Imunify360 Blog

WAF Rules v.3.45 Released

Written by Alexandre Parubochyi | Nov 12, 2020 10:35:18 AM

 

We are pleased to announce that a new updated WAF ruleset version 3.45 has been released to production.

Changelog

  • Added rule id: 77316749 - IM360 WAF: Magento Webforms Arbitrary File Upload
  • Added rule id: 77316750 - IM360 WAF: Yeager CMS Arbitrary File Upload (CVE-2015-7571)
  • Added rule id: 77316751 - IM360 WAF: Vulnerable TimThumb script requested
  • Added rule id: 77316752 - IM360 WAF: Unauthenticated Privilege Escalation Vulnerability in WordPress Ultimate Member < 2.1.12
  • Updated rule id: 77140163 - IM360 WAF: PHP Injection Attack: Low-Value PHP Function Call Found
  • Updated rule id: 77140164 - IM360 WAF: Infectors: PHP Injection Low value
  • Updated rule id: 77134463 - IM360 WAF: PHP Injection Attack: High-Risk PHP Function Call Found
  • Updated rule id: 77134464 - IM360 WAF: Infectors: PHP Injection High-Risk PHP Function
  • Updated rule id: 77140916 - WordPress connector.minimal.php File Upload Vulnerability (CVE-2019-9194)
  • Updated rule id: 77211120 - IM360 WAF: Remote File Inclusion Attack
  • Updated rule id: 77211170 - IM360 WAF: Session Fixation: SessionID Parameter Name with Off-Domain Referer
  • Updated rule id: 77211190 - IM360 WAF: Remote File Access Attempt
  • Updated rule id: 77211270 - IM360 WAF: Arbitrary code execution vulnerability in Request URI
  • Updated rule id: 77211630 - IM360 WAF: Detects blind sqli tests using sleep() or benchmark()
  • Updated rule id: 77211700 - IM360 WAF: Detects conditional SQL injection attempts
  • Updated rule id: 77316742 - IM360 WAF: Generic XSS exploitation attempt