WAF Rule Set Update Announcement

Name	waf.sig
Version	1.2.58
StoneOS Version	5.5R2-W-1.1 or above, BDS 5.5R8-3.4 or above
Release Date	2026-6-15
New Rules (20)	Rule ID	Rule Name	Rule Details
	1030010027	Detect XSS Injection with '<script>' Tag	Click for Details
	1060110037	WSDL Service Definition Scanner Detection	Click for Details
	1060110038	Website Backup File scanning Detection	Click for Details
	1090410107	JAVA Servlet Type MemoryShell Detection	Click for Details
	1090410108	JAVA Valve Type MemoryShell Detection	Click for Details
	1090410109	JAVA Filter Type MemoryShell Detection	Click for Details
	1040210003	OpenAPI Specification File Exposure	Click for Details
	1040210004	GraphQL/GraphiQL Schema File Exposure	Click for Details
	1040210005	WADL Application Definition File Exposure	Click for Details
	1040210006	Swagger UI/API Documentation Exposure	Click for Details
	1040210007	Spring Boot Actuator Sensitive Endpoint Exposure	Click for Details
	1070310280	CVE-2019-11248:Kubernetes Information Disclosure Vulnerability	Click for Details
	1070310281	Nsfocus VMWAF Password Reset Vulnerability	Click for Details
	1070310282	CVE-2026-5281:Google Use After Free Vulnerability	Click for Details
	1070310283	CVE-2026-21643:Fortinet FortiClientEMS SQL Injection Vulnerability	Click for Details
	1021010008	Detected XXE Injection Attack	Click for Details
	1021010009	Detected XXE Injection Attack With UTF-7 Encoding	Click for Details
	1020410040	Command Injection Deformed Attack	Click for Details
	1020410041	Command Injection Detection - Environment Variable Bypass	Click for Details
	1020810060	PHP Code Injection Attack	Click for Details