Modified WAF Objects: [total: 1] ================================== Signature: ID: '708404' Name: HTTP Request Smuggling with Post - Detection Attack: Illegal Resource Access - Detection Attack Class: Illegal Resource Access Dictionary: Recommended for Detection for Web Applications Pattern: part="POST", rgxp="(?s)\A[\s\S]{0,30}\bPOST\s.{1,100}HTTP\/1\.\d" Policy: Recommended Signatures Policy for Web Applications Search In: - parameters New WAF Objects: [total: 18] ================================== Signature: ID: '708416' Name: 'CVE-2025-24893: XWiki - RCE' Attack: Remote Command Execution - Blocking Attack Class: Remote Command Execution Dictionary: Recommended for Blocking for Web Applications Pattern: part="/xwiki/bin/get/Main/SolrSearch", part="rss", part="text", rgxp="groovy" Policy: Recommended Signatures Policy for Web Applications Search In: - url-and-parameters Policy: name: 'CVE-2025-57772, CVE-2025-57773: DataEase - RCE' id: '20000323' minimum version: '10.0' predicates: - type: HTTP Request operation: Match All match values: - part: parameter name: configuration operation: MatchRegExp value: ^[A-Za-z0-9]+$ - part: url operation: includes value: /de2api/datasource/validate - part: parameter name: type operation: includes value: oracle - type: HTTP Request Method operation: At Least One values: - POST Policy: name: 'CVE-2024-8069: Citrix Session Recording - RCE' id: '20000320' minimum version: '10.0' predicates: - type: HTTP Request operation: Match All match values: - part: header name: SOAPAction operation: includes value: MSMQMessage - part: url operation: includes value: /msmq/private$/citrixsmaudeventdata - type: HTTP Request Method operation: At Least One values: - POST Policy: name: 'CVE-2025-54309: CrushFTP - authentication bypass' id: '20000318' minimum version: '10.0' predicates: - type: HTTP Request operation: Match All match values: - part: parameter name: username operation: MatchRegExp value: . - part: url operation: includes value: /WebInterface/function/ - part: header name: AS2-TO operation: includes value: \crushadmin - part: header name: Cookie operation: includes value: CrushAuth - part: parameter name: command operation: includes value: setUserItem - type: HTTP Request Method operation: At Least One values: - POST Policy: name: HTTP Request Smuggling with Content Encoding and Content-Length id: '20000317' minimum version: '10.0' predicates: - type: HTTP Request Method operation: At Least One values: - POST - type: HTTP Request Header Name operation: At Least One values: - Content-Length - type: HTTP Request operation: Match All match values: - part: header name: Content-Encoding operation: includes value: chunked Policy: name: 'HTTP Request Smuggling: Get/Head with Transfer Encoding' id: '20000322' minimum version: '10.0' predicates: - type: HTTP Request Method operation: At Least One values: - HEAD - GET - type: HTTP Request operation: Match All match values: - part: header name: Transfer-Encoding operation: includes value: chunked - type: HTTP Request Header Name operation: At Least One values: - Content-Length Policy: name: HTTP Request Smuggling General id: '20000313' minimum version: '10.0' predicates: - type: HTTP Request Method operation: At Least One values: - PUT - PATCH - OPTIONS - type: Signatures operation: At Least One values: - '708411' - '708409' - '708414' - '708404' - '708413' - '708412' - '708410' Signature: ID: '708415' Name: Alfa Team Shell Tesla 4.1 Remote Code Execution Attack: Backdoor/Trojan - Blocking Attack Class: Backdoor/Trojan Dictionary: Recommended for Blocking for Web Applications Pattern: part="alfa", rgxp="(?:perl\.alfa\.php$|py\.alfa\.php$|bash\.alfa\.php$|bash.alfa$|perl.alfa$|py.alfa$)" Policy: Recommended Signatures Policy for Web Applications Search In: - url Signature: ID: '708414' Name: HTTP Request Smuggling with Trace - Detection Attack: Illegal Resource Access - Detection Attack Class: Illegal Resource Access Dictionary: Recommended for Detection for Web Applications Pattern: part="TRACE", rgxp="(?s)\A[\s\S]{0,30}\bTRACE\s.