ModSecurity (mod_security) contains a flaw that is triggered during the parsing of multipart requests. By sending a crafted POST request that manipulates the Content-Disposition header and extra lines (e.g. carriage return [\r\r\n]), a remote attacker may bypass certain security filters and execute web-based attacks.
Remote / Network Access
Loss of Integrity
Upgrade to version 2.70 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.