A vulnerability has been discovered and corrected in apache-mod_security: ModSecurity <= 2.6.8 is vulnerable to multipart/invalid part ruleset bypass, this was fixed in 2.7.0 . The updated packages have been patched to correct this issue.