PROBLEM:
ModSecurity Multipart Message Parsing Security Bypass Vulnerability
PLATFORM:
Modsecurity Versions prior to 2.70
ABSTRACT:
SEC Consult has reported a vulnerability in ModSecurity, which can be exploited by malicious people to bypass certain security restrictions
REFERENCE LINKS:
SEC Consult
Secunia Advisory SA49853
IMPACT ASSESSMENT:
Medium
DISCUSSION:
The vulnerability is caused due to an error when parsing multipart requests and can be exploited to bypass certain filtering rules.
IMPACT:
Remote Security Bypass
SOLUTION:
Update to version 2.70.