WAF Rule Set Update Announcement
| Name | waf.sig | ||
| Version | 1.2.23 | ||
| StoneOS Version | 5.5R2-W-1.1 or above, BDS 5.5R8-3.4 or above | ||
| Release Date | 2025-2-21 | New Rules (43) |
Rule ID | Rule Name | Rule Details |
| 1070210399 | CVE-2019-25213:WordPress Plugin Advanced Access Manager aam-media Arbitrary File Reading Vulnerability | Click for Details | |
| 1070210394 | CVE-2022-40684:Fortinet Multiple Products Administrative Interface Authentication Bypass Vulnerability | Click for Details | |
| 1070210395 | CVE-2019-16057:DLink DNS 320 Remote Code Execution Vulnerability | Click for Details | |
| 1070210396 | CVE-2019-2616:Oracle Business Intelligence XML External Entity Injection Vulnerability | Click for Details | |
| 1070210397 | HongJing Human Resource Information Management System XML Entity Injection Vulnerability | Click for Details | |
| 1070210398 | CVE-2019-3929:Barco WePresent file_transfer.cgi Command Injection Vulnerability | Click for Details | |
| 1070210400 | FanRuan FineReport 11.0/FineBI 5.1 channel Deserialization Vulnerability | Click for Details | |
| 1070210401 | Tongda OA get_file.php Arbitrary File Download Vulnerability | Click for Details | |
| 1070210402 | CVE-2018-10561:Dasan GPON Authorization Bypass Vulnerability | Click for Details | |
| 1070210403 | CVE-2018-10562:GPON Routers Command Injection Vulnerability | Click for Details | |
| 1070210404 | Oracle E-Business Suite bispgraph.jsp Path Traversal Vulnerability | Click for Details | |
| 1070210405 | CVE-2023-38035:Ivanti Sentry Command Injection Vulnerability | Click for Details | |
| 1070210406 | CVE-2023-38205:Adobe ColdFusion Access Control Bypass Attack | Click for Details | |
| 1070210407 | Seeyon OA Arbitrary File Upload Vulnerability | Click for Details | |
| 1070210408 | Weaver OA E-Cology XXE Vulnerability | Click for Details | |
| 1070210409 | CVE-2019-9670:Zimbra Collaboration Autodiscover Servlet XXE Vulnerability | Click for Details | |
| 1070210410 | CVE-2020-8644:playSMS 1.4.3 Remote Code Execution Vulnerability | Click for Details | |
| 1070210411 | Seeyon OA syncConfigManager Method Remote Code Execution Vulnerability | Click for Details | |
| 1070210412 | Weaver E-Cology ifNewsCheckOutByCurrentUser SQL Injection Vulnerability | Click for Details | |
| 1070210413 | CVE-2021-36260:Hikvision Web Server Command Injection Vulnerability | Click for Details | |
| 1070210414 | CVE-2020-11978:Apache Airflow Example Dag Remote Code Execution Vulnerability | Click for Details | |
| 1070210415 | CVE-2023-20887:VMware Aria Operations Command Injection Vulnerability | Click for Details | |
| 1070210416 | Dahua Smart Park Arbitrary Password Reading Vulnerability | Click for Details | |
| 1070210417 | Tongxiang Human Resources Management Platform DownloadTemplate Arbitrary File Download Vulnerability | Click for Details | |
| 1070210418 | CVE-2021-26855: Microsoft Exchange Server-side Request Forge Vulnerability | Click for Details | |
| 1070210419 | CVE-2024-32113: Apache OFBiz Remote Command Execution Vulnerability | Click for Details | |
| 1070210420 | CVE-2023-50290: Apache Solr Environment Variable Information Leaks Vulnerability | Click for Details | |
| 1070210421 | CVE-2021-39226: Grafana Snapshot Authentication Bypass Vulnerability | Click for Details | |
| 1070210422 | Weaver E-Office API save_image Arbitrary File Upload Vulnerability | Click for Details | |
| 1070210423 | Weaver E-Office API FileDownload Arbitrary File Read Vulnerability | Click for Details | |
| 1070210424 | Weaver E-Cology API getFileViewUrl SSRF Vulnerability | Click for Details | |
| 1070210425 | Weaver E-cology System API ResourceServlet Arbitrary File Read Vulnerability | Click for Details | |
| 1070210426 | Weaver E-Office Init.php Arbitrary File Upload Vulnerability | Click for Details | |
| 1070210427 | Kingdee K3Cloud API GetServiceUri.common Deserialization Vulnerability | Click for Details | |
| 1070210428 | JeecgBoot commonController.do Arbitrary File Upload Vulnerability | Click for Details | |
| 1070210429 | CVE-2023-38992,CVE-2023-34603,CVE-2022-45205,CVE-2023-34602: JeecgBoot Multiple SQL Injection Vulnerability | Click for Details | |
| 1070210430 | Weaver E-Office 10 API welink-move Remote Code Execution Vulnerability | Click for Details | |
| 1070210431 | Weaver E-Office Arbitrary File Upload Vulnerability | Click for Details | |
| 1070210432 | Yonyou U8 doUpload.jsp Arbitrary File Upload Vulnerability | Click for Details | |
| 1070210433 | Weaver OA Ecology9 uploaderOperate.jsp Arbitrary File Upload Vulnerability | Click for Details | |
| 1070210434 | Weaver OA SptmForPortalThumbnail.jsp Arbitrary File Read Vulnerability | Click for Details | |
| 1070210435 | CVE-2020-7247:OpenSMTPD Remote Code Execution Vulnerability | Click for Details | |
| 1070310184 | CVE-2010-0738: RedHat JBoss Enterprise Application Platform JMX Console Authentication Bypass | Click for Details | Updated Rules (2) |
Rule ID | Description | Ruel Details |
| 1070210207 | CVE-2019-6340: Drupal Remote code execution | Click for Details | |
| 1040010000 | Apache Web Server Errors | Click for Details | |