WAF Rule ID 330701
Alert message: Atomicorp.com WAF Rules: CVE-2014-6271 Bash Attack
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 3
Severity: Alert (HIDS: 10)
HTTP Protocol Phase: 1
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
WAF Rule ID 330702
Alert message: Atomicorp.com WAF Rules: CVE-2014-6271 Bash Attack
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 3
Severity: Alert (HIDS: 10)
HTTP Protocol Phase: 1
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
WAF Rule ID 331702
Alert message: Atomicorp.com WAF Rules: Possible JSON-Based SQL Injection
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 6
Severity: Alert (HIDS: 10)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
lowercase
removeWhitespace
urlDecodeUni
Log Types:
Basic Information (log)
Description:
Atomicorp.com WAF Rules: Possible JSON-Based SQL Injection
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 394669
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: Shenzhen TVT Digital Technology Co. Ltd & OEM {DVR/NVR/IPC} API RCE attempt blocked
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: Shenzhen TVT Digital Technology Co. Ltd & OEM {DVR/NVR/IPC} API RCE attempt blocked
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 334071
Alert message: Atomicorp.com WAF Rules: Known PHP code injection Attack
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 2
Severity: Alert (HIDS: 10)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: Known PHP code injection Attack
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 334072
Alert message: Atomicorp.com WAF Rules: CVE-2019-6703 Attack blocked
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 5
Severity: Alert (HIDS: 10)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: CVE-2019-6703 Attack blocked
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 334073
Alert message: Atomicorp.com WAF Rules: Injection Attack blocked
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Alert (HIDS: 10)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
removeWhitespace
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: Injection Attack blocked
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 394667
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: Possible CryptoPHP backdoor attempt
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: Possible CryptoPHP backdoor attempt
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 394666
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: Possible CryptoPHP backdoor attempt
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: Possible CryptoPHP backdoor attempt
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 312863
Alert message: Atomicorp.com WAF Rules: Potential Reflected File Download (RFD) Attack.
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version:
Severity: Emergency (HIDS: 14)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
This rules detects when a potential reflected download attack (RFD) has been detected.
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
http://dl.packetstormsecurity.net/papers/attack/Aspect_File_Download_Injection.pdf
WAF Rule ID 339207
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: Struts CVE-2020-17530 RCE attack blocked
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
base64Decode
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: Struts CVE-2020-17530 RCE attack blocked
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 337207
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: Java RCE attack blocked
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 4
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: Java RCE attack blocked
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 337206
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: Struts RCE attack blocked
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 8
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: Struts RCE attack blocked
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 337208
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: Struts RCE attack blocked
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 6
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: Struts RCE attack blocked
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 337210
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: Java RCE attack blocked
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 8
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: Java RCE attack blocked
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 337218
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: Struts RCE attack blocked
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
lowercase
removeWhitespace
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: Struts RCE attack blocked
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 337211
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: Confluence Pre-Auth Remote Code Execution via OGNL Injection (CVE-2022-26134) blocked
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 4
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: Confluence Pre-Auth Remote Code Execution via OGNL Injection (CVE-2022-26134) blocked
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 337209
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: Java remote code injection blocked
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 5
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: Java remote code injection blocked
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 337106
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: Joomla RCE attack blocked
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 2
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
lowercase
removeWhitespace
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: Joomla RCE attack blocked
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 337107
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: Joomla RCE attack blocked
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 2
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
lowercase
removeWhitespace
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: Joomla RCE attack blocked
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 347195
Alert message: Atomicorp.com WAF Rules: PHP function in HTTP header attack blocked
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
replaceNulls
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: PHP function in HTTP header attack blocked
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 392767
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: Possible BIG_IP attack
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 2
Severity: Alert (HIDS: 10)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: Possible BIG_IP attack
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 392765
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: Naive Java application cross scripting attack
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 2
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
removeComments
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: Naive Java application cross scripting attack
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 393664
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: Wordpress Gravity Forms upload attack
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 2
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
lowercase
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: Wordpress Gravity Forms upload attack
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 393663
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: Possible Wordpress CM Download Manager RCE attempt
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: Possible Wordpress CM Download Manager RCE attempt
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 322272
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: cmdownload XSS attack (CVE-2020-27344)
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 3
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
lowercase
normalisePath
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: cmdownload XSS attack (CVE-2020-27344)
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 391235
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: Drupal pre-auth SQL injection attack
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 8
Severity: Alert (HIDS: 10)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
removeComments
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: Drupal pre-auth SQL injection attack
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 393766
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: semalt.com bot attempt
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 8
Severity: Error (HIDS: 8)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Options: No active Response
Transforms:
lowercase
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: semalt.com bot attempt
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 393669
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: Possible DOS attack
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Alert (HIDS: 10)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: Possible DOS attack
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 384545
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: Joomla Media Manager File Upload Bypass Attack
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: Joomla Media Manager File Upload Bypass Attack
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 393665
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch:Possible W3TC and WP Super Cache PHP Code injection attempt
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Alert (HIDS: 10)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch:Possible W3TC and WP Super Cache PHP Code injection attempt
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 378492
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: Roundcube LFI vulnerablity
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 7
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: Roundcube LFI vulnerablity
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 378497
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: Unauthorized Proxying of Website by .stfi.re
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 7
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: Unauthorized Proxying of Website by .stfi.re
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 378491
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: Possible Attempt to Exploit PHP CGI command injection vulnerablity
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 6
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
lowercase
removeWhitespace
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 378371
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: Possible Attempt to Exploit PHP CGI command injection vulnerablity
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 4
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
removeWhitespace
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 376476
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: VBulleting Code Injection Attack Blocked
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: VBulleting Code Injection Attack Blocked
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 376416
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: W3 Total Cache vulnerablity
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
lowercase
removeWhitespace
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: W3 Total Cache vulnerablity
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 392664
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: Joomla Privilige Escalation Vulnerability
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Alert (HIDS: 10)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: Joomla Privilige Escalation Vulnerability
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 392665
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: Joomla Privilige Escalation Vulnerability
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Alert (HIDS: 10)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: Joomla Privilige Escalation Vulnerability
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 381211
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: MySQL Server Username/Password Disclosure Vulnerability via \
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version:
Severity: Emergency (HIDS: 14)
HTTP Protocol Phase: 4
HTTP Status: 403
Action: deny
Transforms:
lowercase
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: MySQL Server Username/Password Disclosure Vulnerability via \
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 336477
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: Magento Shoplift attack
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 2
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: Magento Shoplift attack
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 336478
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: ModX Revolution 2.3.5-pl Cross Site Scripting attack
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 2
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: ModX Revolution 2.3.5-pl Cross Site Scripting attack
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 391742
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: Wordpress Gravity Forms 1.8.19 Shell Upload Attack
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Emergency (HIDS: 14)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: Wordpress Gravity Forms 1.8.19 Shell Upload Attack
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 391743
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: Wordpress Gravity Forms 1.8.19 Shell Upload Attack
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Emergency (HIDS: 14)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: Wordpress Gravity Forms 1.8.19 Shell Upload Attack
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 390751
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: Wordpress REST API remote code injection attack
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 2
Severity: Emergency (HIDS: 14)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: Wordpress REST API remote code injection attack
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 390753
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: Wordpress REST API remote code injection attack
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Emergency (HIDS: 14)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: Wordpress REST API remote code injection attack
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 390755
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: Drupal Code Injection attack blocked
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 2
Severity: Emergency (HIDS: 14)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: Drupal Code Injection attack blocked
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 390766
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: Drupal Code Injection attack blocked
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version:
Severity: Emergency (HIDS: 14)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: Drupal Code Injection attack blocked
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 390767
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: Drupal Code Injection attack blocked
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version:
Severity: Emergency (HIDS: 14)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: Drupal Code Injection attack blocked
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 390768
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: PHP Code Injection attack blocked
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version:
Severity: Emergency (HIDS: 14)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: PHP Code Injection attack blocked
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 322211
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: WP myEasybackup directory recursion attack
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: WP myEasybackup directory recursion attack
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 393782
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: PGP eval stdin attack blocked
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: PGP eval stdin attack blocked
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 393781
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: WordPress File Manager Plugin attack blocked
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: WordPress File Manager Plugin attack blocked
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 322121
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: WP Live Chat File Upload attack
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 2
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: WP Live Chat File Upload attack
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 393780
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: WordPress Possible TC custom javscript injection attack blocked
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: WordPress Possible TC custom javscript injection attack blocked
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 334616
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: Possible Advanced Access Manager attack attempt
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: Possible Advanced Access Manager attack attempt
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 334617
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: WP User Avatar plugin privilege escalation attack attempt
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: WP User Avatar plugin privilege escalation attack attempt
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 393750
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: WordPress ajax_asyn_link LFI attack blocked
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: WordPress ajax_asyn_link LFI attack blocked
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 393758
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: WordPress backup manager LFI attack blocked
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: WordPress backup manager LFI attack blocked
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 393759
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: WordPress backup manager LFI attack blocked
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: WordPress backup manager LFI attack blocked
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 393771
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: WordPress shortcode LFI attack blocked
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: WordPress shortcode LFI attack blocked
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 393772
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: WordPress adaptive-images-script.php LFI attack blocked
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: WordPress adaptive-images-script.php LFI attack blocked
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 393760
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: OPAC RSS Search SQL injection attack blocked
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: OPAC RSS Search SQL injection attack blocked
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 393749
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: WordPress html2canvas proxy SSRF attack blocked
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: WordPress html2canvas proxy SSRF attack blocked
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 322314
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: WP AccessPress Themes attack (CVE-2020-25378)
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 2
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: WP AccessPress Themes attack (CVE-2020-25378)
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 322313
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: WP recall products plugin XSS attack (CVE-2020-25380)
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 2
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: WP recall products plugin XSS attack (CVE-2020-25380)
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 322111
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: WordPress Load More SQL injection attack
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 2
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: WordPress Load More SQL injection attack
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 322122
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: WP Medoa Recursion attack
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 2
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: WP Medoa Recursion attack
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 393666
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: Possible Wordpress brute force attempt, direct Login Missing Referer (not blocked)
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 4
Severity: Warning (HIDS: 7)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: pass
Options: No active Response
Transforms:
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: Possible Wordpress brute force attempt, direct Login Missing Referer (not blocked)
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 323667
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: WP XSS in Loginizer attack (CVE-2018-11366)
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version:
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: pass
Transforms:
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: WP XSS in Loginizer attack (CVE-2018-11366)
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 356710
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: Wordpress PHP Anywhere < 3.0.0 - Remote Code Execution
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: Wordpress PHP Anywhere < 3.0.0 - Remote Code Execution
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 322182
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: WooCommerce Unauthenticated Arbitrary File Upload attack
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 2
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: WooCommerce Unauthenticated Arbitrary File Upload attack
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 322183
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: WooCommerce Unauthenticated Arbitrary File Upload attack
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 2
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: WooCommerce Unauthenticated Arbitrary File Upload attack
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 322102
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: SQL Injection attack against WP Good Layers Plugin (CVE-2020-27481)
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 2
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: SQL Injection attack against WP Good Layers Plugin (CVE-2020-27481)
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 322172
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: WordPress Download Manager XSS attack (CVE-2013-7319)
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 2
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
htmlEntityDecode
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: WordPress Download Manager XSS attack (CVE-2013-7319)
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 322112
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: Elementor Pro File Upload attack attack
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 2
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: Elementor Pro File Upload attack attack
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 322113
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: Drag and Drop Upload Contact Form Code Injection attack
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 2
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: Drag and Drop Upload Contact Form Code Injection attack
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 322114
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: WP Widget Importer/Export RFI attack
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 2
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: WP Widget Importer/Export RFI attack
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 322115
