WAF Rule Set Update Announcement

Name	waf.sig
Version	1.1.160
StoneOS Version	5.5R2-W-1.1 or above, BDS 5.5R8-3.4 or above
Release Date	2023-1-5
New Rules (1)	Rule ID	Rule Name	Rule Details
New Rules (1)	1070310175	CVE-2022-41966: XStream Denial of Service Vulnerability	Click for Details
Updated Rules (83)	Rule ID	Description	Ruel Details
	1030000003	Detect XSS Injection with JavaScript Function 'getparentfolder'	Click for Details
	1030000004	Detect XSS Injection with HTML Event 'onmousedown'	Click for Details
	1030000005	Detect XSS Injection via 'src' Attribute with 'shell:' Protocol	Click for Details
	1030000007	Detect XSS Injection with HTML Event 'onabort'	Click for Details
	1030000008	Detect XSS Injection with lowsrc=http	Click for Details
	1030000009	Detect XSS Injection with HTML Event 'onmouseup'	Click for Details
	1030000010	Detect XSS Injection via 'style=expression'	Click for Details
	1030000011	Detect XSS Injection via 'href' Attribute with 'shell:' Protocol	Click for Details
	1030000012	Detect XSS Injection with JavaScript Function 'createTextRange'	Click for Details
	1030000013	Detect XSS Injection with HTML Event 'ondragdrop'	Click for Details
	1030000014	Detect XSS Injection with JavaScript Function 'copyparentfolder'	Click for Details
	1030000015	Detect XSS Injection with HTML Event 'onunload'	Click for Details
	1030000016	Detect XSS Injection with JavaScript Function 'execscript'	Click for Details
	1030000017	Detect XSS Injection with JavaScript Function 'getspecialfolder'	Click for Details
	1030000018	Detect XSS Injection with '<body onload'	Click for Details
	1030000019	Detect XSS Injection with 'url=vbscript:'	Click for Details
	1030000020	Detect XSS Injection with HTML Event 'onkeydown'	Click for Details
	1030000021	Detect XSS Injection with HTML Event 'onmousemove'	Click for Details
	1030000022	Detect XSS Injection with 'livescript:'	Click for Details
	1030000023	Detect XSS Injection with HTML Event 'onblur'	Click for Details
	...