ModSecurity XML External Entity Information Disclosure Vulnerability

ModSecurity is prone to an information-disclosure vulnerability.

An attacker can exploit this issue to gain access to sensitive information; this may lead to further attacks. The attacker may also exploit this issue to cause excessive memory and CPU consumption resulting in denial-of-service conditions.

ModSecurity 2.7.2 is vulnerable; other versions may also be affected.


Privacy Statement
Copyright 2010, SecurityFocus