Imunify360 Blog - WAF rulesets released
Imunify360 and Imunify Sensor Blog

WAF rulesets released

WAF_Rulesets_Stable

 We are pleased to announce that the new updated WAF rulesets version 2.18 are released.

New rules

  • 77210710 Request content type optimization;
  • 77210740 HTTP header policy optimization;
  • 77223040, 77223041 SQL injection vulnerability in Questions 1.4.3 component for Joomla (CVE-2018-17377);
  • 77223050, 77223051 SQL injection vulnerability in Reverse Auction Factory 4.3.8 component for Joomla! (CVE-2018-17376);
  • 77223060, 77223061 SQL injection vulnerability in Swap Factory 2.2.1 Raffle Factory 3.5.2 Penny Auction Factory 2.0.4 component for Joomla! (CVE-2018-17379 CVE-2018-17378 CVE-2018-17384);
  • 77223070 SQL injection vulnerability in Timetable Schedule 3.6.8 component for Joomla! (CVE-2018-17394);
  • 77223080 SQL injection vulnerability in Music Collection 3.0.3 component for Joomla! (CVE-2018-17375);
  • 77223090 SQL injection vulnerability in Article Factory Manager 4.3.9 component for Joomla! (CVE-2018-17380);
  • 77223100 SQL injection vulnerability in Jobs Factory 2.0.4 component for Joomla! (CVE-2018-17382);
  • 77223110 SQL injection vulnerability in AlphaIndex Dictionaries 1.0 component for Joomla! (CVE-2018-17397);
  • 77230740 XSS vulnerability in Smart Slider3 plugin version 3.3.8 for WordPress;
  • 77230810 XSS vulnerability Schiocco Support Board - Chat And Help Desk plugin 1.2.3 for WordPress (CVE-2018-18373);
  • 77230820 XSS vulnerability in Unite Gallery Lite plugin 1.7.43 for WordPress;
  • 77230830 XSS vulnerability in NextGEN Gallery plugin 3.0.16 for WordPress;
  • 77230840 Unrestricted file upload vulnerability in Arigato Autoresponder and Newsletter (aka bft-autoresponder) v2.5.1.7 plugin for WordPress (CVE-2018-18461);
  • 77230850 XSS vulnerability in Appointments plugin 2.4.0 for WordPress;
  • 77230860 XSS vulnerability in WP Live Chat Support plugin 8.0.15 for WordPress (CVE-2018-18460);
  • 77230870 XSS vulnerability in VO Store Locator plugin 3.2.12 for WordPress;
  • 77230880 XSS vulnerability in WP Native Articles plugin 1.5.3 for WordPress;
  • 77230890 XSS vulnerability in Snazzy Maps plugin before 1.1.5 for WordPress (CVE-2018-17947);
  • 77230900 XSS vulnerability in Interactive World Map plugin 1.1 for WordPress;
  • 77230920 XSS vulnerability in Simba Plugin Updates Manager 1.8.11 for WordPress;
  • 77230930 XSS vulnerability in Amazon Product in a Post Plugin 4.0.3.3 for WordPress;
  • 77230940 XSS vulnerability in Simple Wishlists for Weddings Birthdays etc Plugin 1.5.3 For WordPress.

Bug fixes

  • Excluded "SecStreamInBodyInspection On" directive from configs as it is not supported in further versions of libModSecurity and may significantly impact file upload times.
  • Disabled rule 77211090 due to the high false positive rate at monitoring.
  • Disabled rule 77217280 due to the high false positive rate at monitoring.
  • Optimization to prepare the ruleset to the new ModSecurity v3.x.

Stay in touch

If you encounter any problems with the product or you have feedback and ideas to share, please send a request to our Imunify360 support team via cloudlinux.zendesk.com.

Nicely integrated: cPanel and ImunifyAV
Imunify360 4.0 Production Release—It’s here
 

Comments

No comments made yet. Be the first to submit a comment
Already Registered? Login Here
Guest
Tuesday, 12 November 2019

Captcha Image