Modified WAF Objects: [total: 1] ================================== Policy: name: Content-Type multipart/form-data RFC violation id: '20000330' minimum version: '10.0' predicates: - type: HTTP Request operation: Match All match values: - part: header name: Content-Type operation: MatchRegExp value: boundary[\s\S]{1,200}[\;\s]\bboundary(\*\d{1,5})?\s?= - part: header name: Content-Type operation: includes value: multipart/form-data New WAF Objects: [total: 7] ================================== Signature: ID: '708437' Name: CVE-2024-21650 XWiki Platform RCE Pattern: part="/xwiki/rest/wikis/xwiki/spaces/security/users", part="html", part="async", part="groovy" Attack: Remote Command Execution - Blocking Attack Class: Remote Command Execution Dictionary: Recommended for Blocking for Web Applications Policy: Recommended Signatures Policy for Web Applications Search In: - url-and-parameters Signature: ID: '708436' Name: CVE-2023-42793 TeamCity RCE Pattern: part="/app/rest/debug/processes", part="exePath=" Attack: Remote Command Execution - Blocking Attack Class: Remote Command Execution Dictionary: Recommended for Blocking for Web Applications Policy: Recommended Signatures Policy for Web Applications Search In: - url-and-parameters Signature: ID: '708435' Name: 'CVE-2025-11533: WP Freeio Plugin - Privilege Escalation' Attack: Authentication Bypass - Blocking Attack Class: Authentication Bypass Dictionary: Recommended for Blocking for Web Applications Pattern: part="wp_freeio_ajax_register", part="wp_freeio_ajax_register", rgxp="role\=\s?administrator" Policy: Recommended Signatures Policy for Web Applications Search In: - url-and-parameters Policy: name: 'CVE-2025-59287: WSUS - RCE' id: '20000331' minimum version: '10.0' predicates: - type: HTTP Request operation: Match All match values: - part: parameter name: GetCookie/authCookies/AuthorizationCookie/CookieData operation: MatchRegExp value: '[\s\S]{1000,}' - part: header name: SOAPAction operation: includes value: http://www.microsoft.com/SoftwareDistribution/Server/ClientWebService/GetCookie - part: url operation: includes value: /ClientWebService/Client.asmx - type: HTTP Request Method operation: At Least One values: - POST Signature: ID: '708434' Name: SQLI select from hex encoded payload Attack: SQL Injection - Blocking Attack Class: SQL Injection Dictionary: Recommended for Blocking for Web Applications Pattern: part="select", part="into", part="from", part="execute", rgxp="[\'\"\`]{1,5}\)?;?select\s0x[a-fA-F0-9]{3,}\sinto[\s\S]{5,100}from[\s\S]{1,100}execute" Policy: Recommended Signatures Policy for Web Applications Search In: - parameters - headers Signature: ID: '708433' Name: 'CVE-2025-54236: Magento RCE 2' Pattern: part="customer/address_file/upload", part="sess_" Attack: Remote Command Execution - Blocking Attack Class: Remote Command Execution Dictionary: Recommended for Blocking for Web Applications Policy: Recommended Signatures Policy for Web Applications Search In: - url-and-parameters Signature: ID: '708432' Name: 'CVE-2025-54236: Magento RCE' Pattern: part="/rest/default/V1/guest-carts/", part="sessionConfig", part="savePath" Attack: Remote Command Execution - Blocking Attack Class: Remote Command Execution Dictionary: Recommended for Blocking for Web Applications Policy: Recommended Signatures Policy for Web Applications Search In: - url-and-parameters