WAF Rule Set Update Announcement
| Name | waf.sig | ||
| Version | 1.2.25 | ||
| StoneOS Version | 5.5R2-W-1.1 or above, BDS 5.5R8-3.4 or above | ||
| Release Date | 2025-3-19 | New Rules (27) |
Rule ID | Rule Name | Rule Details |
| 1070210441 | Sangfor VPN Arbitrary User Add Vulnerability | Click for Details | |
| 1070210442 | Weaver E-Office downfile.php Arbitrary File Read Vulnerability | Click for Details | |
| 1070210443 | Zabbix 5.0.17 Remote Code Execution Vulnerability | Click for Details | |
| 1070210444 | CVE-2017-3066:Adobe ColdFusion Deserialization Vulnerability | Click for Details | |
| 1070210445 | CVE-2017-1000486:Primetek Primefaces Remote Code Execution Vulnerability | Click for Details | |
| 1070210446 | Weaver OA API profile Permission Bypass Vulnerability | Click for Details | |
| 1070210447 | Kingdee Cloud K3 API common.kdsvc Deserialization Vulnerability | Click for Details | |
| 1070210448 | Wanhu OA API downloadhttp.jsp Arbitrary File Download Vulnerability | Click for Details | |
| 1070210449 | CVE-2023-22515: Atlassian Confluence Privilege Promotion Vulnerability | Click for Details | |
| 1070210450 | IP-guard WebServer Arbitrary File Read Vulnerability | Click for Details | |
| 1070210451 | Smartbi API EngineAddress Permission bypass Vulnerability | Click for Details | |
| 1070210452 | CVE-2024-42323:Apache HertzBeat SnakeYaml Deserialization Vulnerability | Click for Details | |
| 1070210453 | CVE-2020-7012:Kibana 7.6.2 upgrade-assistant-telemetry Code Injection Vulnerability | Click for Details | |
| 1070210454 | CVE-2020-7012:Kibana 7.6.2 upgrade-assistant-telemetry Code Injection Vulnerability | Click for Details | |
| 1070210455 | CVE-2022-21500:Oracle E-Business Suite Authentication Bypass Vulnerability | Click for Details | |
| 1070210456 | CVE-2024-7704:Weaver e-cology Information Disclosure Vulnerability | Click for Details | |
| 1070210457 | Weaver E-Office login_quick.php Authentication Bypass Vulnerability | Click for Details | |
| 1070210458 | Weaver E-Office diarydo.php SQL Injection Vulnerability | Click for Details | |
| 1070210459 | Weaver E-Office uploadify.php Arbitrary File Upload Vulnerability | Click for Details | |
| 1070210460 | Weaver E-Office new_edit_do.php File Coverage Vulnerability | Click for Details | |
| 1070210461 | Weaver OA API json.php SQL Injection Vulnerability | Click for Details | |
| 1070210462 | Weaver E-office 9.5 API index.php Unauthorized SQL Injection Vulnerability | Click for Details | |
| 1070210463 | Weaver E-office API datas Information Leakage Vulnerability | Click for Details | |
| 1070210464 | Weaver OA API uploadFileClient.jsp Arbitrary File Upload Vulnerability | Click for Details | |
| 1070210465 | CVE-2021-26919:Apache Druid JDBC connection properties Remote Code Execution Vulnerability | Click for Details | |
| 1070110085 | Spring Boot Actuator Unauthorized Access | Click for Details | |
| 1070110086 | Spring Boot Actuator Unauthorized Access | Click for Details | Updated Rules (30) |
Rule ID | Description | Ruel Details |
| 1070010034 | Apache Tomcat Sample Directory Session Manipulation Vulnerability | Click for Details | |
| 1070110069 | CVE-2022-22965: Spring Core Remote Code Execution Vulnerability | Click for Details | |
| 1070110071 | CVE-2022-22978: Spring Security Authentication Bypass Vulnerability | Click for Details | |
| 1070110072 | CVE-2018-1273: Spring Data Commons Remote Code Execution Vulnerability | Click for Details | |
| 1070110075 | CVE-2011-2730: Spring EL Expression Injection Vulnerability | Click for Details | |
| 1070110076 | CVE-2017-8046: Spring Data Rest Remote Code Execution Vulnerability | Click for Details | |
| 1070110077 | CVE-2018-1270: Spring Messaging Remote Code Execution Vulnerability | Click for Details | |
| 1070110082 | Spring Boot Actuator Unauthorized Access Vulnerability | Click for Details | |
| 1070310138 | Filename %00 Truncation Vulnerability | Click for Details | |
| 1070310139 | Fastjson Deserialization Vulnerability by Using JdbcRowSetImpl | Click for Details | |
| 1070310140 | Fastjson Deserialization Vulnerability by Using TemplatesImpl | Click for Details | |
| 1070310141 | Fastjson Deserialization Vulnerability by Using java.lang.Class | Click for Details | |
| 1070310142 | Apache Tomcat Session Deserialization Vulnerability (CVE-2020-9484) | Click for Details | |
| 1070310143 | File Include Vulnerability with Windows System Path | Click for Details | |
| 1070310144 | F5 BIG-IP TMUI Directory Traversal and Remote Code Execution Vulnerability (CVE-2020-5902) | Click for Details | |
| 1070310145 | Pandora FMS Events Remote Command Execution Vulnerability (CVE-2020-13851) | Click for Details | |
| 1070310146 | Infosec NSAE Remote Command Execution Vulnerability | Click for Details | |
| 1070310147 | Fastjson Deserialization Vulnerability by dnslog | Click for Details | |
| 1070310148 | CVE-2021-3129: Laravel Remote Code Execution Vulnerability | Click for Details | |
| 1070310149 | Fastjson Deserialization Vulnerability | Click for Details | |
| 1070310150 | CVE-2017-10271: Oracle WebLogic Server WLS Security Vulnerability | Click for Details | |
| 1070310151 | CVE-2021-44228: Apache Log4j2 Remote Code Execution Vulnerability | Click for Details | |
| 1070310152 | CVE-2021-44228: Apache Log4j2 Remote Code Execution Vulnerability - lower/upper/date Bypass | Click for Details | |
| 1070310155 | Fastjson 1.2.80 Deserialization Vulnerability | Click for Details | |
| 1070310159 | Fastjson Deserialization Vulnerability by Using java.lang.Exception | Click for Details | |
| 1070310170 | CVE-2022-30778,CVE-2022-30779,CVE-2022-31279: Laravel Deserialization Remote Code Execution | Click for Details | |
| 1070310171 | PHP 8.1.0-dev Backdoor Remote Code Execution Vulnerability | Click for Details | |
| 1070310172 | CVE-2021-22986,CVE-2022-1388: F5 BIG-IP Unauthenticated Remote Code Execution Vulnerability | Click for Details | |
| 1070310173 | Fastjson Deserialization Vulnerability Bypass Method Detected | Click for Details | |
| 1040510000 | PHP Information Leak Using Function phpinfo() | Click for Details | |