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: MapPress Maps path recursion attack
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 2
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: MapPress Maps path recursion attack
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 383709
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: KingComposer XSS attack blocked
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: KingComposer XSS attack blocked
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 322222
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: WP CommentLuv XSS attack blocked
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: WP CommentLuv XSS attack blocked
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 303669
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: Adning PHP code injection attack blocked
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: Adning PHP code injection attack blocked
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 303668
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: Adning PHP code injection attack blocked
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: Adning PHP code injection attack blocked
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 303768
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: Possible Newsletter Plugin attack blocked
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: Possible Newsletter Plugin attack blocked
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 303769
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: Possible Newsletter Plugin PHP objection insertion attack blocked
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: Possible Newsletter Plugin PHP objection insertion attack blocked
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 393767
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: Arbitrary File Upload Vulnerability in Jssor Slider attack blocked
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: Arbitrary File Upload Vulnerability in Jssor Slider attack blocked
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 323769
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: wp-config file download attack via duplicator plugin blocked
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: wp-config file download attack via duplicator plugin blocked
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 383769
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: WooCommerce attack blocked
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: WooCommerce attack blocked
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 393769
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: WordPress ajaxServersettingschk command injection attack blocked
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: WordPress ajaxServersettingschk command injection attack blocked
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 393768
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: WordPress ajaxServersettingschk command injection attack blocked
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: WordPress ajaxServersettingschk command injection attack blocked
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 393751
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: WordPress 301bulkoptions attack blocked
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: WordPress 301bulkoptions attack blocked
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 347147
Alert message: Atomicorp.com WAF Rules: Wordpress admin-ajax XSS attack
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 4
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
lowercase
removeNulls
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: Wordpress admin-ajax XSS attack
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 347148
Alert message: Atomicorp.com WAF Rules: Wordpress admin-ajax Live Chat plugin XSS attack
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
lowercase
removeNulls
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: Wordpress admin-ajax Live Chat plugin XSS attack
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 347149
Alert message: Atomicorp.com WAF Rules: Wordpress admin-ajax file injection attack
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
lowercase
removeNulls
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: Wordpress admin-ajax file injection attack
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 347150
Alert message: Atomicorp.com WAF Rules: WordPress GDPR Compliance Plugin Exploit blocked
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 2
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
lowercase
removeNulls
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: WordPress GDPR Compliance Plugin Exploit blocked
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 347151
Alert message: Atomicorp.com WAF Rules: WordPress Kiwi Social Plugin Exploit blocked
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
lowercase
removeNulls
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: WordPress Kiwi Social Plugin Exploit blocked
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 347152
Alert message: Atomicorp.com WAF Rules: WordPress Kiwi Social Plugin Exploit blocked
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 2
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
lowercase
removeNulls
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: WordPress Kiwi Social Plugin Exploit blocked
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 347153
Alert message: Atomicorp.com WAF Rules: WordPress Kiwi Social Plugin Exploit blocked
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
lowercase
removeNulls
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: WordPress Kiwi Social Plugin Exploit blocked
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 347154
Alert message: Atomicorp.com WAF Rules: WordPress Kiwi Social Plugin Exploit blocked
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
lowercase
removeNulls
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: WordPress Kiwi Social Plugin Exploit blocked
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 347155
Alert message: Atomicorp.com WAF Rules: WordPress Admin Ajax unauthenticated plugin/extension exploit blocked
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
lowercase
removeNulls
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: WordPress Admin Ajax unauthenticated plugin/extension exploit blocked
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 347156
Alert message: Atomicorp.com WAF Rules: WordPress Admin Ajax unauthenticated plugin/extension exploit blocked
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
lowercase
removeNulls
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: WordPress Admin Ajax unauthenticated plugin/extension exploit blocked
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 347157
Alert message: Atomicorp.com WAF Rules: WordPress Admin Ajax unauthenticated plugin/extension exploit blocked
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
lowercase
removeNulls
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: WordPress Admin Ajax unauthenticated plugin/extension exploit blocked
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 347158
Alert message: Atomicorp.com WAF Rules: WordPress Admin Ajax unauthenticated plugin/extension exploit blocked
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
lowercase
removeNulls
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: WordPress Admin Ajax unauthenticated plugin/extension exploit blocked
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 347159
Alert message: Atomicorp.com WAF Rules: WordPress Admin Ajax unauthenticated plugin/extension exploit blocked
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
lowercase
removeNulls
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: WordPress Admin Ajax unauthenticated plugin/extension exploit blocked
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 347160
Alert message: Atomicorp.com WAF Rules: WordPress Admin Ajax unauthenticated plugin/extension exploit blocked
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
lowercase
removeNulls
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: WordPress Admin Ajax unauthenticated plugin/extension exploit blocked
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 382245
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: Access attempt or probe for known vulnerable yuzo-related-post Plugin blocked
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Emergency (HIDS: 14)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: Access attempt or probe for known vulnerable yuzo-related-post Plugin blocked
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 382241
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: auth.login_form probe blocked
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Emergency (HIDS: 14)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: auth.login_form probe blocked
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 382242
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: auth.login_form probe blocked
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 4
Severity: Emergency (HIDS: 14)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: auth.login_form probe blocked
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 393743
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: WordPress Service Finder Booking Local File Disclosure blocked
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Emergency (HIDS: 14)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: WordPress Service Finder Booking Local File Disclosure blocked
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 391746
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: phpCollab 2.5.1 Unauthenticated File Upload blocked
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Emergency (HIDS: 14)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: phpCollab 2.5.1 Unauthenticated File Upload blocked
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 391747
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: WordPress LearnDash 2.5.3 File Upload
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Emergency (HIDS: 14)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: WordPress LearnDash 2.5.3 File Upload
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 391756
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: WP Cherry Plugin Unauthenticated File Upload blocked
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Emergency (HIDS: 14)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: WP Cherry Plugin Unauthenticated File Upload blocked
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 391748
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: WordPress LearnDash 2.5.3 File Upload
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Emergency (HIDS: 14)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: WordPress LearnDash 2.5.3 File Upload
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 391749
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: Advertisement board Joomla classifieds extension 3.2.0 - Remote Shell Upload Vulnerability blocked
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Emergency (HIDS: 14)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: Advertisement board Joomla classifieds extension 3.2.0 - Remote Shell Upload Vulnerability blocked
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 391759
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: PerfexCRM 1.9.7 a Unrestricted php5 File upload blocked
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Emergency (HIDS: 14)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: PerfexCRM 1.9.7 a Unrestricted php5 File upload blocked
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 390747
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: Boost My Campaign 1.1 Unauthenticated Administrative Access blocked
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Emergency (HIDS: 14)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: Boost My Campaign 1.1 Unauthenticated Administrative Access blocked
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 390769
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: WordPress Theme Newspaper 6.7.1 - Privilege Escalation attack
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Emergency (HIDS: 14)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: WordPress Theme Newspaper 6.7.1 - Privilege Escalation attack
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 390849
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: PHPMailer remote code execution attack
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 2
Severity: Emergency (HIDS: 14)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: PHPMailer remote code execution attack
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 390749
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: Joomla privilege escalation attack
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Emergency (HIDS: 14)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: Joomla privilege escalation attack
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 390746
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: Known Vulnerable Joomla Simple File Upload v1.3 Access blocked
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Emergency (HIDS: 14)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: Known Vulnerable Joomla Simple File Upload v1.3 Access blocked
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 390745
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: Known PHP malware
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Emergency (HIDS: 14)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: Known PHP malware
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 390744
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: Joomla com aceftp Arbitrary File Download Vulnerability
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Emergency (HIDS: 14)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: Joomla com aceftp Arbitrary File Download Vulnerability
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 391744
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: SugarCRM PHP Code injection attack
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Emergency (HIDS: 14)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: SugarCRM PHP Code injection attack
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 391745
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: SugarCRM Insecure fopen attack
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Emergency (HIDS: 14)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: SugarCRM Insecure fopen attack
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 391741
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: Roxy File Manager Shell Upload Attack
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Emergency (HIDS: 14)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: Roxy File Manager Shell Upload Attack
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 391739
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: Easy Hosting Control Panel plaintext password attack denied
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Emergency (HIDS: 14)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: Easy Hosting Control Panel plaintext password attack denied
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 391740
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: WordPress WP Mobile Detector 3.5 Shell Upload
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Emergency (HIDS: 14)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: WordPress WP Mobile Detector 3.5 Shell Upload
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 391709
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: Easy Hosting Control Panel Unauthenticated File upload attack denied
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Emergency (HIDS: 14)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: Easy Hosting Control Panel Unauthenticated File upload attack denied
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 393739
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: PivotX shell upload attack denied
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Emergency (HIDS: 14)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: PivotX shell upload attack denied
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 393738
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: Zenphoto RFI attack denied
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Emergency (HIDS: 14)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: Zenphoto RFI attack denied
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 393737
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: PHP utility belt access denied
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Emergency (HIDS: 14)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: PHP utility belt access denied
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 393734
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: Yeager CMS unauthenticated upload blocked
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Emergency (HIDS: 14)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: Yeager CMS unauthenticated upload blocked
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 393721
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: Yeager CMS SSRF attack blocked
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Emergency (HIDS: 14)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: Yeager CMS SSRF attack blocked
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 393720
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: Grawlix 1.0.3: Code Execution
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Emergency (HIDS: 14)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: Grawlix 1.0.3: Code Execution
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 393719
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: CouchCMS 1.4.5: Code Execution attack blocked
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Emergency (HIDS: 14)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: CouchCMS 1.4.5: Code Execution attack blocked
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 364577
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: Bigware Shop 2.3.01 File Upload Attack blocked
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: Bigware Shop 2.3.01 File Upload Attack blocked
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 344577
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: Magmi file recursion attack
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: Magmi file recursion attack
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 344477
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: ProjeQtor 4.5.2 Shell Upload attack
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: ProjeQtor 4.5.2 Shell Upload attack
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 344479
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: Centreon 2.6.1 Command Injection Vulnerability attack
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: Centreon 2.6.1 Command Injection Vulnerability attack
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 343478
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: Collabtive 2.0 Shell Upload attack
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: Collabtive 2.0 Shell Upload attack
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 343481
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: Vtiger CRM 6.3 Remote Code Execution attack
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: Vtiger CRM 6.3 Remote Code Execution attack
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 348476
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: Wordpress Plugin Navis Documentcloud XSS Vulnerability attack
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: Wordpress Plugin Navis Documentcloud XSS Vulnerability attack
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 348477
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: Pluck remote code injection attack
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: Pluck remote code injection attack
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 348478
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: Pluck recon phpinfon attack
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: Pluck recon phpinfon attack
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 347475
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: Wordpress Plugin wp-symposium Unauthenticated SQL Injection Vulnerability attack
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: Wordpress Plugin wp-symposium Unauthenticated SQL Injection Vulnerability attack
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 347476
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: Wordpress Plugin wp-symposium Unauthenticated SQL Injection Vulnerability attack
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: Wordpress Plugin wp-symposium Unauthenticated SQL Injection Vulnerability attack
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 347474
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: vBulletin Memcache Remote Code Execution Attack
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: vBulletin Memcache Remote Code Execution Attack
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 337472
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: Microweber v1.0.3 File Upload Filter Bypass Remote PHP Code Execution attempt
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: Microweber v1.0.3 File Upload Filter Bypass Remote PHP Code Execution attempt
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 337473
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: Generic wordpress plugins Upload Filter Bypass Remote file access attempt
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: Generic wordpress plugins Upload Filter Bypass Remote file access attempt
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 337474
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: WordPress Fast Image Adder 1.1 Shell Upload attack
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: WordPress Fast Image Adder 1.1 Shell Upload attack
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 337475
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: WordPress Fast Image Adder 1.1 Shell Upload attack
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: WordPress Fast Image Adder 1.1 Shell Upload attack
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 337470
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: Wordpress uploadify upload Attack
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: Wordpress uploadify upload Attack
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 337471
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: uploadify non-media file upload violation
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 3
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: uploadify non-media file upload violation
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 337476
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: uploadify RFI attack blocked
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 3
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: uploadify RFI attack blocked
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 393726
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: Wordpress WooCommerce Privilege Escalation
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Emergency (HIDS: 14)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: Wordpress WooCommerce Privilege Escalation
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 393725
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: Wordpress WP User Frontend Plugin Unrestricted File Upload blocked
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Emergency (HIDS: 14)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
lowercase
removeComments
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: Wordpress WP User Frontend Plugin Unrestricted File Upload blocked
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 393723
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: Wordpress Blind SQLi POC blocked
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Emergency (HIDS: 14)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: Wordpress Blind SQLi POC blocked
