CVE-2012-2751

Name of the Vulnerable Software and Affected Versions ModSecurity versions prior to 2.6.6

Description The issue arises from improper handling of single quotes in the Content-Disposition field of a request with a multipart/form-data Content-Type header, allowing remote attackers to bypass filtering rules. This can lead to various attacks, including cross-site scripting (XSS) attacks.

Recommendations For versions prior to 2.6.6, update to version 2.6.6 or later to resolve the issue. As a temporary workaround, consider restricting access to the Content-Disposition field in requests with a multipart/form-data Content-Type header until a patch is available.