<iframe src="https://www.googletagmanager.com/ns.html?id=GTM-5HLVVHN" height="0" width="0" style="display:none;visibility:hidden">

WAF rulesets released

Feb 26, 2020 5:38:07 PM / by Inessa Atmachian

WAF Rules Production

We are pleased to announce that new updated WAF rulesets are released.

Changelog

version 2.88

  • A few rules are modified for more accurate responses
  • Block malicious plugin requests Solid Best Corp
  • Fix false positive case in User Profile & Membership plugin
  • Fix false positive case in a rule for tracking System Command Injection Attempt
  • Cover file upload vulnerability in comsexycontactform for Joomla!
  • Cover file upload vulnerability in com_jwallpapers

version 2.89

  • Improve a rule for a standalone malware access attempt
  • Update logic to track and block malware access

version 2.90

  • Cover path traversal vulnerability in com_foxcontact component for Joomla!
  • Cover Remote SQL injection vulnerability in Lokomedia CMS
  • Cover file upload vulnerability in com_weblinks component dor Joomla!
  • Cover file upload vulnerability in tdpsthemeoptionpanel module
  • Cover file upload vulnerability in pk_vertflexmenu module

version 2.91

  • Update the logic to track and block malware access
  • Improve the logic for WordPress bruteforce prevention

version 2.92

  • Cover vulnerability in ThemeGrill Demo Importer
  • Cover XSS vulnerability in Joomla before 3.9.2
  • Update logic to detect conditional SQL injection attempts
  • Cover basic MongoDB SQL injection attempts
  • Update logic to track and block malware access

Stay in touch

If you encounter any problems with the product or you have feedback and ideas to share, please send a request to our Imunify support team via cloudlinux.zendesk.com.

 

Topics: WAF, Release

Inessa Atmachian

Written by Inessa Atmachian

Inessa Atmachian is a Technical Writer. She is responsible for developing technical product documentation for CloudLinux OS, KernelCare, and Imunify360 products. She provides customers with release notes and information on product updates.