New WAF Objects: [total: 5]
==================================
Signature:
    ID: '708519'
    Name: 'CVE-2026-22200: osTicket - information disclosure'
    Attack: Illegal Resource Access - Blocking
    Attack Class: Illegal Resource Access
    Dictionary: Recommended for Blocking for Web Applications
    Pattern: part="url&#34(php", rgxp="url\&\#34\(php.{1,3}\/\/"
    Policy: Recommended Signatures Policy for Web Applications
    Search In:
    - parameters
    - headers

Policy:
  name: Block .htaccess and variants - .bak, .copy etc
  id: '20000354'
  minimum version: '10.0'
  predicates:
  - type: HTTP Request
    operation: Match All
    match values:
    - part: url
      operation: MatchRegExp
      value: \.htaccess(\.swp|\.1|\.bak|\.copy|\.old|\.tmp|\.\~1\~|\~)?$

Signature:
    ID: '708518'
    Name: 'CVE-2025-40552,CVE-2025-40553,CVE-2025-40554: SolarWinds Help Desk - Authentication
    Bypass, RCE 2'
    Attack: Remote Command Execution - Blocking
    Attack Class: Remote Command Execution
    Dictionary: Recommended for Blocking for Web Applications
    Pattern: part="/helpdesk/WebObjects/Helpdesk.woa/ajax/9.7.43.0.0.0.4.3.7.0.7.1.1.1", part="method=system.listMethods"
    Policy: Recommended Signatures Policy for Web Applications
    Search In:
    - url-and-parameters

Signature:
    ID: '708517'
    Name: 'CVE-2025-40552,CVE-2025-40553,CVE-2025-40554: SolarWinds Help Desk - Authentication
    Bypass, RCE 1'
    Attack: Remote Command Execution - Blocking
    Attack Class: Remote Command Execution
    Dictionary: Recommended for Blocking for Web Applications
    Pattern: part="/helpdesk/WebObjects/Helpdesk.woa/ajax/9.7.43.0.0.0.4.3.7.0.7.1.1.1", part="method=wopage.", part="params.javaClass", part="params.userOverridesAsString"
    Policy: Recommended Signatures Policy for Web Applications
    Search In:
    - url-and-parameters

Signature:
    ID: '708516'
    Name: XSS Bypass using HTMLi Double URL Encoding  and HTML Entities
    Attack: Cross-Site Scripting - Blocking
    Attack Class: Cross-Site Scripting
    Dictionary: Recommended for Blocking for Web Applications
    Pattern: part="javascript", rgxp="javascript[\s\S]{1,20}\/on[\s\S]{1,20}=[\s\S]{1,40};[\s\S]{1,20};"
    Policy: Recommended Signatures Policy for Web Applications
    Search In:
    - parameters