WAF rule set update for 2018-09-05  (legacy)

The following information describes the updates and changes to the rule set.

ID

3vnl3cwPda9Q3WYCDRuGW

Version

v10

Date

2018-09-05

Type of Change

  • Introduced new OWASP rule 932190, which mitigates RCE (OS File Access Attempt) on low paranoia level WAF
  • Introduced new OWASP rule 941110, which mitigates XSS using script tag vector
  • Introduced new OWASP rule 944100, which mitigates RCE via Java deserialization vulnerabilities (CVE-2017-9805, CVE-2017-10271)
  • Introduced new OWASP rule 944110, which mitigates RCE via Java process spawn vulnerability (CVE-2017-9805)
  • Introduced new OWASP rule 944120, which mitigates RCE via Java serialization (CVE-2015-5842)
  • Introduced new OWASP rule 944240, which mitigates RCE via Java serialization (CVE-2015-5842)
  • Introduced new OWASP rule 944130, which detects suspicious Java classes
  • Introduced new OWASP rule 944250, which detects RCE via Java method
  • Introduced new OWASP rule 944200, which detects magic bytes being used that signal Java serialization
  • Introduced new OWASP rule 944210, which detects magic bytes being Base64 encoded that signal Java serialization
  • Introduced new OWASP rule 944220, which detects vulnerable Java class in use
  • Introduced new OWASP rule 944300, which detects Base64 encoded string that matched suspicious keyword
  • Introduced new Fastly internal rule 4134010, which mitigates CVE-2018-11776 Apache Struts v2 vulnerability
  • Introduced new Fastly internal rule 4113010, which detects suspicious X-Rewrite-URL header
  • Introduced new Fastly internal rule 4113020, which detects suspicious X-Original-URL header
  • Introduced new Fastly internal rule 4113030, which detects ESI directives in request
  • Introduced new Fastly internal rule 4113050, which detects ESI directives in body
  • Removed Trustwave rule 2200000, IP blocklist
  • Removed Trustwave rule 2200002, TOR Exit Nodes blocklist

Affected Rule Sets

  • OWASP
  • Fastly Rules
  • Trustwave
For more information, see our guide on Fastly WAF rule set updates and maintenance.
Back to Top