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 393727
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: Possible Wordpress User Meta Manager Plugin Information Disclosure attack blocked
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Emergency (HIDS: 14)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: Possible Wordpress User Meta Manager Plugin Information Disclosure attack blocked
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 393728
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: Possible Wordpress User Meta Manager Plugin Information Disclosure attack blocked
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Emergency (HIDS: 14)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: Possible Wordpress User Meta Manager Plugin Information Disclosure attack blocked
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 393724
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: Wordpress Privilege Escalation attack blocked
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Emergency (HIDS: 14)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
lowercase
removeComments
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: Wordpress Privilege Escalation attack blocked
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 337469
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: Wordpress Revslider upload Attack
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 3
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 337479
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: Wordpress Revslider non-image file download Attack
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 2
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 336469
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: Wordpress Stored XSS Attack
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: Wordpress Stored XSS Attack
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 336468
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: Google Maps plugin for Joomla probe
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 2
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 1
HTTP Status: 403
Action: deny
Transforms:
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: Google Maps plugin for Joomla probe
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 336467
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: Possible chained PHP array injection attack
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 3
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: Possible chained PHP array injection attack
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 336460
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: Open Flash Charts File Upload Attack
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 3
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: Open Flash Charts File Upload Attack
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 336459
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: Plesk secret_key attack
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 3
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: Plesk secret_key attack
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 336359
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: Wordpress pingback zombie attack
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 2
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 331358
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: Vbulletin zero day attack
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 2
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: Vbulletin zero day attack
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 331357
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: WHMCS SQL injection attack
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 3
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: WHMCS SQL injection attack
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 321357
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: WordPress serialize name change attack
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: WordPress serialize name change attack
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 321356
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: Joomla probe
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
replaceNulls
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: Joomla probe
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 388000
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: Possible Attempt to Access vulnerable FCKeditor file upload connector (Disable if you have configured this connector to require authentication)
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
replaceNulls
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 380800
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: PHP Easter Egg Access
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
replaceNulls
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 380801
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: PHP Easter Egg Access
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
replaceNulls
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 390760
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: RFI Injection Exploit
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: RFI Injection Exploit
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 393756
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch:e107 RFI attack
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Alert (HIDS: 10)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
htmlEntityDecode
lowercase
replaceNulls
urlDecode
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch:e107 RFI attack
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 390655
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: SYSURL RFI attack Vulnerability
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Alert (HIDS: 10)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
Log Types:
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: SYSURL RFI attack Vulnerability
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 390656
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: get variable RFI attack Vulnerability
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Alert (HIDS: 10)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
Log Types:
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: get variable RFI attack Vulnerability
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 391760
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: RFI Injection Exploit
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
replaceNulls
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: RFI Injection Exploit
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 395760
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: RFI Injection Exploit
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: RFI Injection Exploit
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 310054
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: b2 cafelog gm-2-b2.php remote file include attempt
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
Log Types:
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: b2 cafelog gm-2-b2.php remote file include attempt
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 310055
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: BLNews objects.inc.php4 remote file include attempt
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
Log Types:
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: BLNews objects.inc.php4 remote file include attempt
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 310056
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: ttCMS header.php remote file include attempt
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 2
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
Log Types:
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: ttCMS header.php remote file include attempt
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 310059
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: pmachine remote file include attempt
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
Log Types:
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: pmachine remote file include attempt
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 310090
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: Forum remote include attempt
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
Log Types:
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: Forum remote include attempt
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 310227
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: auth.php remote file inclusion attempt
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
Log Types:
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: auth.php remote file inclusion attempt
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 310233
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: PHP formmail.inc.php file inclusion attempt
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 2
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
Log Types:
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: PHP formmail.inc.php file inclusion attempt
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 310234
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: download Center Lite download_center_lite.inc.php command execution attempt
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Alert (HIDS: 10)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
Log Types:
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: download Center Lite download_center_lite.inc.php command execution attempt
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 310235
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: mod_mainmenu.php command execution attempt
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Alert (HIDS: 10)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
Log Types:
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: mod_mainmenu.php command execution attempt
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 310236
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: phpWebLog init.inc.php command execution attempt
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Alert (HIDS: 10)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
Log Types:
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: phpWebLog init.inc.php command execution attempt
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 310238
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: mcNews header.php command execution attempt
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 2
Severity: Alert (HIDS: 10)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
Log Types:
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: mcNews header.php command execution attempt
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 310240
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: votebox.php command execution attempt
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Alert (HIDS: 10)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
Log Types:
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: votebox.php command execution attempt
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 310267
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: phpWebLog init.inc.php remote file inclusion attempt
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase:
HTTP Status: 403
Action: deny
Transforms:
Log Types:
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: phpWebLog init.inc.php remote file inclusion attempt
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 310293
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: poc_root_path remote file inclusion attempt
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase:
HTTP Status: 403
Action: deny
Transforms:
Log Types:
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: poc_root_path remote file inclusion attempt
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 310295
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: PHPOpenChat poc.php remote file inclusion attempt
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase:
HTTP Status: 403
Action: deny
Transforms:
Log Types:
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: PHPOpenChat poc.php remote file inclusion attempt
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 310297
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: mcNews install.php remote command execution attempt
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Alert (HIDS: 10)
HTTP Protocol Phase:
HTTP Status: 403
Action: deny
Transforms:
Log Types:
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: mcNews install.php remote command execution attempt
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 390282
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: page_tail RFI injection Vulnerability
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase:
HTTP Status: 403
Action: deny
Transforms:
Log Types:
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: page_tail RFI injection Vulnerability
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 310237
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: phpWebLog backend index.php command execution attempt
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 2
Severity: Alert (HIDS: 10)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: pass
Transforms:
compressWhitespace
lowercase
replaceNulls
urlDecodeUni
Log Types:
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: phpWebLog backend index.php command execution attempt
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 310268
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: phpWebLog links/index.php remote file inclusion attempt
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: pass
Transforms:
compressWhitespace
lowercase
replaceNulls
urlDecodeUni
Log Types:
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: phpWebLog links/index.php remote file inclusion attempt
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 310289
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: PHPnuke index.php remote file inclusion attempt
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: pass
Transforms:
compressWhitespace
lowercase
replaceNulls
urlDecodeUni
Log Types:
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: PHPnuke index.php remote file inclusion attempt
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 390651
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: Joomla! Shoutbox Pro Component controller Local File Inclusion Vulnerability
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Alert (HIDS: 10)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: pass
Transforms:
compressWhitespace
lowercase
replaceNulls
urlDecodeUni
Log Types:
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: Joomla! Shoutbox Pro Component controller Local File Inclusion Vulnerability
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 310274
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: auraCMA index.php cross-site-scripting attempt
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: pass
Transforms:
compressWhitespace
lowercase
replaceNulls
urlDecodeUni
Log Types:
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: auraCMA index.php cross-site-scripting attempt
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 310337
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: Dream4 Koobi CMS index.php remote file inclusion attempt
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: pass
Transforms:
compressWhitespace
lowercase
replaceNulls
urlDecodeUni
Log Types:
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: Dream4 Koobi CMS index.php remote file inclusion attempt
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 310392
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: AlstraSoft EPay Pro epal/index.php remote file inclusion attempt
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: pass
Transforms:
compressWhitespace
lowercase
replaceNulls
urlDecodeUni
Log Types:
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: AlstraSoft EPay Pro epal/index.php remote file inclusion attempt
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 310580
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: Page argument RFI injection attempt
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: pass
Transforms:
compressWhitespace
lowercase
replaceComments
replaceNulls
urlDecodeUni
Log Types:
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: Page argument RFI injection attempt
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 331323
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: Potential Owncloud information leakage attack blocked
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 2
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: Potential Owncloud information leakage attack blocked
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 393753
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: LFI attack blocked
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Emergency (HIDS: 14)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: LFI attack blocked
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 393754
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: PHP code injection attack blocked
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Emergency (HIDS: 14)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: PHP code injection attack blocked
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 393752
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: LFI attack blocked
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Emergency (HIDS: 14)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: LFI attack blocked
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 390737
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: Joomla Image Upload - Arbitrary File Upload
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Emergency (HIDS: 14)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: Joomla Image Upload - Arbitrary File Upload
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 333458
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: DOKEOS ce30 Authentication Bypass attack blocked
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 2
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: DOKEOS ce30 Authentication Bypass attack blocked
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 333358
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: Potential JCE image manager attack
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 3
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: Potential JCE image manager attack
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 333359
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: JCE image attempt to rename image file to PHP attack
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 3
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: JCE image attempt to rename image file to PHP attack
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 391663
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: NoNumber Framework Joomla Plugin Vulnerability
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Alert (HIDS: 10)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
replaceNulls
urlDecodeUni
Log Types:
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: NoNumber Framework Joomla Plugin Vulnerability
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 391664
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: NoNumber Framework Joomla Plugin Vulnerability Probe
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Alert (HIDS: 10)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
replaceNulls
urlDecodeUni
Log Types:
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: NoNumber Framework Joomla Plugin Vulnerability Probe
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 391662
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: Module user SQL Injection Vulnerability
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Alert (HIDS: 10)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
replaceComments
replaceNulls
urlDecodeUni
Log Types:
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: Module user SQL Injection Vulnerability
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 310251
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: citrusdb tools/index.php directory traversal attempt
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
replaceNulls
urlDecodeUni
Log Types:
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: citrusdb tools/index.php directory traversal attempt
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 310252
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: citrusdb tools/index.php upload authorization bypass attempt
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Alert (HIDS: 10)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
replaceNulls
urlDecodeUni
Log Types:
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: citrusdb tools/index.php upload authorization bypass attempt
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 310058
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: ttforum remote file include attempt
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
replaceNulls
urlDecodeUni
Log Types:
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: ttforum remote file include attempt
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 310066
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: IdeaBox file include
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
replaceNulls
urlDecodeUni
Log Types:
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: IdeaBox file include
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 310335
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: Dream4 Koobi CMS index.php SQL injection attempt
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 2
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
replaceComments
replaceNulls
urlDecodeUni
Log Types:
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: Dream4 Koobi CMS index.php SQL injection attempt
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 310346
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: eXoops index.php SQL injection attempt
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
replaceNulls
urlDecodeUni
Log Types:
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: eXoops index.php SQL injection attempt
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 310347
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: eXoops sections/index.php cross-site-scripting attempt
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
replaceNulls
urlDecodeUni
Log Types:
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: eXoops sections/index.php cross-site-scripting attempt
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 310372
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: Lighthouse Squirrelcart index.php SQL injection attempt
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
replaceNulls
urlDecodeUni
Log Types:
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: Lighthouse Squirrelcart index.php SQL injection attempt
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 310382
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: InterAKT MX Kart index.php SQL injection attempt
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
replaceNulls
urlDecodeUni
Log Types:
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: InterAKT MX Kart index.php SQL injection attempt
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 310405
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: phpMyAdmin index.php convcharset parameter cross-site-scripting attempt
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
replaceNulls
urlDecodeUni
Log Types:
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: phpMyAdmin index.php convcharset parameter cross-site-scripting attempt
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 310407
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: Cubecart index.php SQL injection attempt
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
replaceNulls
urlDecodeUni
Log Types:
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: Cubecart index.php SQL injection attempt
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 310425
