New WAF Objects: [total: 14] ================================== Signature: ID: '708499' Name: 'CVE-2025-53690: Sitecore XM/XP - RCE' Attack: Remote Command Execution - Blocking Attack Class: Remote Command Execution Dictionary: Recommended for Blocking for Web Applications Pattern: part="/sitecore/default.aspx", part="__VIEWSTATE=", rgxp="__VIEWSTATE=(?!.*__VIEWSTATEGENERATOR=)" Policy: Recommended Signatures Policy for Web Applications Search In: - url-and-parameters Signature: ID: '708496' Name: Admin & API Path Probing Attack: Directory Traversal Attack Class: Directory Traversal Dictionary: Recommended for Blocking for Web Applications Pattern: part="/admin.html", rgxp="(?:admin\/api\.Update\/get\/encode|admin\/api\.Update\/node)" Policy: Recommended Signatures Policy for Web Applications Search In: - url-and-parameters Policy: name: 'CVE-2025-52691: Smarter Mail - RCE in JSON' id: '20000348' minimum version: '10.0' predicates: - type: HTTP Request operation: Match Any match values: - part: url operation: includes value: /api/v1/upload - part: url operation: includes value: /Services/Upload.ashx - part: url operation: includes value: /Interface/Frmx/UploadFile.aspx - part: url operation: includes value: /MRS/Upload.ashx - part: url operation: includes value: /api/upload - type: HTTP Request Content-Type (Header) operation: At Least One values: - application/json - type: HTTP Request operation: Match All match values: - part: parameter name: path operation: includes value: ../wwwroot/ - type: HTTP Request Method operation: At Least One values: - POST Policy: name: 'CVE-2025-52691: Smarter Mail - RCE' id: '20000347' "minimum version": '10.0' predicates: - type: HTTP Request Method operation: At Least One values: - POST - type: HTTP Request operation: Match Any match values: - part: url operation: includes value: /Interface/Frmx/UploadFile.aspx - part: url operation: includes value: /api/v1/upload - part: url operation: includes value: /api/upload - part: url operation: includes value: /MRS/Upload.ashx - part: url operation: includes value: /Services/Upload.ashx - type: HTTP Request Header Value operation: At Least One name: X-Path values: - ../wwwroot Policy: name: 'CVE-2025-67494 : Zitadel Flaw Risk SSRF Internal Breach' id: '20000344' minimum version: '10.0' predicates: - type: HTTP Request Header Name operation: At Least One values: - x-zitadel-forward-host - type: HTTP Request operation: Match All match values: - part: url operation: includes value: /ui/v2/login Signature: ID: '708493' Name: JavaScript obfuscation newline Attack: Cross-Site Scripting - Blocking Attack Class: Cross-Site Scripting Dictionary: Recommended for Blocking for Web Applications Pattern: part="()>", rgxp="<\s{0,3}[^>]{1,50}=\s{0,3}j\s+a\s+v\s+a\s+s\s+c\s+r\s+i\s+p\s+t\s{0,3}:\s{0,3}[\s\S]{1,8}\(\)\>" Policy: Recommended Signatures Policy for Web Applications Search In: - parameters Signature: ID: '708492' Name: gs-netcat Attack: Remote Command Execution - Blocking Attack Class: Remote Command Execution Dictionary: Recommended for Blocking for Web Applications Pattern: part="gs-netcat", rgxp="\bgs-netcat\b" Policy: Recommended Signatures Policy for Web Applications Search In: - url - parameters - headers Signature: ID: '708193' Name: Sensitive Kubernetes data leakage Attack: Data Leakage - Blocking Attack Class: Data Leakage Dictionary: Recommended for Blocking for Web Applications Pattern: part="/var/run/secrets/kubernetes.io/serviceaccount" Policy: Recommended Signatures Policy for Web Applications Search In: - url-and-parameters Signature: ID: '708491' Name: Directory Traversal - "\windows\temp\php<<" Attack: Illegal Resource Access - Blocking Attack Class: Illegal Resource Access Dictionary: Recommended for Blocking for Web Applications Pattern: part="\x5cwindows\x5ctemp\x5cphp\x3c\x3c" Policy: Recommended Signatures Policy for Web Applications Search In: - url-and-parameters Signature: ID: '708490' Name: SQLi cross parameter comments - 2.2 Attack: SQL Injection - Blocking Attack Class: SQL Injection Dictionary: Recommended for Blocking for Web Applications Pattern: part="where", rgxp="^.{0,50}\*\/.{0,50}(having|like|matches|insert|delete|select|update|truncate|drop|alter|union|grant|revoke|char|group\s+by|waitfor|coalesce).{0,50}WHERE.{0,50}[^\*]\/\*.{0,50}$" Policy: Recommended Signatures Policy for Web Applications Search In: - parameters Signature: ID: '708489' Name: SQLi cross parameter comments - 2.1 Attack: SQL Injection - Blocking Attack Class: SQL Injection Dictionary: Recommended for Blocking for Web Applications Pattern: part="from", rgxp="^.{0,50}\*\/.{0,50}(having|like|matches|insert|delete|select|update|truncate|drop|alter|union|grant|revoke|char|group\s+by|waitfor|coalesce).{0,50}FROM.{0,50}[^\*]\/\*.{0,50}$" Policy: Recommended Signatures Policy for Web Applications Search In: - parameters Signature: ID: '708488' Name: SQLi cross parameter comments - 1.2 Attack: SQL Injection - Blocking Attack Class: SQL Injection Dictionary: Recommended for Blocking for Web Applications Pattern: part="where", rgxp="^.{0,50}(having|like|matches|insert|delete|select|update|truncate|drop|alter|union|grant|revoke|char|group\s+by|waitfor|coalesce).{0,50}\*\/([^\*]).{0,50}WHERE.{0,50}(?:[^\*]\/\*|\/\*\*\/).{0,50}$" Policy: Recommended Signatures Policy for Web Applications Search In: - parameters Signature: ID: '708487' Name: SQLi cross parameter comments - 1.1 Attack: SQL Injection - Blocking Attack Class: SQL Injection Dictionary: Recommended for Blocking for Web Applications Pattern: part="FROM", rgxp="^.{0,50}(having|like|matches|insert|delete|select|update|truncate|drop|alter|union|grant|revoke|char|group\s+by|waitfor|coalesce).{0,50}\*\/([^\*]).{0,50}FROM.{0,50}(?:[^\*]\/\*|\/\*\*\/).{0,50}$" Policy: Recommended Signatures Policy for Web Applications Search In: - parameters Signature: ID: '708486' Name: XSS bypass using var Attack: Cross-Site Scripting - Blocking Attack Class: Cross-Site Scripting Dictionary: Recommended for Blocking for Web Applications Pattern: part=";var", rgxp=".{1,20}(\<\!).{1,20}\=.{1,20}(\;var\s\w{1,15}=.{1,20}){2,}\[.{1,40}\]\(\)\;.{1,10}\>" Policy: Recommended Signatures Policy for Web Applications Search In: - parameters - headers