New WAF Objects: [total: 11]
==================================
Signature:
  Name: 'CVE-2025-1097: Ingress NGINX - configuration injection'
  ID: '708362'
  Attack: Remote Command Execution - Blocking
  Attack Class: Remote Command Execution
  Dictionary: Recommended for Blocking for Web Applications
  Pattern: part="kind=AdmissionReview", part="request.object.metadata.annotations.nginx.ingress.kubernetes.io/auth-tls-match-cn=CN="
  Policy: Recommended Signatures Policy for Web Applications
  Search In:
  - parameters

Signature:
  Name: OOB attack using .ngbeta.net
  ID: '708361'
  Pattern: part=".ngbeta.net"
  Attack: Automation Attack - Blocking
  Attack Class: Automation Attack
  Dictionary: Recommended for Blocking for Web Applications
  Policy: Recommended Signatures Policy for Web Applications
  Search In:
  - parameters
  - headers

Signature:
  Name: OOB attack using .detectors-testing.com
  ID: '708360'
  Pattern: part=".detectors-testing.com"
  Attack: Automation Attack - Blocking
  Attack Class: Automation Attack
  Dictionary: Recommended for Blocking for Web Applications
  Policy: Recommended Signatures Policy for Web Applications
  Search In:
  - parameters
  - headers

Signature:
  Name: OOB attack using .dns.outbound.watchtowr.com
  ID: '708359'
  Pattern: part=".dns.outbound.watchtowr.com"
  Attack: Automation Attack - Blocking
  Attack Class: Automation Attack
  Dictionary: Recommended for Blocking for Web Applications
  Policy: Recommended Signatures Policy for Web Applications
  Search In:
  - parameters
  - headers

Signature:
  Name: OOB attack using .it.h4.vc
  ID: '708358'
  Pattern: part=".it.h4.vc"
  Attack: Automation Attack - Blocking
  Attack Class: Automation Attack
  Dictionary: Recommended for Blocking for Web Applications
  Policy: Recommended Signatures Policy for Web Applications
  Search In:
  - parameters
  - headers

Signature:
  Name: 'XStream - RCE During Unmarshalling '
  ID: '708357'
  Pattern: >-
    part="com.sun.jndi.ldap.LdapAttribute", part="JavaCodeBase", rgxp="(http|https|ftp|ftps|file):\\/\\/"
  Attack: Illegal Resource Access - Blocking
  Attack Class: Illegal Resource Access
  Dictionary: Recommended for Blocking for Web Applications
  Policy: Recommended Signatures Policy for Web Applications
  Search In:
    - parameters

Signature:
  Name: 'CVE-2025-32813: Unauthenticated Command Injection in get_saml_request'
  ID: '708356'
  Attack: Remote Command Execution - Blocking
  Attack Class: Remote Command Execution
  Dictionary: Recommended for Blocking for Web Applications
  Pattern: part="webui/application/get_saml_request", rgxp="saml_id=[\s\S]{0,30}\$\("
  Policy: Recommended Signatures Policy for Web Applications
  Search In:
  - url-and-parameters

Signature:
  Name: "CVE-2025-5353,CVE-2025-22455: Ivanti Command Injection"
  ID: "708355"
  Pattern: 'part="/api/v1/license/keys-status", rgxp="\\/api\\/v1\\/license\\/keys-status\\/[;`]"'
  Attack: "Remote Command Execution - Blocking"
  Attack Class: "Remote Command Execution"
  Dictionary: "Recommended for Blocking for Web Applications"
  Policy: "Recommended Signatures Policy for Web Applications"
  Search In:
  - "url"

Signature:
  Name: 'CVE-2025-48827 - CVE-2025-48828: vBulletin unauthenticated invocation of protected API controllers'
  ID: '708354'
  Attack: Remote Command Execution - Blocking
  Attack Class: Remote Command Execution
  Dictionary: Recommended for Blocking for Web Applications
  Pattern: part="ajax/api/ad/replaceAdTemplate", rgxp="template=<vb:if"
  Policy: Recommended Signatures Policy for Web Applications
  Search In:
  - url-and-parameters

Signature:
  Name: 'CVE-2020-5421: Spring security vulnerability - RFD attack via jsessionid'
  ID: '708353'
  Pattern: 'part=";jsessionid=", rgxp=";jsessionid\=\/?[a-z0-9]{0,100}\.(bat|cmd|sh|exe|ps1)(?:$|\/)"'
  Attack: 'Illegal Resource Access - Blocking'
  Attack Class: 'Illegal Resource Access'
  Dictionary: 'Recommended for Blocking for Web Applications'
  Policy: 'Recommended Signatures Policy for Web Applications'
  Search In:
  - 'url'

Policy:
  name: 'CVE-2025-47577: WordPress TI WooCommerce Wishlist - File Upload'
  id: '20000301'
  minimum version: '10.0'
  predicates:
  - type: HTTP Request Method
    operation: At Least One
    values:
    - POST
  - type: HTTP Request
    operation: Match All
    match values:
    - part: header
      name: Content-Type
      operation: includes
      value: multipart/form-data
  - type: HTTP Request Parameter Name
    operation: At Least One
    values:
    - file
    - tinv_wishlist_id
    - product_id
    - tinv_wishlist_name


Modified WAF Objects: [total: 1]
==================================

Signature:
  Name: 'Directory Browsing Detection- Apache Server'
  ID: '607256'
  Pattern: part="Index of /"
  Attack: 'Directory Browsing'
  Attack Class: 'Directory Browsing'
  Dictionary: 'Directory Browsing Detection'
  Policy: 'Directory Browsing Detection'
  Search In:
    - 'response-content'