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: phpBB index.php SQL injection attempt
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
lowercase
Log Types:
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: phpBB index.php SQL injection attempt
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 310445
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: Squirrelcart index.php SQL injection attempt
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
replaceNulls
urlDecodeUni
Log Types:
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: Squirrelcart index.php SQL injection attempt
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 310466
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: eGroupWare index.php SQL injection attempt
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
replaceComments
replaceNulls
urlDecodeUni
Log Types:
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: eGroupWare index.php SQL injection attempt
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 310467
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: eGroupWare tts/index.php SQL injection attempt
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
replaceComments
replaceNulls
urlDecodeUni
Log Types:
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: eGroupWare tts/index.php SQL injection attempt
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 390652
Alert message: Atomicorp.com WAF Rules - FreePHPBlogSoftware phpincdir File Inclusion Vulnerability
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
replaceNulls
urlDecodeUni
Log Types:
Description:
Atomicorp.com WAF Rules - FreePHPBlogSoftware phpincdir File Inclusion Vulnerability
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 350023
Alert message: Atomicorp.com WAF Rules: Non-Existant File Google Recon attempt
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
replaceNulls
urlDecodeUni
Log Types:
Description:
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 380005
Alert message: Atomicorp.com WAF Rules: PHP session cookie attack
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
replaceNulls
urlDecodeUni
Log Types:
Description:
Atomicorp.com WAF Rules: PHP session cookie attack
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 310008
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: squirrel mail spell-check arbitrary command attempt
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
replaceNulls
urlDecodeUni
Log Types:
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: squirrel mail spell-check arbitrary command attempt
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 310009
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: squirrel mail theme arbitrary command attempt
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
replaceNulls
urlDecodeUni
Log Types:
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: squirrel mail theme arbitrary command attempt
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 310010
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: directory.php arbitrary command attempt
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
replaceNulls
urlDecodeUni
Log Types:
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: directory.php arbitrary command attempt
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 310045
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: DNSTools administrator authentication bypass attempt
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
replaceNulls
urlDecodeUni
Log Types:
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: DNSTools administrator authentication bypass attempt
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 310049
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: Blahz-DNS dostuff.php modify user attempt
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
replaceNulls
urlDecodeUni
Log Types:
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: Blahz-DNS dostuff.php modify user attempt
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 310050
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: PHP-Wiki cross site scripting attemptt
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
replaceNulls
urlDecodeUni
Log Types:
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: PHP-Wiki cross site scripting attemptt
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 310053
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: shoutbox.php directory traversal attempt
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
replaceNulls
urlDecodeUni
Log Types:
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: shoutbox.php directory traversal attempt
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 310057
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: autohtml.php directory traversal attempt
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
replaceNulls
urlDecodeUni
Log Types:
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: autohtml.php directory traversal attempt
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 310061
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: guestbook remote file include attempt
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
replaceNulls
urlDecodeUni
Log Types:
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: guestbook remote file include attempt
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 310064
Alert message: Atomicorp.com WAF Rules: DCP-Portal remote file include attempt
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
replaceNulls
urlDecodeUni
Log Types:
Description:
Atomicorp.com WAF Rules: DCP-Portal remote file include attempt
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 310067
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: Invision Board emailer.php file include
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase:
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
replaceNulls
urlDecodeUni
Log Types:
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: Invision Board emailer.php file include
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 310068
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: WebChat db_mysql.php file include
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase:
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
replaceNulls
urlDecodeUni
Log Types:
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: WebChat db_mysql.php file include
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 310069
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: WebChat english.php file include
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase:
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
replaceNulls
urlDecodeUni
Log Types:
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: WebChat english.php file include
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 310070
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: Typo3 translations.php file include
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase:
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
replaceNulls
urlDecodeUni
Log Types:
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: Typo3 translations.php file include
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 310072
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: YaBB SE packages.php file include
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase:
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
replaceNulls
urlDecodeUni
Log Types:
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: YaBB SE packages.php file include
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 310073
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: newsPHP Language file include attempt
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase:
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
replaceNulls
urlDecodeUni
Log Types:
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: newsPHP Language file include attempt
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 310075
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: Invision Board ipchat.php file include
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase:
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
replaceNulls
urlDecodeUni
Log Types:
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: Invision Board ipchat.php file include
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 310077
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: PhpGedView PGV functions.php base directory manipulation attempt
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase:
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
replaceNulls
urlDecodeUni
Log Types:
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: PhpGedView PGV functions.php base directory manipulation attempt
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 310078
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: TUTOS path disclosure attempt
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase:
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
replaceNulls
urlDecodeUni
Log Types:
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: TUTOS path disclosure attempt
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 310083
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: Calendar XSS
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase:
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
replaceNulls
urlDecodeUni
Log Types:
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: Calendar XSS
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 310084
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: phpMyAdmin Export.PHP File Disclosure Vulnerability
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase:
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
replaceNulls
urlDecodeUni
Log Types:
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: phpMyAdmin Export.PHP File Disclosure Vulnerability
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 310086
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: PHPBB worm
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase:
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
replaceNulls
urlDecodeUni
Log Types:
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: PHPBB worm
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 310211
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: Phorum common.php direct access attempt
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase:
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
replaceNulls
urlDecodeUni
Log Types:
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: Phorum common.php direct access attempt
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 310212
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: Rolis guestbook insert.inc.php remote file inclusion attempt
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase:
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
replaceNulls
urlDecodeUni
Log Types:
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: Rolis guestbook insert.inc.php remote file inclusion attempt
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 310217
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: : Invision Board ipchat.php file inclusion attempt
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase:
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
replaceNulls
urlDecodeUni
Log Types:
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: : Invision Board ipchat.php file inclusion attempt
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 310219
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: : YaBB SE packages.php file inclusion attempt
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase:
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
replaceNulls
urlDecodeUni
Log Types:
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: : YaBB SE packages.php file inclusion attempt
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 310224
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: : WAnewsletter newsletter.php file inclusion attempt
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase:
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
replaceNulls
urlDecodeUni
Log Types:
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: : WAnewsletter newsletter.php file inclusion attempt
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 310225
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: : Opt-X header.php remote file inclusion attempt
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase:
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
replaceNulls
urlDecodeUni
Log Types:
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: : Opt-X header.php remote file inclusion attempt
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 310228
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: Dforum nav.php3 executable code injection attempt
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 2
Severity: Critical (HIDS: 9)
HTTP Protocol Phase:
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
replaceNulls
urlDecodeUni
Log Types:
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: Dforum nav.php3 executable code injection attempt
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 310229
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: phpMyAdmin phpmyadmin.css.php file inclusion attempt
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 3
Severity: Critical (HIDS: 9)
HTTP Protocol Phase:
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
replaceNulls
urlDecodeUni
Log Types:
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: phpMyAdmin phpmyadmin.css.php file inclusion attempt
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 310231
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: PHPBB oracle.php full path disclosure attempt
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase:
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
replaceNulls
urlDecodeUni
Log Types:
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: PHPBB oracle.php full path disclosure attempt
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 310239
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: phpBB admin_styles.php directory traversal attempt
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase:
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
replaceNulls
urlDecodeUni
Log Types:
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: phpBB admin_styles.php directory traversal attempt
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 310241
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: phpAdsNew lib-xmlrpcs.inc.php path disclosure attempt
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase:
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
replaceNulls
urlDecodeUni
Log Types:
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: phpAdsNew lib-xmlrpcs.inc.php path disclosure attempt
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 310242
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: phpAdsNew maintenance-activation.php path disclosure attempt
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase:
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
replaceNulls
urlDecodeUni
Log Types:
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: phpAdsNew maintenance-activation.php path disclosure attempt
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 310243
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: phpAdsNew maintenance-cleantables.php path disclosure attempt
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase:
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
replaceNulls
urlDecodeUni
Log Types:
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: phpAdsNew maintenance-cleantables.php path disclosure attempt
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 310244
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: phpAdsNew maintenance-autotargeting.php path disclosure attempt
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase:
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
replaceNulls
urlDecodeUni
Log Types:
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: phpAdsNew maintenance-autotargeting.php path disclosure attempt
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 310245
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: phpAdsNew maintenance-reports.php path disclosure attempt
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase:
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
replaceNulls
urlDecodeUni
Log Types:
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: phpAdsNew maintenance-reports.php path disclosure attempt
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 310246
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: phpAdsNew backwards compatibility phpads.php path disclosure attempt
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase:
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
replaceNulls
urlDecodeUni
Log Types:
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: phpAdsNew backwards compatibility phpads.php path disclosure attempt
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 310247
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: phpAdsNew backwards compatibility remotehtmlview.php path disclosure attempt
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase:
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
replaceNulls
urlDecodeUni
Log Types:
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: phpAdsNew backwards compatibility remotehtmlview.php path disclosure attempt
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 310248
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: phpAdsNew backwards compatibility click.php path disclosure attempt
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase:
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
replaceNulls
urlDecodeUni
Log Types:
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: phpAdsNew backwards compatibility click.php path disclosure attempt
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 310253
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: citrusdb tools/uploadcc.php credit card data upload attempt
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Alert (HIDS: 10)
HTTP Protocol Phase:
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
replaceNulls
urlDecodeUni
Log Types:
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: citrusdb tools/uploadcc.php credit card data upload attempt
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 310262
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: phpBB posting.php cross-site-scripting attempt
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase:
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
replaceNulls
urlDecodeUni
Log Types:
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: phpBB posting.php cross-site-scripting attempt
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 310263
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: phpBB posting.php cross-site-scripting attempt
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 2
Severity: Critical (HIDS: 9)
HTTP Protocol Phase:
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
replaceNulls
urlDecodeUni
Log Types:
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: phpBB posting.php cross-site-scripting attempt
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 310264
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: phpBB privmsg.php cross-site-scripting attempt
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase:
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
replaceNulls
urlDecodeUni
Log Types:
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: phpBB privmsg.php cross-site-scripting attempt
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 310266
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: mail_autocheck.php cross-site-scripting attempt
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase:
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
replaceNulls
urlDecodeUni
Log Types:
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: mail_autocheck.php cross-site-scripting attempt
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 310269
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: ProjectBB divers.php cross-site-scripting attempt
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase:
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
replaceNulls
urlDecodeUni
Log Types:
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: ProjectBB divers.php cross-site-scripting attempt
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 310270
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: ProjectBB divers.php cross-site-scripting attempt
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase:
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
replaceNulls
urlDecodeUni
Log Types:
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: ProjectBB divers.php cross-site-scripting attempt
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 310271
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: ProjectBB Zip/divers.php SQL injection attempt
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase:
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
replaceComments
replaceNulls
urlDecodeUni
Log Types:
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: ProjectBB Zip/divers.php SQL injection attempt
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 310272
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: WebChat defines.php local file inclusion attempt
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase:
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
replaceNulls
urlDecodeUni
Log Types:
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: WebChat defines.php local file inclusion attempt
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 310273
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: D-Forum nav.php3 cross-site-scripting attempt
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase:
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
replaceNulls
urlDecodeUni
Log Types:
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: D-Forum nav.php3 cross-site-scripting attempt
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 310275
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: auraCMA hits.php cross-site-scripting attempt
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase:
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
replaceNulls
urlDecodeUni
Log Types:
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: auraCMA hits.php cross-site-scripting attempt
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 310276
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: auraCMA counter.php cross-site-scripting attempt
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase:
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
replaceNulls
urlDecodeUni
Log Types:
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: auraCMA counter.php cross-site-scripting attempt
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 310277
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: vBulletin forumdisplay.php local command execution attempt
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Alert (HIDS: 10)
HTTP Protocol Phase:
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
replaceNulls
urlDecodeUni
Log Types:
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: vBulletin forumdisplay.php local command execution attempt
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 310278
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: vBulletin forumdisplay.php local command execution attempt
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Alert (HIDS: 10)
HTTP Protocol Phase:
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
replaceNulls
urlDecodeUni
Log Types:
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: vBulletin forumdisplay.php local command execution attempt
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 310279
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: vBulletin forumdisplay.php local command execution attempt
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Alert (HIDS: 10)
HTTP Protocol Phase:
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
replaceNulls
urlDecodeUni
Log Types:
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: vBulletin forumdisplay.php local command execution attempt
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 310280
