WAF Rule Set Update Announcement
| Name | waf.sig | ||
| Version | 1.2.22 | ||
| StoneOS Version | 5.5R2-W-1.1 or above, BDS 5.5R8-3.4 or above | ||
| Release Date | 2025-1-22 | New Rules (46) |
Rule ID | Rule Name | Rule Details |
| 1070210351 | Weaver OA e-cology Action.jsp MobileAppUploadAction Aribitrary File Upload Vulnerability | Click for Details | |
| 1070210352 | Weaver E-cology clusterupgrade File Upload Vulnerability | Click for Details | |
| 1070210353 | Qunjie Seal IoT Management Platform rest Password Reset Vulnerability | Click for Details | |
| 1070210354 | H3C IMC dynamiccontent.properties.xhtm Remote Code Execution Vulnerability | Click for Details | |
| 1070210355 | CVE-2022-43140:kkFileView v4.1.0 SSRF Vulnerability | Click for Details | |
| 1070210356 | CVE-2019-17382:Zabbix SIA Zabbix Authentication Bypass Vulnerability | Click for Details | |
| 1070210357 | CVE-2023-4450:JEECG-BOOT Template Injection Vulnerability | Click for Details | |
| 1070210358 | CVE-2023-42793:JetBrains TeamCity Authentication Bypass Vulnerability | Click for Details | |
| 1070210359 | Richtech RDV Arbitrary File Read Vulnerability | Click for Details | |
| 1070210360 | Sangfor NGAF loadfile.php Arbitrary File Read Vulnerability | Click for Details | |
| 1070210361 | Sangfor NGAF login.cgi Remote Command Execution Vulnerability | Click for Details | |
| 1070210362 | TopSec TopACM static_convert.php Remote Command Execution Vulnerability | Click for Details | |
| 1070210363 | Panabit iXCache date_config Command Execution Vulnerability | Click for Details | |
| 1070210364 | Yonyou NC ActionHandlerServlet Arbitrary Command Execution Vulnerability | Click for Details | |
| 1070210365 | Wanhu OA GeneralWeb XXE Vulnerability | Click for Details | |
| 1070210366 | Lingdang CRM Arbitrary File Read Vulnerability | Click for Details | |
| 1070210367 | Topsec TopSAG synRequest Remote Command Execution Vulnerability | Click for Details | |
| 1070210368 | CVE-2023-49103:OwnCloud Phpinfo Information Disclosure Vulnerability | Click for Details | |
| 1070210369 | CVE-2023-50164:Apache Struts2 Arbitrary File Upload Vulnerability | Click for Details | |
| 1070210370 | Jinher OA C6 editeprint.aspx Arbitrary File Upload Vulnerability | Click for Details | |
| 1070210371 | NginxWebUI Remote Command Execution Vulnerability | Click for Details | |
| 1070210372 | FeiYuXing Internet Behavior Management Router send_order.cgi Remote Code Execution Vulnerability | Click for Details | |
| 1070210373 | CVE-2024-29202,CVE-2024-40629:JumpServer Remote Code Execution Vulnerability | Click for Details | |
| 1070210374 | CVE-2024-22024:Ivanti Pulse Connect Secure VPN XXE Vulnerability | Click for Details | |
| 1070210375 | Weaver E-Cology ln.FileDownload Arbitrary File Read Vulnerability | Click for Details | |
| 1070210376 | CVE-2023-6893:Hikvision Intercom Broadcasting System Path Traversal Vulnerability | Click for Details | |
| 1070210377 | CVE-2023-20888:VMware Aria Operations for Networks Deserialization Vulnerability | Click for Details | |
| 1070210378 | CVE-2024-22927:EyouCms v.1.6.5 XSS Vulnerability | Click for Details | |
| 1070210379 | Weaver E-Cology ResourceServlet File Read Vulnerability | Click for Details | |
| 1070210380 | CVE-2023-23333:SolarView Compact 6.00 Command Injection Vulnerability | Click for Details | |
| 1070210381 | CVE-2023-6895:Hikvision Intercom Broadcasting System ping.php Command Injection Vulnerability | Click for Details | |
| 1070210382 | CVE-2023-36844:Juniper Junos OS EX Remote Code Execution Vulnerability | Click for Details | |
| 1070210383 | CVE-2024-23897:Jenkins CLI Arbitrary File Read Vulnerability | Click for Details | |
| 1070210384 | CVE-2023-20073:Cisco Router Arbitrary File Upload Vulnerability | Click for Details | |
| 1070210385 | Yonyou U8 CRM import.php Arbitrary File Upload Vulnerability | Click for Details | |
| 1070210386 | Vesystem Cloud Desktop newserver Remote Command Execution Vulnerability | Click for Details | |
| 1070210387 | CVE-2020-8193:Citrix ADC Remote Command Execution Vulnerability | Click for Details | |
| 1070210388 | CVE-2023-30534:Cacti Deserialization Vulnerability | Click for Details | |
| 1070210389 | CVE-2022-36804:Atlassian Bitbucket Command Injection Vulnerability | Click for Details | |
| 1070210390 | CVE-2021-42237:Sitecore XP Remote Code Execution Vulnerability | Click for Details | |
| 1070210391 | CVE-2021-34473:Microsoft Exchange ProxyShell Remote Code Execution Vulnerability | Click for Details | |
| 1070210392 | CVE-2021-22986:F5 BIG-IP Remote Code Execution Vulnerability | Click for Details | |
| 1070210393 | aaPanel PHPmyadmin Unauthorized Access Vulnerability | Click for Details | |
| 1070110083 | CVE-2024-44902,CVE-2024-48112:ThinkPHP Deserialization Vulnerability | Click for Details | |
| 1070110084 | ThinkPHP Debug mode log infomation Leakage Vulnerability | Click for Details | |
| 1070310183 | CVE-2022-25845:Fastjson Deserialization Vulnerability by USing org.codehaus.groovy | Click for Details | Updated Rules (5) |
Rule ID | Description | Ruel Details |
| 1070210338 | CVE-2019-2618:Oracle WebLogic Server DeploymentServiceServlet Arbitrary File Upload Vulnerability | Click for Details | |
| 1070210341 | CVE-2024-8190:Ivanti Cloud Services Appliance Command Injection Vulnerability | Click for Details | |
| 1070210348 | Weaver E-Cology KtreeUploadAction Arbitrary File Upload Vulnerability | Click for Details | |
| 1070210349 | Weaver e-cology DBconfigReader Infomation Leakage Vulnerability | Click for Details | |
| 1070210350 | Weaver e-cology ofsLogin.jsp Arbitrary User Login Vulnerability | Click for Details | |