{1,100}HTTP\/1\.\d" Policy: Recommended Signatures Policy for Web Applications Search In: - parameters Policy: name: "CVE-2025-3515: WordPress - Drag and Drop File Upload" id: "20000312" minimum version: "10.0" predicates: - type: HTTP Request operation: Match All match values: - part: url operation: MatchRegExp value: (?:\/wp-content\/plugins\/drag-and-drop-multiple-file-upload-contact-form-7\/inc\/dnd-upload-cf7\.php|\/wp-admin\/admin-ajax\.php) - part: header name: Content-Type operation: includes value: multipart/form-data - part: parameter name: action operation: includes value: dnd_codedropz_upload - type: HTTP Request Method operation: At Least One values: - POST Signature: ID: '708413' Name: HTTP Request Smuggling with Delete - Detection Attack: Illegal Resource Access - Detection Attack Class: Illegal Resource Access Dictionary: Recommended for Detection for Web Applications Pattern: part="DELETE", rgxp="(?s)\A[\s\S]{0,30}\bDELETE\s.{1,100}HTTP\/1\.\d" Policy: Recommended Signatures Policy for Web Applications Search In: - parameters Signature: ID: '708412' Name: HTTP Request Smuggling with Patch - Detection Attack: Illegal Resource Access - Detection Attack Class: Illegal Resource Access Dictionary: Recommended for Detection for Web Applications Pattern: part="PATCH", rgxp="(?s)\A[\s\S]{0,30}\bPATCH\s.{1,100}HTTP\/1\.\d" Policy: Recommended Signatures Policy for Web Applications Search In: - parameters Policy: name: "CVE-2025-53772: IIS WebDeploy - RCE" id: "20000311" minimum version: "10.0" predicates: - type: HTTP Request operation: Match All match values: - part: header name: Content-Length operation: MatchRegExp value: "0" - part: header name: MSDeploy.SyncOptions operation: MatchRegExp value: H4sI - part: url operation: includes value: /msdeploy.axd - part: header name: MSDeploy.Method operation: includes value: Sync Signature: ID: '708411' Name: HTTP Request Smuggling with PUT - Detection Attack: Directory Traversal Attack Class: Directory Traversal Dictionary: Recommended for Blocking for Web Applications Pattern: part="PUT", rgxp="(?s)\A[\s\S]{0,30}\bPUT\s.{1,100}HTTP\/1\.\d" Policy: Recommended Signatures Policy for Web Applications Search In: - parameters Signature: ID: '708410' Name: HTTP Request Smuggling with HEAD - Detection Attack: Illegal Resource Access - Detection Attack Class: Illegal Resource Access Dictionary: Recommended for Detection for Web Applications Pattern: part="HEAD", rgxp="(?s)\A[\s\S]{0,30}\bHEAD\s.{1,100}HTTP\/1\.\d" Policy: Recommended Signatures Policy for Web Applications Search In: - parameters Signature: ID: '708409' Name: HTTP Request Smuggling with GET - Detection Attack: Illegal Resource Access - Detection Attack Class: Illegal Resource Access Dictionary: Recommended for Detection for Web Applications Pattern: part="GET", rgxp="(?s)\A[\s\S]{0,30}\bGET\s.{1,100}HTTP\/1\.\d" Policy: Recommended Signatures Policy for Web Applications Search In: - parameters Signature: ID: '708408' Name: XSS using concatenation obfuscation Attack: Cross-Site Scripting - Blocking Attack Class: Cross-Site Scripting Dictionary: Recommended for Blocking for Web Applications Pattern: part="window", part="def", rgxp="\=window\b[\s\S]{1,20}def\=(\'|\`|\"|\+)[a-z]{1,20}(\'|\`|\"|\+)" Policy: Recommended Signatures Policy for Web Applications Search In: - headers - url-and-parameters Signature: ID: '708406' Name: 'CVE-2022-26135: Jira Mobile SSRF' Attack: Protocol Manipulation - Blocking Attack Class: Protocol Manipulation Dictionary: Recommended for Blocking for Web Applications Pattern: part="/rest/nativemobile/1.0/batch", part="requests.location" Policy: Recommended Signatures Policy for Web Applications Search In: - url-and-parameters