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: PHPnuke modules.php cross-site-scripting attempt
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase:
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
replaceNulls
urlDecodeUni
Log Types:
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: PHPnuke modules.php cross-site-scripting attempt
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 310281
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: PHPnuke modules.php cross-site-scripting attempt
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase:
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
replaceNulls
urlDecodeUni
Log Types:
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: PHPnuke modules.php cross-site-scripting attempt
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 310282
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: PHPnuke modules.php SQL injection attempt
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase:
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
replaceComments
replaceNulls
urlDecodeUni
Log Types:
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: PHPnuke modules.php SQL injection attempt
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 310283
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: PHPnuke modules.php SQL injection attempt
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase:
HTTP Status: 403
Action: deny
Transforms:
lowercase
urlDecodeUni
Log Types:
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: PHPnuke modules.php SQL injection attempt
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 310284
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: EasyDynamicPages edp_relative_path exploitation attempt
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 2
Severity: Critical (HIDS: 9)
HTTP Protocol Phase:
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
replaceNulls
urlDecodeUni
Log Types:
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: EasyDynamicPages edp_relative_path exploitation attempt
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 310287
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: WAnewsletter newsletter.php local file inclusion attempt
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Alert (HIDS: 10)
HTTP Protocol Phase:
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
replaceNulls
urlDecodeUni
Log Types:
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: WAnewsletter newsletter.php local file inclusion attempt
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 310288
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: Typo3 translations.php local file inclusion attempt
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Alert (HIDS: 10)
HTTP Protocol Phase:
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
replaceNulls
urlDecodeUni
Log Types:
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: Typo3 translations.php local file inclusion attempt
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 310307
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: RUNCMS.Exoops.CIAMOS highlight.php file access attempt
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Alert (HIDS: 10)
HTTP Protocol Phase:
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
replaceNulls
urlDecodeUni
Log Types:
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: RUNCMS.Exoops.CIAMOS highlight.php file access attempt
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 310308
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: TRG/CzarNews /install/* local command execution attempt
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Alert (HIDS: 10)
HTTP Protocol Phase:
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
replaceNulls
urlDecodeUni
Log Types:
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: TRG/CzarNews /install/* local command execution attempt
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 310313
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: PhotoPost showgallery.php cross-site-scripting attempt
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase:
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
replaceNulls
urlDecodeUni
Log Types:
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: PhotoPost showgallery.php cross-site-scripting attempt
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 310314
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: PhotoPost showgallery.php cross-site-scripting attempt
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase:
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
replaceNulls
urlDecodeUni
Log Types:
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: PhotoPost showgallery.php cross-site-scripting attempt
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 310329
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: phpBB Topic Calendar calendar_scheduler.php cross-site-scripting attempt
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase:
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
replaceNulls
urlDecodeUni
Log Types:
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: phpBB Topic Calendar calendar_scheduler.php cross-site-scripting attempt
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 310338
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: Dream4 Koobi CMS content.php remote file inclusion attempt
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase:
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
replaceNulls
urlDecodeUni
Log Types:
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: Dream4 Koobi CMS content.php remote file inclusion attempt
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 310340
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: ESMI Paypal Storefront pages.php SQL injection attempt
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase:
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
replaceNulls
urlDecodeUni
Log Types:
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: ESMI Paypal Storefront pages.php SQL injection attempt
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 310345
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: TikiWiki tiki-list_faqs.php cross-site-scripting attempt
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase:
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
replaceNulls
urlDecodeUni
Log Types:
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: TikiWiki tiki-list_faqs.php cross-site-scripting attempt
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 310353
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: OSCommerce default.php cross-site-scripting attempt
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase:
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
replaceNulls
urlDecodeUni
Log Types:
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: OSCommerce default.php cross-site-scripting attempt
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 310354
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: Type3 translations.php remote file retrieval attempt
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase:
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
replaceNulls
urlDecodeUni
Log Types:
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: Type3 translations.php remote file retrieval attempt
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 310355
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: Mambo email(article,faq,news).php cross-site-scripting attempt
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase:
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
replaceNulls
urlDecodeUni
Log Types:
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: Mambo email(article,faq,news).php cross-site-scripting attempt
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 310357
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: Photopost cross-site-scripting attempt
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase:
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
replaceNulls
urlDecodeUni
Log Types:
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: Photopost cross-site-scripting attempt
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 310366
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: PHPcoin auxpage.php directory traversal attempt
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase:
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
replaceNulls
urlDecodeUni
Log Types:
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: PHPcoin auxpage.php directory traversal attempt
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 310378
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: PaFiledb pafiledb.php SQL injection attempt
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase:
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
replaceNulls
urlDecodeUni
Log Types:
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: PaFiledb pafiledb.php SQL injection attempt
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 310379
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: PaFiledb pafiledb.php cross-site-scripting attempt
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase:
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
replaceNulls
urlDecodeUni
Log Types:
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: PaFiledb pafiledb.php cross-site-scripting attempt
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 310381
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: PHPnuke modules.php SQL injection attempt
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 2
Severity: Critical (HIDS: 9)
HTTP Protocol Phase:
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
replaceComments
replaceNulls
urlDecodeUni
Log Types:
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: PHPnuke modules.php SQL injection attempt
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 310408
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: Cubecart tellafriend.php SQL injection attempt
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase:
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
replaceNulls
urlDecodeUni
Log Types:
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: Cubecart tellafriend.php SQL injection attempt
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 310409
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: Cubecart view_cart.php SQL injection attempt
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase:
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
replaceNulls
urlDecodeUni
Log Types:
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: Cubecart view_cart.php SQL injection attempt
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 310410
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: Cubecart view_product.php SQL injection attempt
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase:
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
replaceNulls
urlDecodeUni
Log Types:
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: Cubecart view_product.php SQL injection attempt
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 310411
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: phpBB links.php SQL injection attempt
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase:
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
replaceNulls
urlDecodeUni
Log Types:
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: phpBB links.php SQL injection attempt
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 310412
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: LiteCommerce cart.php SQL injection attempt
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase:
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
replaceNulls
urlDecodeUni
Log Types:
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: LiteCommerce cart.php SQL injection attempt
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 310413
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: LiteCommerce cart.php SQL injection attempt
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase:
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
replaceNulls
urlDecodeUni
Log Types:
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: LiteCommerce cart.php SQL injection attempt
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 310414
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: LiteCommerce cart.php SQL injection attempt
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase:
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
replaceNulls
urlDecodeUni
Log Types:
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: LiteCommerce cart.php SQL injection attempt
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 310416
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: phpBB dlman.php SQL injection attempt
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase:
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
replaceNulls
urlDecodeUni
Log Types:
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: phpBB dlman.php SQL injection attempt
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 310417
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: ModernBill news.php file inclusion attempt
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase:
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
replaceNulls
urlDecodeUni
Log Types:
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: ModernBill news.php file inclusion attempt
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 310426
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: phpBB portal.php SQL injection attempt
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase:
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
replaceNulls
urlDecodeUni
Log Types:
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: phpBB portal.php SQL injection attempt
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 310437
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: All4WWW Homepage Creator index.php remote file inclusion attempt
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase:
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
replaceNulls
urlDecodeUni
Log Types:
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: All4WWW Homepage Creator index.php remote file inclusion attempt
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 310440
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: phpMyAdmin phpmyadmin.css.php local file access attempt
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Alert (HIDS: 10)
HTTP Protocol Phase:
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
replaceNulls
urlDecodeUni
Log Types:
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: phpMyAdmin phpmyadmin.css.php local file access attempt
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 310441
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: PHP Nuke modules.php SQL injection attempt
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase:
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
replaceComments
replaceNulls
urlDecodeUni
Log Types:
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: PHP Nuke modules.php SQL injection attempt
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 310442
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: phpCOIN mod.php SQL injection attempt
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase:
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
replaceComments
replaceNulls
urlDecodeUni
Log Types:
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: phpCOIN mod.php SQL injection attempt
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 310443
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: Nukebookmarks modules.php SQL injection attempt
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase:
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
replaceNulls
urlDecodeUni
Log Types:
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: Nukebookmarks modules.php SQL injection attempt
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 310444
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: e107 news.php SQL injection attempt
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase:
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
replaceNulls
urlDecodeUni
Log Types:
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: e107 news.php SQL injection attempt
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 310450
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: phpBB mod.php SQL injection attempt
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 2
Severity: Critical (HIDS: 9)
HTTP Protocol Phase:
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
replaceNulls
urlDecodeUni
Log Types:
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: phpBB mod.php SQL injection attempt
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 310458
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: Coppermine theme.php remote file inclusion attempt
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase:
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
replaceNulls
urlDecodeUni
Log Types:
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: Coppermine theme.php remote file inclusion attempt
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 310462
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: Kalis Tagboard banned.php local command execution attempt
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Alert (HIDS: 10)
HTTP Protocol Phase:
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
replaceNulls
urlDecodeUni
Log Types:
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: Kalis Tagboard banned.php local command execution attempt
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 310465
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: netref cat_for_gen.php local file creation attempt
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Alert (HIDS: 10)
HTTP Protocol Phase:
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
replaceNulls
urlDecodeUni
Log Types:
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: netref cat_for_gen.php local file creation attempt
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 310476
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: Tikiwiki tiki-print.php cross-site-scripting attempt
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase:
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
replaceNulls
urlDecodeUni
Log Types:
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: Tikiwiki tiki-print.php cross-site-scripting attempt
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 310477
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: phpBB notes module posting_notes.php SQL injection attempt
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase:
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
replaceComments
replaceNulls
urlDecodeUni
Log Types:
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: phpBB notes module posting_notes.php SQL injection attempt
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 310480
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: phpCOIN mod.php SQL injection attempt
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 2
Severity: Critical (HIDS: 9)
HTTP Protocol Phase:
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
replaceComments
replaceNulls
urlDecodeUni
Log Types:
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: phpCOIN mod.php SQL injection attempt
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 310481
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: phpCOIN mod.php SQL injection attempt
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase:
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
replaceComments
replaceNulls
urlDecodeUni
Log Types:
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: phpCOIN mod.php SQL injection attempt
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 310482
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: ideabox remote include attempt
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase:
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
replaceNulls
urlDecodeUni
Log Types:
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: ideabox remote include attempt
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 310491
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: TorrentTrader SQL Injection
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase:
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
replaceNulls
urlDecodeUni
Log Types:
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: TorrentTrader SQL Injection
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 310499
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: JGS-Portal id Variable SQL Injection Vulnerability
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase:
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
replaceNulls
urlDecodeUni
Log Types:
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: JGS-Portal id Variable SQL Injection Vulnerability
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 390615
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: MyBulletinBoard SQL injection
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase:
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
replaceNulls
urlDecodeUni
Log Types:
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: MyBulletinBoard SQL injection
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 393615
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: MyBulletinBoard SQL injection
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase:
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
replaceNulls
urlDecodeUni
Log Types:
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: MyBulletinBoard SQL injection
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 390761
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: RFI Injection Exploit
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 2
Severity: Critical (HIDS: 9)
HTTP Protocol Phase:
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
replaceNulls
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: RFI Injection Exploit
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 314001
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: downloadProtect file Disclosure of Sensitive Information Inclusion Vulnerability
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase:
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
replaceNulls
urlDecodeUni
Log Types:
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: downloadProtect file Disclosure of Sensitive Information Inclusion Vulnerability
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 312119
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: phpSecurePages cfgProgdir File Inclusion Vulnerability
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase:
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
urlDecodeUni
Log Types:
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: phpSecurePages cfgProgdir File Inclusion Vulnerability
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 310492
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: PHPmyGallery confdir File Inclusion Vulnerability
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase:
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
replaceNulls
urlDecodeUni
Log Types:
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: PHPmyGallery confdir File Inclusion Vulnerability
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 310493
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: Kayako LiveResponse SQL injection
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase:
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
replaceNulls
urlDecodeUni
Log Types:
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: Kayako LiveResponse SQL injection
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 380100
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: phpLDAPadmin welcome.php Arbitrary File Inclusion
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase:
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
replaceNulls
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: phpLDAPadmin welcome.php Arbitrary File Inclusion
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 380101
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: Simple PHP Blog comment_delete_cgi.php Arbitrary File Deletion
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase:
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
replaceNulls
