WAF Rule Set Update Announcement

Name	waf.sig
Version	1.1.154
StoneOS Version	5.5R2-W-1.1 or above, BDS 5.5R8-3.4 or above
Release Date	2022-9-14
New Rules (5)	Rule ID	Rule Name	Rule Details
	1070210265	Ruoyi System Arbitrary File Access Vulnerability	Click for Details
	1070210266	Weaver OA V8 File Upload Vulnerability	Click for Details
	1070210267	CVE-2021-36749: Apache Druid Arbitrary File Access Vulnerability	Click for Details
	1070210268	CVE-2020-17519: Apache Flink Directory Traversal Vulnerability	Click for Details
	1060210144	Detect Google FeedFetcher Web Crawler	Click for Details
Updated Rules (195)	Rule ID	Description	Ruel Details
	1020200000	Server-Side Includes Injection Attack	Click for Details
	1020400003	Email Injection Attack	Click for Details
	1020500001	PHP Inclusion Command Sequence, such as 'mosConfig_absolute_path'	Click for Details
	1020500003	Remote File Inclusion Attack	Click for Details
	1020400010	Windows PowerShell Command.	Click for Details
	1020400011	Unix Shell Expression.	Click for Details
	1020400012	Windows FOR/IF Command.	Click for Details
	1020400014	Unix Shell Code.	Click for Details
	1020400015	Remote Command Execution: Shellshock-1.	Click for Details
	1020400016	Remote Command Execution: Shellshock-2.	Click for Details
	1020400017	Restricted File Upload Attempt.	Click for Details
	1020800019	HTTP request for Node.js Injection Attack	Click for Details
	1020100001	LDAP Injection Attack (by Alonso Parada)	Click for Details
	1020800000	PHP Open Tag	Click for Details
	1020800001	PHP Script File Upload	Click for Details
	1020800002	PHP Injection Attack: Configuration Directive	Click for Details
	1020800003	HTTP request for PHP Variables	Click for Details
	1020800004	HTTP request for I/O Stream	Click for Details
	1020800005	HTTP request for Wrapper Scheme	Click for Details
	1020800006	HTTP request for High-Risk PHP Function Name	Click for Details
	...