We are pleased to announce that a new updated WAF ruleset version 3.45 has been released to production.
Changelog
- Added rule id: 77316749 - IM360 WAF: Magento Webforms Arbitrary File Upload
- Added rule id: 77316750 - IM360 WAF: Yeager CMS Arbitrary File Upload (CVE-2015-7571)
- Added rule id: 77316751 - IM360 WAF: Vulnerable TimThumb script requested
- Added rule id: 77316752 - IM360 WAF: Unauthenticated Privilege Escalation Vulnerability in WordPress Ultimate Member < 2.1.12
- Updated rule id: 77140163 - IM360 WAF: PHP Injection Attack: Low-Value PHP Function Call Found
- Updated rule id: 77140164 - IM360 WAF: Infectors: PHP Injection Low value
- Updated rule id: 77134463 - IM360 WAF: PHP Injection Attack: High-Risk PHP Function Call Found
- Updated rule id: 77134464 - IM360 WAF: Infectors: PHP Injection High-Risk PHP Function
- Updated rule id: 77140916 - WordPress connector.minimal.php File Upload Vulnerability (CVE-2019-9194)
- Updated rule id: 77211120 - IM360 WAF: Remote File Inclusion Attack
- Updated rule id: 77211170 - IM360 WAF: Session Fixation: SessionID Parameter Name with Off-Domain Referer
- Updated rule id: 77211190 - IM360 WAF: Remote File Access Attempt
- Updated rule id: 77211270 - IM360 WAF: Arbitrary code execution vulnerability in Request URI
- Updated rule id: 77211630 - IM360 WAF: Detects blind sqli tests using sleep() or benchmark()
- Updated rule id: 77211700 - IM360 WAF: Detects conditional SQL injection attempts
- Updated rule id: 77316742 - IM360 WAF: Generic XSS exploitation attempt