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: Simple PHP Blog comment_delete_cgi.php Arbitrary File Deletion
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 380102
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: AutoLinks Pro File Inclusion Vulnerability
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase:
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
replaceNulls
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: AutoLinks Pro File Inclusion Vulnerability
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 380103
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: Simple PHP Blog Image File Upload Vulnerability
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase:
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
replaceNulls
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: Simple PHP Blog Image File Upload Vulnerability
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 380104
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: PhpWebNotes Include File Error in php_api.php:
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase:
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
replaceNulls
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: PhpWebNotes Include File Error in php_api.php:
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 380105
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: CMS Made Simple File Inclusion
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase:
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
replaceNulls
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: CMS Made Simple File Inclusion
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 380106
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: Phorum username Script Insertion Vulnerability
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase:
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
replaceNulls
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: Phorum username Script Insertion Vulnerability
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 380107
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: SimplePHPBplog Vulnerability
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase:
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
replaceNulls
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: SimplePHPBplog Vulnerability
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 380108
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: SimplePHPBplog Vulnerability
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase:
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
replaceNulls
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: SimplePHPBplog Vulnerability
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 380111
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: aMember Pro Remote File Inclusion Vulnerability
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase:
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
replaceNulls
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: aMember Pro Remote File Inclusion Vulnerability
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 380112
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: CuteNews Input Validation Vulnerability
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase:
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
replaceNulls
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: CuteNews Input Validation Vulnerability
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 380657
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: Possible phpbb blind SQL injection attack
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Alert (HIDS: 10)
HTTP Protocol Phase:
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
replaceNulls
urlDecodeUni
Log Types:
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: Possible phpbb blind SQL injection attack
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 390657
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: phpMyFAQ path recusion attack
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Alert (HIDS: 10)
HTTP Protocol Phase:
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
replaceNulls
urlDecodeUni
Log Types:
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: phpMyFAQ path recusion attack
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 390671
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: SEO-Board SQL Injection Vulnerability
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Alert (HIDS: 10)
HTTP Protocol Phase:
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
replaceComments
replaceNulls
urlDecodeUni
Log Types:
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: SEO-Board SQL Injection Vulnerability
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 390672
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: CJ LinkOut 123 Cross-Site Scripting Vulnerability
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Alert (HIDS: 10)
HTTP Protocol Phase:
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
replaceComments
replaceNulls
urlDecodeUni
Log Types:
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: CJ LinkOut 123 Cross-Site Scripting Vulnerability
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 390673
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: jPortal download search SQL Injection Vulnerability
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Alert (HIDS: 10)
HTTP Protocol Phase:
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
replaceComments
replaceNulls
urlDecodeUni
Log Types:
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: jPortal download search SQL Injection Vulnerability
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 390674
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: CJ Tag Board Cross-Site Scripting Vulnerabilities
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Alert (HIDS: 10)
HTTP Protocol Phase:
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
replaceComments
replaceNulls
urlDecodeUni
Log Types:
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: CJ Tag Board Cross-Site Scripting Vulnerabilities
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 390675
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: CJ Tag Board Cross-Site Scripting Vulnerabilities
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Alert (HIDS: 10)
HTTP Protocol Phase:
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
replaceComments
replaceNulls
urlDecodeUni
Log Types:
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: CJ Tag Board Cross-Site Scripting Vulnerabilities
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 390676
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: CJ Web2Mail Cross-Site Scripting Vulnerabilities
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Alert (HIDS: 10)
HTTP Protocol Phase:
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
replaceComments
replaceNulls
urlDecodeUni
Log Types:
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: CJ Web2Mail Cross-Site Scripting Vulnerabilities
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 390677
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: CJ Web2Mail Cross-Site Scripting Vulnerabilities
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Alert (HIDS: 10)
HTTP Protocol Phase:
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
replaceComments
replaceNulls
urlDecodeUni
Log Types:
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: CJ Web2Mail Cross-Site Scripting Vulnerabilities
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 390678
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: postnuke Local file inclusion via GeSHi library
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Alert (HIDS: 10)
HTTP Protocol Phase:
HTTP Status: 403
Action: deny
Transforms:
Log Types:
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: postnuke Local file inclusion via GeSHi library
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 390679
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: PHP-Fusion msg_send SQL Injection Vulnerability
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Alert (HIDS: 10)
HTTP Protocol Phase:
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
replaceComments
replaceNulls
urlDecodeUni
Log Types:
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: PHP-Fusion msg_send SQL Injection Vulnerability
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 390680
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: SquirrelMail Address Add Plugin first Cross-Site Scripting
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Alert (HIDS: 10)
HTTP Protocol Phase:
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
replaceComments
replaceNulls
urlDecodeUni
Log Types:
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: SquirrelMail Address Add Plugin first Cross-Site Scripting
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 390681
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: Tikiwiki forumid RFI injection attack
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 2
Severity: Alert (HIDS: 10)
HTTP Protocol Phase:
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
replaceNulls
urlDecodeUni
Log Types:
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: Tikiwiki forumid RFI injection attack
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 390683
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: page argument metacharacter injection attack
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Alert (HIDS: 10)
HTTP Protocol Phase:
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
replaceNulls
urlDecodeUni
Log Types:
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: page argument metacharacter injection attack
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 320001
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: Detail.php id SQL injection
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase:
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
replaceNulls
urlDecodeUni
Log Types:
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: Detail.php id SQL injection
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 390775
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: TClanPortal id SQL Injection Vulnerability
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 2
Severity: Critical (HIDS: 9)
HTTP Protocol Phase:
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
replaceNulls
urlDecodeUni
Log Types:
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: TClanPortal id SQL Injection Vulnerability
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 320113
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: SaphpLesson forumid SQL Injection Vulnerability
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase:
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
replaceNulls
urlDecodeUni
Log Types:
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: SaphpLesson forumid SQL Injection Vulnerability
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 390686
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: PHP id variable SQL injection vulnerability
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Alert (HIDS: 10)
HTTP Protocol Phase:
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
replaceComments
replaceNulls
urlDecodeUni
Log Types:
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: PHP id variable SQL injection vulnerability
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 393300
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: Peel rubid SQL Injection Vulnerability
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase:
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
replaceComments
replaceNulls
urlDecodeUni
Log Types:
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: Peel rubid SQL Injection Vulnerability
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 393376
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: Generic mosConfig_absolute_path File Inclusion Vulnerability
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 2
Severity: Critical (HIDS: 9)
HTTP Protocol Phase:
HTTP Status: 403
Action: deny
Transforms:
Log Types:
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: Generic mosConfig_absolute_path File Inclusion Vulnerability
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 392659
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: Cyphor Forum SQL Injection Exploit
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Alert (HIDS: 10)
HTTP Protocol Phase:
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
replaceComments
replaceNulls
urlDecodeUni
Log Types:
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: Cyphor Forum SQL Injection Exploit
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 390659
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: WSN Forum id SQL Injection Vulnerability
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Alert (HIDS: 10)
HTTP Protocol Phase:
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
replaceComments
replaceNulls
urlDecodeUni
Log Types:
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: WSN Forum id SQL Injection Vulnerability
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 390660
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: Tunez SQL Injection and Cross-Site Scripting Vulnerabilities
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Alert (HIDS: 10)
HTTP Protocol Phase:
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
replaceComments
replaceNulls
urlDecodeUni
Log Types:
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: Tunez SQL Injection and Cross-Site Scripting Vulnerabilities
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 390685
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: PHP id variable SQL injection vulnerability
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Alert (HIDS: 10)
HTTP Protocol Phase:
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
replaceComments
replaceNulls
urlDecodeUni
Log Types:
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: PHP id variable SQL injection vulnerability
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 310557
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: ActiveCampaign SupportTrio Inclusion Vulnerability
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 2
Severity: Critical (HIDS: 9)
HTTP Protocol Phase:
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
replaceComments
replaceNulls
urlDecodeUni
Log Types:
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: ActiveCampaign SupportTrio Inclusion Vulnerability
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 343433
Alert message: Atomicorp.com WAF Rules: Just in Time Virtual Patch: SQL injection
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 5
Severity: Critical (HIDS: 9)
HTTP Protocol Phase:
HTTP Status: 403
Action: deny
Transforms:
Log Types:
Description:
Atomicorp.com WAF Rules: Just in Time Virtual Patch: SQL injection
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 313979
Alert message: Atomicorp.com WAF Rules: ActiveCampaign KnowledgeBuilder SQL Injection
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase:
HTTP Status: 403
Action: deny
Transforms:
lowercase
urlDecodeUni
Log Types:
Description:
Atomicorp.com WAF Rules: ActiveCampaign KnowledgeBuilder SQL Injection
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 374533
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: SQL injection attack
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 3
Severity: Critical (HIDS: 9)
HTTP Protocol Phase:
HTTP Status: 403
Action: deny
Transforms:
lowercase
urlDecodeUni
Log Types:
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: SQL injection attack
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 310019
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: Fake gif file shell attack
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase:
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
replaceNulls
urlDecodeUni
Log Types:
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: Fake gif file shell attack
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 390205
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: Coppermine Photo Gallery relocate_server.php Exposure of Configuration
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase:
HTTP Status: 403
Action: deny
Transforms:
Log Types:
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: Coppermine Photo Gallery relocate_server.php Exposure of Configuration
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 390206
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: WebCalendar http Response Splitting and SQL Injection Vulnerabilities
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase:
HTTP Status: 403
Action: deny
Transforms:
Log Types:
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: WebCalendar http Response Splitting and SQL Injection Vulnerabilities
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 390207
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: WebCalendar http Response Splitting and SQL Injection Vulnerabilities
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase:
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
replaceNulls
urlDecodeUni
Log Types:
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: WebCalendar http Response Splitting and SQL Injection Vulnerabilities
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 390684
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: Zainu SQL Injection Vulnerabilities
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Alert (HIDS: 10)
HTTP Protocol Phase:
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
replaceComments
replaceNulls
urlDecodeUni
Log Types:
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: Zainu SQL Injection Vulnerabilities
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 390770
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: Cars Portal SQL Injection
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase:
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
replaceComments
replaceNulls
urlDecodeUni
Log Types:
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: Cars Portal SQL Injection
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 390083
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: tikiwiki XSS Vulnerability
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase:
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
replaceNulls
urlDecodeUni
Log Types:
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: tikiwiki XSS Vulnerability
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 393382
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: tikiwiki Remote File Inclusion Vulnerability
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase:
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
replaceNulls
urlDecodeUni
Log Types:
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: tikiwiki Remote File Inclusion Vulnerability
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 390208
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: Generic Remote PHP injection
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase:
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
replaceNulls
urlDecodeUni
Log Types:
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: Generic Remote PHP injection
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 390039
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: vwar_root remote/local file inclusion
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 2
Severity: Critical (HIDS: 9)
HTTP Protocol Phase:
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
replaceNulls
urlDecodeUni
Log Types:
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: vwar_root remote/local file inclusion
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 390001
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: aWebBB XSS attack on post.php
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase:
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
replaceNulls
urlDecodeUni
Log Types:
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: aWebBB XSS attack on post.php
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 390002
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: aWebBB XSS attack on editac.php
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase:
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
replaceNulls
urlDecodeUni
Log Types:
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: aWebBB XSS attack on editac.php
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 390003
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: aWebBB XSS attack on register.php
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase:
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
replaceNulls
urlDecodeUni
Log Types:
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: aWebBB XSS attack on register.php
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 390004
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: Possible SQL injection attack
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 2
Severity: Critical (HIDS: 9)
HTTP Protocol Phase:
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
replaceNulls
urlDecodeUni
Log Types:
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: Possible SQL injection attack
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 391104
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: aWebBB SQL attack
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase:
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
replaceNulls
urlDecodeUni
Log Types:
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: aWebBB SQL attack
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 390005
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: aWebBB SQL attack
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase:
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
replaceNulls
urlDecodeUni
Log Types:
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: aWebBB SQL attack
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 390006
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: phpBB cur_password XSS attack
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase:
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
replaceNulls
urlDecodeUni
Log Types:
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: phpBB cur_password XSS attack
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 390007
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: PHPNuke-Clan 3.0.1 Remote File Inclusion Exploit
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 2
Severity: Critical (HIDS: 9)
HTTP Protocol Phase:
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
replaceNulls
urlDecodeUni
Log Types:
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: PHPNuke-Clan 3.0.1 Remote File Inclusion Exploit
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 390008
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: Claroline <= 1.7.4 scormExport.inc.php remote command vuln
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase:
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
replaceNulls
urlDecodeUni
Log Types:
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: Claroline <= 1.7.4 scormExport.inc.php remote command vuln
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 390009
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: Claroline <= 1.7.4 scormExport.inc.php remote command vuln
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase:
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
replaceNulls
urlDecodeUni
Log Types:
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: Claroline <= 1.7.4 scormExport.inc.php remote command vuln
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 390010
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: Claroline <= 1.7.4 XSS attack
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase:
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
replaceNulls
urlDecodeUni
Log Types:
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: Claroline <= 1.7.4 XSS attack
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 390011
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: aWebNews XSS attack
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase:
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
replaceNulls
urlDecodeUni
Log Types:
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: aWebNews XSS attack
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 390012
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: aWebBBNewsSQL attack
