New WAF Objects: [total: 8] ================================== Policy: name: 'CVE-2025-60012: Apache Livy - Unauthorized File Access' id: '20000356' minimum version: '10.0' predicates: - type: HTTP Request Method operation: At Least One values: - post - type: HTTP Request operation: Match All match values: - part: header name: Content-Type operation: includes value: application/json - type: HTTP Request operation: Match Any match values: - part: url operation: includes value: /batches - part: url operation: includes value: /sessions - type: HTTP Request operation: Match Any match values: - part: parameter name: conf.spark.jars operation: MatchRegExp value: file:\/\/ - part: parameter name: conf.spark.archives operation: MatchRegExp value: file:\/\/ Policy: name: 'CVE-2026-3055: NetScaler ADC and NetScaler Gateway - Memory Overread' id: '20000355' minimum version: '10.0' predicates: - type: HTTP Request Parameter Name operation: At Least One values: - SAMLRequest - type: HTTP Request operation: Match Any match values: - part: parameter name: SAMLRequest operation: DoesNotInclude value: ProtocolBinding - part: parameter name: SAMLRequest operation: DoesNotInclude value: AssertionConsumerServiceURL - type: HTTP Request Method operation: At Least One values: - post - type: HTTP Request operation: Match All match values: - part: url operation: includes value: /saml/login Signature: ID: '708533' Name: XSS bypass using data, javascript, base64 Attack: Cross-Site Scripting - Blocking Attack Class: Cross-Site Scripting Dictionary: Recommended for Blocking for Web Applications Pattern: part="data", part="javascript", part="base64", rgxp="data\:\s?(application|text)\/javascript[^,]{0,50}\;base64\,(?:[A-Za-z0-9+\/]{20,}={0,2})++(?![^>]{0,5}\>\<)" Policy: Recommended Signatures Policy for Web Applications Search In: - parameters - headers Signature: ID: '708532' Name: 'CVE-2026-3055: NetScaler ADC and NetScaler Gateway - Memory Overread' Attack: Illegal Resource Access - Blocking Attack Class: Illegal Resource Access Dictionary: Recommended for Blocking for Web Applications Pattern: part="/saml/login", part="SAMLRequest=", rgxp="(^|&)SAMLRequest=(?!(?=[\s\S]*AssertionConsumerServiceURL)(?=[\s\S]*ProtocolBinding))[\s\S]*($|&)" Policy: Recommended Signatures Policy for Web Applications Search In: - url-and-parameters Signature: ID: '708531' Name: 'CVE-2026-3055: NetScaler ADC and NetScaler Gateway - Memory Overread #2' Attack: Authentication Bypass - Blocking Attack Class: Authentication Bypass Dictionary: Recommended for Blocking for Web Applications Pattern: part="/wsfed/passive", rgxp="wctx\=?$" Policy: Recommended Signatures Policy for Web Applications Search In: - url-and-parameters Signature: ID: '708529' Name: 'Magento PolyShell: Unauthenticated File Upload to RCE in Magento' Attack: Remote Command Execution - Blocking Attack Class: Remote Command Execution Dictionary: Recommended for Blocking for Web Applications Pattern: part="/rest/default/V1/guest-carts/", part="cart_item.product_option.extension_attributes.custom_options.extension_attributes.file_info.base64_encoded_data" Policy: Recommended Signatures Policy for Web Applications Search In: - url-and-parameters Signature: ID: '708528' Name: 'CVE-2026-3584 : WordPress Kali Forms- Unauthenticated RCE' Attack: Remote Command Execution - Blocking Attack Class: Remote Command Execution Dictionary: Recommended for Blocking for Web Applications Pattern: part="/wp-admin/admin-ajax.php", part="action=kaliforms_form_process", part="data[formId]", rgxp="(data\[thisPermalink\]|data\[entryCounter\])" Policy: Recommended Signatures Policy for Web Applications Search In: - url-and-parameters Signature: ID: '708527' Name: Apache FOP PostScript String Escape Injection Attack: Remote Command Execution - Blocking Attack Class: Remote Command Execution Dictionary: Recommended for Blocking for Web Applications Pattern: part="person/prenom", rgxp="person\/prenom\=.{100,}" Policy: Recommended Signatures Policy for Web Applications Search In: - parameters