Mod_Security ASCIIZ Byte POST Bypass Vulnerability

Mod_Security ASCIIZ Byte POST Bypass Vulnerability

Mod_Security is prone to a POST-parsing-bypass vulnerability. Successful attacks could allow an attacker to bypass mod_security restrictions and successfully submit malicious input to mod_security-protected sites.

The issue derives from a difference in the way the mod_security HTTP request parser and protected backend web-scripting languages process incoming data following ASCIIZ bytes.

This issue is reported to affect all iterations of mod_security below 2.1.0.