WAF Rule Set Update Announcement
| Name | waf.sig | ||
| Version | 1.1.162 | ||
| StoneOS Version | 5.5R2-W-1.1 or above, BDS 5.5R8-3.4 or above | ||
| Release Date | 2023-3-16 | New Rules (4) |
Rule ID | Rule Name | Rule Details |
| 1070310177 | Jackson-databind 2.9.10.8 Deserialization Vulnerability | Click for Details | |
| 1070310178 | CVE-2016-3088: ActiveMQ Arbitrary File Write Vulnerability | Click for Details | |
| 1070310179 | Ruijie EasyGate Gateway Login Vulnerability | Click for Details | |
| 1021010005 | Detected XXE Injection Attack | Click for Details | Updated Rules (67) |
Rule ID | Description | Ruel Details |
| 1060300000 | Directory Traversal Attack(/../and other encoding forms) | Click for Details | |
| 1070010014 | CVE-2014-0050: Apache Commons FileUpload Denial of Service | Click for Details | |
| 1070010020 | CVE-2008-2938: WEB Apache HTTP Server UTF-8 Directory Traversal | Click for Details | |
| 1070010000 | CVE-2009-1535: Microsoft IIS WebDAV Unicode URI GET Request Authentication Bypass | Click for Details | |
| 1070010001 | CVE-2009-1535: Microsoft IIS WebDAV Unicode URI Request PUT Authentication Bypass | Click for Details | |
| 1070010002 | CVE-2010-2731: Microsoft IIS Directory Authentication Security Bypass | Click for Details | |
| 1070010003 | CVE-2009-4444: Microsoft IIS Crafted Extensions Security Bypass | Click for Details | |
| 1070010005 | CVE-2015-1635: Microsoft IIS HTTP.sys Remote Code Execution | Click for Details | |
| 1070010006 | CVE-2007-2897: Microsoft IIS DOS Device Name Abuse | Click for Details | |
| 1070010004 | CVE-2010-2263: NGINX Source Disclosure and Download Vulnerability | Click for Details | |
| 1070210000 | CVE-2013-0235: WordPress Multiple Security Vulnerabilities by XMLRPC API | Click for Details | |
| 1070210002 | CVE-2007-2481: WordPress wordTube and wp-Table Plugins Local or Remote File Inclusion(and CVE-2007-2482, CVE-2007-2483, CVE-2007-2484) | Click for Details | |
| 1070210006 | CVE-2009-3890: WordPress wp-includes/functions.php Unrestricted File Upload Vulnerability | Click for Details | |
| 1070210010 | CVE-2016-1209: WordPress Ninja Forms Plugin Arbitrary PHP Object Injection Vulnerability | Click for Details | |
| 1070210111 | CVE-2019-13505: WordPress Appointment Hour Booking Plugin XSS Vulnerability | Click for Details | |
| 1070210112 | CVE-2018-10969: WordPress Plugin Pie Register Blind SQL Injection Vulnerability. | Click for Details | |
| 1070210113 | CVE-2019-10692: WordPress Google Maps Plugin SQL Injection Vulnerability. | Click for Details | |
| 1070210117 | CVE-2018-15877: Wordpress Plainview Activity Monitor RCE Vulnerability. | Click for Details | |
| 1070210122 | CVE-2020-9371: Wordpress Plugin Appointment Booking Calendar Stored Cross Site Scripting Injection Vulnerability. | Click for Details | |
| 1070210051 | CVE-2017-14919: Node.js zlib windowBits Server Remote Denial of Service Vulnerability | Click for Details | ... |