ModSecurity < 2.1.1 POST Data Null Byte Filter Bypass
Medium Nessus Network Monitor Plugin ID 6988
SynopsisThe remote web application firewall may be affected by a denial of service vulnerability
DescriptionAccording to its banner, the version of ModSecurity installed on the remote host is earlier than 2.1.1. It is, therefore, potentially affected by a security bypass vulnerability. An error exists related to HTTP POST requests and 'application/x-www-form-urlencoded' content containing un-encoded NULL bytes that could allow a remote attacker to bypass certain filters and carry out attacks.
SolutionUpgrade to ModSecurity version 2.1.1 or later.