Imunify360 Blog

WAF Rules v.3.29 Released

Written by Alexandre Parubochyi | Aug 26, 2020 6:04:35 AM

 

We are pleased to announce that new updated WAF rulesets versions 3.23 to 3.29 have been released to production.

Imunify360 WAF v3.29 (Aug 25)

  • Updated rule id: 33341 - IM360 WAF: Block file upload for Infectors
  • Added rule id: 77316719,77316720,77316721,77316718 - IM360 WAF: Block spam in Joomla
  • Deleted rule id: 77225180,77225181 - IM360 WAF: Tracking possible DoS attempt in WordPress before 4.7.3 (CVE-2017-6819)
  • Updated rule id: 77140824 - IM360 WAF: ThinkPHP 5.X RCE
  • Updated rule id: 77141051 - IM360 WAF: WordPress WPvivid Backup < 0.9.36 CSRF attempt
  • Updated rule id: 77141052 - IM360 WAF: WordPress WPvivid Backup < 0.9.36 Auth Bypass
  • Updated rule id: 77142112,77142170,77142171 - IM360 WAF: Combined Attack on Elementor Pro and Ultimate Addons
  • Updated rule id: 77142176 - IM360 WAF: SQLi in Smart Google Code Inserter before 3.5 plugin for WordPress (CVE-2018-3810)
  • Updated rule id: 77211160 - IM360 WAF: Session Fixation Attack
  • Updated rule id: 77211170 - IM360 WAF: Session Fixation: SessionID Parameter Name with Off-Domain Referer
  • Updated rule id: 77211190 - IM360 WAF: Remote File Access Attempt
  • Updated rule id: 77211200 - IM360 WAF: System Command Access
  • Updated rule id: 77211210 - IM360 WAF: System Command Injection Attempt
  • Updated rule id: 77211230 - IM360 WAF: PHP Injection Attack

Imunify360 WAF v3.28 (Aug 20)

  • Added rule id: 33370 - IM360 WAF: IP address is listed in blocklist bl_ips
  • Added rule id: 77142256 - IM360 WAF: Block nulled themes pingbacks
  • Added rule id: 77142257 - IM360 WAF: Zeroshell RCE
  • Updated rule id: 77141095 - Block spam in PrestaShop
  • Updated rule id: 77142192 - Track spam in PrestaShop
  • Updated rule id: 77142247 - IM360 WAF: WordPress WP Custom Pages 0.5.0.1 LFI
  • Updated rule id: 77142248 - IM360 WAF: WordPress Mac Photo Gallery plugin arbitrary file disclosure vulnerability

Imunify360 WAF v3.27 (Aug 15)

  • Added rule id: 77142253 - IM360 WAF: WordPress plugin Quiz and Survey Master - Unauthenticated Arbitrary File Upload leading to Remote Code Execution
  • Added rule id: 77142254 - IM360 WAF: WordPress plugin Quiz and Survey Master - Unauthenticated Arbitrary File Deletion
  • Added rule id: 77142255 - IM360 WAF: WordPress plugin wpStoreCart - Unauthenticated Arbitrary File Upload leading to Remote Code Execution

Imunify360 WAF v3.26 (Aug 13)

  • Added rule id: 77142252 - IM360 WAF: vBulletin RCE bypass (CVE-2019-16759)
  • Updated rule id: 77210350 - IM360 WAF: Multiple/Conflicting Connection Header Data Found

Imunify360 WAF v3.25 (Aug 12)

  • Added rule id: 77142250,77142251 - IM360 WAF: PrestaShop Responsive Mega Menu module < 1.7.2.5 arbitrary code execution (CVE-2018-8823)
  • Added rule id: 77142249 - IM360 WAF: WordPress MiwoFTP Plugin 1.0.5 Arbitrary File Download
  • Added rule id: 77142247 - IM360 WAF: WordPress WP Custom Pages 0.5.0.1 LFI
  • Added rule id: 77142248 - IM360 WAF: WordPress Mac Photo Gallery plugin arbitrary file disclosure vulnerability

