CVE-2012-4528

Name of the Vulnerable Software and Affected Versions mod security2 versions prior to 2.7.0

Description The issue allows remote attackers to bypass rules and deliver arbitrary POST data to a PHP application via a multipart request where an invalid part precedes the crafted data. This can be achieved by sending a specially crafted request.

Recommendations For versions prior to 2.7.0, update to version 2.7.0 or later to resolve the issue. As a temporary workaround, consider restricting access to the mod security2 module until a patch is available.