecurity-apache@2.9.11-1%2Bdeb13u1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/modsecurity-apache@2.9.11-1%252Bdeb13u1%3Fdistro=trixie
4
url pkg:deb/debian/modsecurity-apache@2.9.12-2?distro=trixie
purl pkg:deb/debian/modsecurity-apache@2.9.12-2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/modsecurity-apache@2.9.12-2%3Fdistro=trixie
Affected_packages
References
0
reference_url http://lists.fedoraproject.org/pipermail/package-announce/2013-April/101898.html
reference_id
reference_type
scores
url http://lists.fedoraproject.org/pipermail/package-announce/2013-April/101898.html
1
reference_url http://lists.fedoraproject.org/pipermail/package-announce/2013-April/101911.html
reference_id
reference_type
scores
url http://lists.fedoraproject.org/pipermail/package-announce/2013-April/101911.html
2
reference_url http://lists.fedoraproject.org/pipermail/package-announce/2013-April/102616.html
reference_id
reference_type
scores
url http://lists.fedoraproject.org/pipermail/package-announce/2013-April/102616.html
3
reference_url http://lists.opensuse.org/opensuse-updates/2013-08/msg00020.html
reference_id
reference_type
scores
url http://lists.opensuse.org/opensuse-updates/2013-08/msg00020.html
4
reference_url http://lists.opensuse.org/opensuse-updates/2013-08/msg00025.html
reference_id
reference_type
scores
url http://lists.opensuse.org/opensuse-updates/2013-08/msg00025.html
5
reference_url http://lists.opensuse.org/opensuse-updates/2013-08/msg00031.html
reference_id
reference_type
scores
url http://lists.opensuse.org/opensuse-updates/2013-08/msg00031.html
6
reference_url https://api.first.org/data/v1/epss?cve=CVE-2013-1915
reference_id
reference_type
scores
0
value 0.04848
scoring_system epss
scoring_elements 0.89549
published_at 2026-04-21T12:55:00Z
1
value 0.04848
scoring_system epss
scoring_elements 0.89501
published_at 2026-04-01T12:55:00Z
2
value 0.04848
scoring_system epss
scoring_elements 0.89505
published_at 2026-04-02T12:55:00Z
3
value 0.04848
scoring_system epss
scoring_elements 0.89517
published_at 2026-04-07T12:55:00Z
4
value 0.04848
scoring_system epss
scoring_elements 0.89533
published_at 2026-04-08T12:55:00Z
5
value 0.04848
scoring_system epss
scoring_elements 0.89537
published_at 2026-04-09T12:55:00Z
6
value 0.04848
scoring_system epss
scoring_elements 0.89544
published_at 2026-04-11T12:55:00Z
7
value 0.04848
scoring_system epss
scoring_elements 0.89541
published_at 2026-04-12T12:55:00Z
8
value 0.04848
scoring_system epss
scoring_elements 0.89536
published_at 2026-04-13T12:55:00Z
9
value 0.04848
scoring_system epss
scoring_elements 0.8955
published_at 2026-04-16T12:55:00Z
10
value 0.04848
scoring_system epss
scoring_elements 0.89552
published_at 2026-04-18T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2013-1915
7
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=947842
reference_id
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=947842
8
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1915
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1915
9
reference_url http://secunia.com/advisories/52847
reference_id
reference_type
scores
url http://secunia.com/advisories/52847
10
reference_url http://secunia.com/advisories/52977
reference_id
reference_type
scores
url http://secunia.com/advisories/52977
11
reference_url https://github.com/SpiderLabs/ModSecurity/blob/master/CHANGES
reference_id
reference_type
scores
url https://github.com/SpiderLabs/ModSecurity/blob/master/CHANGES
12
reference_url https://github.com/SpiderLabs/ModSecurity/commit/d4d80b38aa85eccb26e3c61b04d16e8ca5de76fe
reference_id
reference_type
scores
url https://github.com/SpiderLabs/ModSecurity/commit/d4d80b38aa85eccb26e3c61b04d16e8ca5de76fe
13
reference_url http://www.debian.org/security/2013/dsa-2659
reference_id
reference_type
scores
url http://www.debian.org/security/2013/dsa-2659
14
reference_url http://www.mandriva.com/security/advisories?name=MDVSA-2013:156
reference_id
reference_type
scores
url http://www.mandriva.com/security/advisories?name=MDVSA-2013:156
15
reference_url http://www.openwall.com/lists/oss-security/2013/04/03/7
reference_id
reference_type
scores
url http://www.openwall.com/lists/oss-security/2013/04/03/7
16
reference_url http://www.securityfocus.com/bid/58810
reference_id
reference_type
scores
url http://www.securityfocus.com/bid/58810
17
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=704625
reference_id 704625
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=704625
18
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:trustwave:modsecurity:*:*:*:*:*:*:*:*
reference_id cpe:2.3:a:trustwave:modsecurity:*:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:trustwave:modsecurity:*:*:*:*:*:*:*:*
19
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:6.0:*:*:*:*:*:*:*
reference_id cpe:2.3:o:debian:debian_linux:6.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:6.0:*:*:*:*:*:*:*
20
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*
reference_id cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*
21
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:17:*:*:*:*:*:*:*
reference_id cpe:2.3:o:fedoraproject:fedora:17:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:17:*:*:*:*:*:*:*
22
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:18:*:*:*:*:*:*:*
reference_id cpe:2.3:o:fedoraproject:fedora:18:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:18:*:*:*:*:*:*:*
23
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:19:*:*:*:*:*:*:*
reference_id cpe:2.3:o:fedoraproject:fedora:19:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:19:*:*:*:*:*:*:*
24
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:opensuse:11.4:*:*:*:*:*:*:*
reference_id cpe:2.3:o:opensuse:opensuse:11.4:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:opensuse:11.4:*:*:*:*:*:*:*
25
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:opensuse:12.2:*:*:*:*:*:*:*
reference_id cpe:2.3:o:opensuse:opensuse:12.2:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:opensuse:12.2:*:*:*:*:*:*:*
26
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:opensuse:12.3:*:*:*:*:*:*:*
reference_id cpe:2.3:o:opensuse:opensuse:12.3:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:opensuse:12.3:*:*:*:*:*:*:*
27
reference_url https://nvd.nist.gov/vuln/detail/CVE-2013-1915
reference_id CVE-2013-1915
reference_type
scores
0
value 7.5
scoring_system cvssv2
scoring_elements AV:N/AC:L/Au:N/C:P/I:P/A:P
url https://nvd.nist.gov/vuln/detail/CVE-2013-1915
Weaknesses
0
cwe_id 611
name Improper Restriction of XML External Entity Reference
description The product processes an XML document that can contain XML entities with URIs that resolve to documents outside of the intended sphere of control, causing the product to embed incorrect documents into its output.
Exploits
Severity_range_score7.5 - 7.5
Exploitabilitynull
Weighted_severitynull
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/vulnerabilities/VCID-y2r9-myqj-yye3