Althouth that was disclosed within the month of PHP bug, that concerns another package. Upstream has not been contacted by the discoverer. Workaround from upstream: http://www.modsecurity.org/blog/archives/2007/03/modsecurity_asc.html Secunia: http://secunia.com/advisories/24373/ "The problem is that it is possible to bypass rules by adding NULL bytes to POST data with the application/x-www-form-urlencoded media type." No CVE yet AFAICT No upstream fix AFAICT
and ccing chtekk :)
*** This bug has been marked as a duplicate of bug 169778 ***