Imunify360 WAF v3.24 (Aug 7)

  • Added rule id: 33366 - IM360 WAF: Local WP unsuccessful login attempt
  • Added rule id: 33367 - IM360 WAF: Local WP brute force
  • Added rule id: 77142241 - IM360 WAF: WordPress plugin wpDiscuz - Unauthenticated Arbitrary File Upload leading to Remote Code Execution
  • Added rule id: 77142242 - IM360 WAF: PHP < 5.3.12 / < 5.4.2 - CGI Argument Injection
  • Added rule id: 77142243 - IM360 WAF: Stored XSS Vulnerability in Coming Soon Page, Under Construction & Maintenance Mode by SeedProd Plugin (CVE-2020-15038)
  • Added rule id: 77142244 - IM360 WAF: Malware interaction detected (SMW-INJ-15429)
  • Added rule id: 77142245 - IM360 WAF: RCE on SEOmatic < 3.3.0 (CVE-2020-9757)
  • Added rule id: 77142246 - IM360 WAF: WordPress Divi Theme - Unauthenticated Arbitrary File Upload leading to Remote Code Execution
  • Updated rule id: 77140774 - IM360 WAF: Unauthenticated Open Redirect vulnerability in Newsletter Manager plugin for WordPress
  • Updated rule id: 77141095 - IM360 WAF: Block spam in PrestaShop
  • Updated rule id: 77142192 - IM360 WAF: Track spam in PrestaShop
  • Updated rule id: 77142214,77142215 - IM360 WAF: SQLi in JM Car Classifieds CarAgent Templates Joomla Plugin

Imunify360 WAF v3.23 (Jul 31)

  • Added rule id: 77142222-77142227 - IM360 WAF: letsmakeparty3 campaign - malware redirection
  • Added rule id: 77142230-77142235 - IM360 WAF: letsmakeparty3 campaign - malware redirection (fs_set_db_option)
  • Added rule id: 77142228 - IM360 WAF: WordPress plugin TC Custom JavaScript - Unauthenticated Stored Cross-Site Scripting (CVE-2020-14063) - direct exploitation variation
  • Added rule id: 77142229 - IM360 WAF: WordPress plugin TC Custom JavaScript - Unauthenticated Stored Cross-Site Scripting (CVE-2020-14063) - CSRF variation
  • Added rule id: 77142238-77142240 - IM360 WAF: Spam prevention via contact form
  • Deleted rule id: 77142211 - Shell Upload in Joomla 3.x
  • Updated rule id: 77140166 - IM360 WAF: Blocking directory traversal attempt
  • Updated rule id: 77140992 - Suspicious access attempt (WP folders)!
  • Updated rule id: 77142102,77142167 - IM360 WAF: Block URI containing malicious URLs
  • Updated rule id: 77142220 - Unauthenticated SQL Injection in Payment Form For Paypal Pro < 1.1.65
  • Updated rule id: 77225180,77225181 - IM360 WAF: Tracking possible DoS attempt in WordPress before 4.7.3 (CVE-2017-6819)
  • Updated rule id: 77225230 - IM360 WAF: Track same forbidden symbols to Ignore signature for WordPress
  • Updated rule id: 77225250 - IM360 WAF: Track unauthenticated request in WordPress
  • Updated rule id: 77226651 - IM360 WAF: CSRF vulnerability in the All In One WP Security & Firewall plugin before 3.9.0 for WordPress (CVE-2015-0895)
  • Updated rule id: 77231151 - IM360 WAF: XSS vulnerability in the EntityBulkDelete module 7.x-1.0 for Drupal (CVE-2015-4386)
  • Updated rule id: 77240022 - IM360 WAF: Protecting WordPress Creative Contact Form Files folder