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase:
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
replaceNulls
urlDecodeUni
Log Types:
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: aWebBBNewsSQL attack
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 390013
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: aWebBBNewsSQL attack
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase:
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
replaceNulls
urlDecodeUni
Log Types:
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: aWebBBNewsSQL attack
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 390015
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: qliteNEws SQL injection attack
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase:
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
replaceNulls
urlDecodeUni
Log Types:
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: qliteNEws SQL injection attack
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 390017
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: RedCMS SQL Injection
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase:
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
replaceNulls
urlDecodeUni
Log Types:
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: RedCMS SQL Injection
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 390018
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: RedCMS XSS attack
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 2
Severity: Critical (HIDS: 9)
HTTP Protocol Phase:
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
replaceNulls
urlDecodeUni
Log Types:
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: RedCMS XSS attack
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 390019
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: Oxygen SQL Injection
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase:
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
replaceNulls
urlDecodeUni
Log Types:
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: Oxygen SQL Injection
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 390020
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: Mantis XSS attack
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase:
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
replaceNulls
urlDecodeUni
Log Types:
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: Mantis XSS attack
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 390021
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: Oxygen SQL Injection
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase:
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
replaceNulls
urlDecodeUni
Log Types:
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: Oxygen SQL Injection
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 390022
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: Mantis XSS attack
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase:
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
replaceNulls
urlDecodeUni
Log Types:
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: Mantis XSS attack
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 390023
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: PHPCollab v2.x / netOffice v2.x sendpassword.php SQL Injection
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase:
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
replaceNulls
urlDecodeUni
Log Types:
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: PHPCollab v2.x / netOffice v2.x sendpassword.php SQL Injection
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 390024
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: Sourceworkshop newsletter SQL Injection Vulnerability
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase:
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
replaceNulls
urlDecodeUni
Log Types:
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: Sourceworkshop newsletter SQL Injection Vulnerability
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 390025
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: X-Changer SQL Injection Vulnerability
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase:
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
replaceNulls
urlDecodeUni
Log Types:
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: X-Changer SQL Injection Vulnerability
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 390027
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: Null news Multiple SQL Injection Vulnerabilities
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase:
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
replaceNulls
urlDecodeUni
Log Types:
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: Null news Multiple SQL Injection Vulnerabilities
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 390028
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: Null news Multiple SQL Injection Vulnerabilities
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase:
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
replaceNulls
urlDecodeUni
Log Types:
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: Null news Multiple SQL Injection Vulnerabilities
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 390029
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: Null news Multiple SQL Injection Vulnerabilities
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase:
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
replaceNulls
urlDecodeUni
Log Types:
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: Null news Multiple SQL Injection Vulnerabilities
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 390030
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: PHPLiveHelper 1.8 remote command execution Xploit
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase:
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
replaceNulls
urlDecodeUni
Log Types:
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: PHPLiveHelper 1.8 remote command execution Xploit
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 390031
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: Pixel Motion Blog SQL Injection Vulnerabilities
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase:
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
replaceNulls
urlDecodeUni
Log Types:
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: Pixel Motion Blog SQL Injection Vulnerabilities
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 390032
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: Pixel Motion Blog SQL Injection Vulnerabilities
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase:
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
replaceNulls
urlDecodeUni
Log Types:
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: Pixel Motion Blog SQL Injection Vulnerabilities
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 390033
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: Nuked-Klan SQL Injection Vulnerability
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase:
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
replaceNulls
urlDecodeUni
Log Types:
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: Nuked-Klan SQL Injection Vulnerability
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 390036
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: Nuked-Klan SQL Injection Vulnerability
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase:
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
replaceNulls
urlDecodeUni
Log Types:
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: Nuked-Klan SQL Injection Vulnerability
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 390038
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: G-Book g_message Script Insertion Vulnerability
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase:
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
replaceNulls
urlDecodeUni
Log Types:
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: G-Book g_message Script Insertion Vulnerability
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 390044
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: phpinfo.cgi command execution
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase:
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
replaceNulls
urlDecodeUni
Log Types:
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: phpinfo.cgi command execution
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 390046
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: openEngine template Parameter Local File Inclusion Vulnerability
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase:
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
replaceNulls
urlDecodeUni
Log Types:
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: openEngine template Parameter Local File Inclusion Vulnerability
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 390049
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: AliPAGER ubild Cross-Site Scripting and SQL Injection
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase:
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
replaceNulls
urlDecodeUni
Log Types:
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: AliPAGER ubild Cross-Site Scripting and SQL Injection
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 390050
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: MxBB Portal pafiledb Module module_root_path File Inclusion
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase:
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
replaceNulls
urlDecodeUni
Log Types:
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: MxBB Portal pafiledb Module module_root_path File Inclusion
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 390051
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: Jadu CMS register.php Cross-Site Scripting Vulnerabilities
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase:
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
replaceNulls
urlDecodeUni
Log Types:
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: Jadu CMS register.php Cross-Site Scripting Vulnerabilities
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 390052
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: OpenFAQ q Parameter Script Insertion Vulnerability
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase:
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
replaceNulls
urlDecodeUni
Log Types:
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: OpenFAQ q Parameter Script Insertion Vulnerability
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 390058
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: TikiWiki Multiple Cross-Site Scripting Vulnerabilities
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase:
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
replaceNulls
urlDecodeUni
Log Types:
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: TikiWiki Multiple Cross-Site Scripting Vulnerabilities
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 390059
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: TikiWiki Multiple Cross-Site Scripting Vulnerabilities
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase:
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
replaceNulls
urlDecodeUni
Log Types:
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: TikiWiki Multiple Cross-Site Scripting Vulnerabilities
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 390060
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: TikiWiki Multiple Cross-Site Scripting Vulnerabilities
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase:
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
replaceNulls
urlDecodeUni
Log Types:
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: TikiWiki Multiple Cross-Site Scripting Vulnerabilities
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 390061
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: TikiWiki Multiple Cross-Site Scripting Vulnerabilities
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase:
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
replaceNulls
urlDecodeUni
Log Types:
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: TikiWiki Multiple Cross-Site Scripting Vulnerabilities
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 390062
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: TikiWiki Multiple Cross-Site Scripting Vulnerabilities
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase:
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
replaceNulls
urlDecodeUni
Log Types:
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: TikiWiki Multiple Cross-Site Scripting Vulnerabilities
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 390063
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: TikiWiki Multiple Cross-Site Scripting Vulnerabilities
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase:
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
replaceNulls
urlDecodeUni
Log Types:
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: TikiWiki Multiple Cross-Site Scripting Vulnerabilities
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 390095
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: TikiWiki Multiple Cross-Site Scripting Vulnerabilities
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase:
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
replaceNulls
urlDecodeUni
Log Types:
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: TikiWiki Multiple Cross-Site Scripting Vulnerabilities
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 390064
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: Wordpress shell injection Vulnerability
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase:
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
replaceNulls
urlDecodeUni
Log Types:
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: Wordpress shell injection Vulnerability
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 390067
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: CMS-Bandits spaw_root File Inclusion Vulnerability
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 2
Severity: Critical (HIDS: 9)
HTTP Protocol Phase:
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
replaceNulls
urlDecodeUni
Log Types:
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: CMS-Bandits spaw_root File Inclusion Vulnerability
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 390069
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: Admanager Pro exploit
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase:
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
replaceNulls
urlDecodeUni
Log Types:
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: Admanager Pro exploit
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 390071
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: Bible Portal Project destination File Inclusion Vulnerability
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase:
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
replaceNulls
urlDecodeUni
Log Types:
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: Bible Portal Project destination File Inclusion Vulnerability
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 390072
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: Flipper Poll root_path File Inclusion Vulnerability
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase:
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
replaceNulls
urlDecodeUni
Log Types:
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: Flipper Poll root_path File Inclusion Vulnerability
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 390073
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: PictureDis Products lang Parameter File Inclusion Vulnerability
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase:
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
replaceNulls
urlDecodeUni
Log Types:
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: PictureDis Products lang Parameter File Inclusion Vulnerability
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 390074
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: Joomla/Mambo Weblinks blind SQL injection
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase:
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
replaceNulls
urlDecodeUni
Log Types:
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: Joomla/Mambo Weblinks blind SQL injection
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 390076
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: Generic m2f_root_path File Inclusion Vulnerability
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase:
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
replaceNulls
urlDecodeUni
Log Types:
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: Generic m2f_root_path File Inclusion Vulnerability
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 390077
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: Generic PHP download incddir File Inclusion Vulnerability
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase:
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
replaceNulls
urlDecodeUni
Log Types:
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: Generic PHP download incddir File Inclusion Vulnerability
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 390078
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: SiteDepth CMS SD_DIR Parameter Handling Remote File Inclusion Vulnerability
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase:
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
replaceNulls
urlDecodeUni
Log Types:
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: SiteDepth CMS SD_DIR Parameter Handling Remote File Inclusion Vulnerability
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 390079
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: PhpLinkExchange page Parameter Handling Remote File Inclusion Vulnerability
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 2
Severity: Critical (HIDS: 9)
HTTP Protocol Phase:
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
replaceNulls
urlDecodeUni
Log Types:
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: PhpLinkExchange page Parameter Handling Remote File Inclusion Vulnerability
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 390081
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: authldap Remote File Inclusion Vulnerability
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase:
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
replaceNulls
urlDecodeUni
Log Types:
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: authldap Remote File Inclusion Vulnerability
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 390082
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: globalheader domain variable Remote File Inclusion Vulnerability
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase:
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
replaceNulls
urlDecodeUni
Log Types:
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: globalheader domain variable Remote File Inclusion Vulnerability
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 390092
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: PHP default_path variable Remote File Inclusion Vulnerability
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase:
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
replaceNulls
urlDecodeUni
Log Types:
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: PHP default_path variable Remote File Inclusion Vulnerability
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 390090
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: file_upload sbp variable Remote File Inclusion Vulnerability
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase:
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
replaceNulls
urlDecodeUni
Log Types:
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: file_upload sbp variable Remote File Inclusion Vulnerability
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 390091
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: viewtopic sid variable Remote File Inclusion Vulnerability
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase:
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
replaceNulls
urlDecodeUni
Log Types:
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: viewtopic sid variable Remote File Inclusion Vulnerability
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 390093
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: get_infochannel root_path variable Remote File Inclusion Vulnerability
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase:
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
replaceNulls
urlDecodeUni
Log Types:
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: get_infochannel root_path variable Remote File Inclusion Vulnerability
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 390097
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: MyNewsGroups myng_root Remote File Inclusion Vulnerability
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase:
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
replaceNulls
urlDecodeUni
Log Types:
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: MyNewsGroups myng_root Remote File Inclusion Vulnerability
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 390100
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: pageheaderdefault sysSessionPath upload exploit
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase:
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
replaceNulls
urlDecodeUni
Log Types:
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: pageheaderdefault sysSessionPath upload exploit
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 390101
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: possible vulnscan6 exploit
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase:
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
replaceNulls
urlDecodeUni
Log Types:
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: possible vulnscan6 exploit
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 390102
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: Socketwiz Bookmarks root_dir File Inclusion Vulnerability
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase:
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
replaceNulls
urlDecodeUni
Log Types:
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: Socketwiz Bookmarks root_dir File Inclusion Vulnerability
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 390104
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: Vivvo Article Management CMS SQL Injection
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase:
HTTP Status: 403
Action: deny
Transforms:
Log Types:
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: Vivvo Article Management CMS SQL Injection
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 390106
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: RaidenHTTPD SoftParserFileXml File Inclusion Vulnerability
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase:
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
replaceNulls
urlDecodeUni
Log Types:
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: RaidenHTTPD SoftParserFileXml File Inclusion Vulnerability
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 390107
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: mcGalleryPRO path_to_folder File Inclusion Vulnerability
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase:
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
replaceNulls
urlDecodeUni
Log Types:
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: mcGalleryPRO path_to_folder File Inclusion Vulnerability
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 390108
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: Timesheet PHP username Parameter SQL Injection
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase:
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
replaceNulls
urlDecodeUni
Log Types:
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: Timesheet PHP username Parameter SQL Injection
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 390111
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: photokorn dir_path File Inclusion Vulnerabilities
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase:
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
replaceNulls
urlDecodeUni
Log Types:
