Vulnerability in RealSentry and ModSecurity

During an application audit carried out by Objectif Sécurité we have discovered a vulnerability in RealSentry and ModSecurity for Apache. These are application level firewalls which are used to prevent attacks like cross site scripting or SQL injection using signatures of these attacks. An error in those signatures makes it possible to evade the detection of SQL injections leaving the application vulnerable to these attacks. The vendors/developers of both tools have been informed.