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: photokorn dir_path File Inclusion Vulnerabilities
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 390112
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: Somery skindir File Inclusion Vulnerability
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase:
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
replaceNulls
urlDecodeUni
Log Types:
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: Somery skindir File Inclusion Vulnerability
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 390113
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: DokuWiki TARGET_FN directory Traversal Vulnerability
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase:
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
replaceNulls
urlDecodeUni
Log Types:
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: DokuWiki TARGET_FN directory Traversal Vulnerability
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 390114
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: Fantastic News config[script_path] File Inclusion Vulnerabilities
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase:
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
replaceNulls
urlDecodeUni
Log Types:
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: Fantastic News config[script_path] File Inclusion Vulnerabilities
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 390133
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: phpGroupWare Local File Inclusion Vulnerabilities
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase:
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
replaceNulls
urlDecodeUni
Log Types:
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: phpGroupWare Local File Inclusion Vulnerabilities
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 390134
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: ExBB Italia exbb[home_path] File Inclusion Vulnerability
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase:
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
replaceNulls
urlDecodeUni
Log Types:
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: ExBB Italia exbb[home_path] File Inclusion Vulnerability
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 390135
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: Web3news PHPSECURITYADMIN_path File Inclusion Vulnerabilities
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase:
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
replaceNulls
urlDecodeUni
Log Types:
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: Web3news PHPSECURITYADMIN_path File Inclusion Vulnerabilities
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 390136
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: phpCOIN _ccfg[_pkg_path_incl] File Inclusion
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase:
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
replaceNulls
urlDecodeUni
Log Types:
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: phpCOIN _ccfg[_pkg_path_incl] File Inclusion
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 390154
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: Eazy Cart SQL injection
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase:
HTTP Status: 403
Action: deny
Transforms:
Log Types:
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: Eazy Cart SQL injection
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 390156
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: Eazy Cart XSS ATTACK
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase:
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
replaceNulls
urlDecodeUni
Log Types:
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: Eazy Cart XSS ATTACK
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 390157
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: WebYep webyep_sIncludePath File Inclusion Vulnerabilities
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase:
HTTP Status: 403
Action: deny
Transforms:
Log Types:
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: WebYep webyep_sIncludePath File Inclusion Vulnerabilities
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 390158
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: Travelsized CMS setup_folder File Inclusion Vulnerabilities
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase:
HTTP Status: 403
Action: deny
Transforms:
Log Types:
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: Travelsized CMS setup_folder File Inclusion Vulnerabilities
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 390161
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: OpenBiblio File Inclusion Vulnerabilities
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase:
HTTP Status: 403
Action: deny
Transforms:
Log Types:
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: OpenBiblio File Inclusion Vulnerabilities
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 390162
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: BasiliX BSX_LIBDIR File Inclusion Vulnerabilities
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase:
HTTP Status: 403
Action: deny
Transforms:
Log Types:
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: BasiliX BSX_LIBDIR File Inclusion Vulnerabilities
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 390164
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: DeluxeBB teplatefolder File Inclusion Vulnerabilities
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase:
HTTP Status: 403
Action: deny
Transforms:
Log Types:
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: DeluxeBB teplatefolder File Inclusion Vulnerabilities
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 390167
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: amamber remote include
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase:
HTTP Status: 403
Action: deny
Transforms:
Log Types:
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: amamber remote include
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 390170
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: LinPHA maps_type Local File Inclusion Vulnerability
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase:
HTTP Status: 403
Action: deny
Transforms:
Log Types:
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: LinPHA maps_type Local File Inclusion Vulnerability
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 390171
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: Mole viewsource.php Information Disclosure Vulnerabilities
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase:
HTTP Status: 403
Action: deny
Transforms:
Log Types:
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: Mole viewsource.php Information Disclosure Vulnerabilities
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 390173
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: index.php cat SQL injection
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 3
Severity: Critical (HIDS: 9)
HTTP Protocol Phase:
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
replaceComments
replaceNulls
urlDecodeUni
Log Types:
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: index.php cat SQL injection
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 390174
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: Tikiwiki tiki-graph_formula.php f parameter Function Injection Vulnerability
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase:
HTTP Status: 403
Action: deny
Transforms:
lowercase
urlDecodeUni
Log Types:
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: Tikiwiki tiki-graph_formula.php f parameter Function Injection Vulnerability
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 390175
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: Tikiwiki tiki-graph_formula.php link inclusion attempt
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 2
Severity: Critical (HIDS: 9)
HTTP Protocol Phase:
HTTP Status: 403
Action: deny
Transforms:
lowercase
urlDecodeUni
Log Types:
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: Tikiwiki tiki-graph_formula.php link inclusion attempt
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 390176
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: Tikiwiki lost password XSS
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase:
HTTP Status: 403
Action: deny
Transforms:
Log Types:
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: Tikiwiki lost password XSS
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 390177
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: TikiWiki featured link XSS attempt
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase:
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
urlDecodeUni
Log Types:
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: TikiWiki featured link XSS attempt
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 393677
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: tikiwiki listpages mysql passwd disclosure attempt
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 2
Severity: Critical (HIDS: 9)
HTTP Protocol Phase:
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
urlDecodeUni
Log Types:
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: tikiwiki listpages mysql passwd disclosure attempt
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 390178
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: Horde Webmail XSS
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase:
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
htmlEntityDecode
lowercase
urlDecodeUni
Log Types:
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: Horde Webmail XSS
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 390179
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: gCards 1.46 SQL
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase:
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
replaceComments
replaceNulls
urlDecodeUni
Log Types:
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: gCards 1.46 SQL
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 390181
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: Joovili category SQL injection vulnerability
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase:
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
replaceComments
replaceNulls
urlDecodeUni
Log Types:
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: Joovili category SQL injection vulnerability
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 390182
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: Jokes Script catagorie SQL injection vulnerability
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase:
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
replaceComments
replaceNulls
urlDecodeUni
Log Types:
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: Jokes Script catagorie SQL injection vulnerability
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 390183
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: WordPress download Monitor Plugin id SQL injection vulnerability
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase:
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
replaceComments
replaceNulls
urlDecodeUni
Log Types:
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: WordPress download Monitor Plugin id SQL injection vulnerability
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 390184
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: Bits Listing Injection vulnerability
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase:
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
urlDecodeUni
Log Types:
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: Bits Listing Injection vulnerability
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 390185
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: SendReminders Injection vulnerability
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 2
Severity: Critical (HIDS: 9)
HTTP Protocol Phase:
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
urlDecodeUni
Log Types:
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: SendReminders Injection vulnerability
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 390186
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: tikiprint page Injection vulnerability
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase:
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
urlDecodeUni
Log Types:
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: tikiprint page Injection vulnerability
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 390187
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: up.php my_root Injection vulnerability
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase:
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
urlDecodeUni
Log Types:
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: up.php my_root Injection vulnerability
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 390188
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: Tikiwiki tiki-graph_formula.php path recursion Vulnerability
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase:
HTTP Status: 403
Action: deny
Transforms:
lowercase
urlDecodeUni
Log Types:
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: Tikiwiki tiki-graph_formula.php path recursion Vulnerability
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 390189
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: Tikiwiki file access and injection Vulnerability
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase:
HTTP Status: 403
Action: deny
Transforms:
lowercase
urlDecodeUni
Log Types:
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: Tikiwiki file access and injection Vulnerability
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 390190
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: Forcedownload file Injection vulnerability
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase:
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
urlDecodeUni
Log Types:
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: Forcedownload file Injection vulnerability
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 390191
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: Config path_to_root Injection vulnerability
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase:
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
urlDecodeUni
Log Types:
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: Config path_to_root Injection vulnerability
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 390192
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: search.php exec Injection vulnerability
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase:
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
urlDecodeUni
Log Types:
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: search.php exec Injection vulnerability
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 390194
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: wp-download SQL injection vulnerability
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase:
HTTP Status: 403
Action: deny
Transforms:
lowercase
urlDecodeUni
Log Types:
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: wp-download SQL injection vulnerability
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 390195
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: index.php menu_id SQL injection vulnerability
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase:
HTTP Status: 403
Action: deny
Transforms:
lowercase
urlDecodeUni
Log Types:
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: index.php menu_id SQL injection vulnerability
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 390197
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: class.admin_menu_lms.php injection vulnerability
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase:
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
urlDecodeUni
Log Types:
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: class.admin_menu_lms.php injection vulnerability
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 390198
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: admin_frame.php ltarget injection vulnerability
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase:
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
urlDecodeUni
Log Types:
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: admin_frame.php ltarget injection vulnerability
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 390199
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: FOG Forum injection vulnerability
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase:
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
urlDecodeUni
Log Types:
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: FOG Forum injection vulnerability
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 390200
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: Joomla token exploit
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 2
Severity: Critical (HIDS: 9)
HTTP Protocol Phase:
HTTP Status: 403
Action: deny
Transforms:
lowercase
urlDecodeUni
Log Types:
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: Joomla token exploit
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 390201
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: CoAST sections_file File Inclusion Vulnerability
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase:
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
normalisePath
replaceNulls
urlDecodeUni
Log Types:
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: CoAST sections_file File Inclusion Vulnerability
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 390202
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: PHP-Lance catid SQL Injection Vulnerability
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase:
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
normalisePath
replaceNulls
urlDecodeUni
Log Types:
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: PHP-Lance catid SQL Injection Vulnerability
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 390203
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: Pro Chat Rooms gud SQL Injection Vulnerability
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase:
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
normalisePath
replaceNulls
urlDecodeUni
Log Types:
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: Pro Chat Rooms gud SQL Injection Vulnerability
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 393602
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: Joomla option argument illegal character injection
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 2
Severity: Critical (HIDS: 9)
HTTP Protocol Phase:
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
replaceNulls
urlDecodeUni
Log Types:
Description:
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 390603
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: Joomla illegal characters in argument
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 6
Severity: Critical (HIDS: 9)
HTTP Protocol Phase:
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
replaceNulls
urlDecodeUni
Log Types:
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: Joomla illegal characters in argument
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 390604
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: Joomla ARG injection
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 9
Severity: Critical (HIDS: 9)
HTTP Protocol Phase:
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
replaceNulls
urlDecodeUni
Log Types:
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: Joomla ARG injection
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 390606
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: Joomla ARG injection
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 4
Severity: Critical (HIDS: 9)
HTTP Protocol Phase:
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
replaceNulls
urlDecodeUni
Log Types:
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: Joomla ARG injection
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 390608
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: Joomla template_css ARG injection
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 2
Severity: Critical (HIDS: 9)
HTTP Protocol Phase:
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
replaceNulls
urlDecodeUni
Log Types:
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: Joomla template_css ARG injection
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 390609
Alert message: Atomicorp.com WAF Rules: Joomla ARGS Cross Site Scripting Attack
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 8
Severity: Critical (HIDS: 9)
HTTP Protocol Phase:
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
htmlEntityDecode
lowercase
replaceNulls
urlDecodeUni
Log Types:
Description:
Atomicorp.com WAF Rules: Joomla ARGS Cross Site Scripting Attack
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 390611
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: Joomla invalid characters
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 11
Severity: Critical (HIDS: 9)
HTTP Protocol Phase:
HTTP Status: 403
Action: deny
Transforms:
lowercase
urlDecodeUni
Log Types:
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: Joomla invalid characters
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 330600
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: LXLabs SQL injection attack
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase:
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
replaceComments
replaceNulls
urlDecodeUni
Log Types:
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: LXLabs SQL injection attack
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 330601
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: WebInspect Scanner Attack
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 4
Severity: Critical (HIDS: 9)
HTTP Protocol Phase:
HTTP Status: 403
Action: deny
Transforms:
lowercase
urlDecodeUni
Log Types:
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: WebInspect Scanner Attack
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 330603
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: Joomla invalid characters
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 3
Severity: Critical (HIDS: 9)
HTTP Protocol Phase:
HTTP Status: 403
Action: deny
Transforms:
lowercase
urlDecodeUni
Log Types:
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: Joomla invalid characters
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 330604
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: faq.php Cid ARG SQL injection
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 2
Severity: Critical (HIDS: 9)
HTTP Protocol Phase:
HTTP Status: 403
Action: deny
Transforms:
lowercase
urlDecodeUni
Log Types:
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: faq.php Cid ARG SQL injection
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 330605
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: search_result.php HOSTid ARG SQL injection
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 2
Severity: Critical (HIDS: 9)
HTTP Protocol Phase:
HTTP Status: 403
Action: deny
Transforms:
lowercase
urlDecodeUni
Log Types:
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: search_result.php HOSTid ARG SQL injection
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 390627
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: possible fckeditor file upload attack (disable this rule if you use this function)
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase:
HTTP Status: 403
Action: deny
Transforms:
lowercase
urlDecodeUni
Log Types:
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: possible fckeditor file upload attack (disable this rule if you use this function)
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 390628
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: Zen Cart SQL injection exploit
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 2
Severity: Critical (HIDS: 9)
HTTP Protocol Phase:
HTTP Status: 403
Action: deny
Transforms:
lowercase
urlDecodeUni
Log Types:
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: Zen Cart SQL injection exploit
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 381628
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: Zen Cart SQL injection exploit
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 2
Severity: Critical (HIDS: 9)
HTTP Protocol Phase:
HTTP Status: 403
Action: deny
Transforms:
lowercase
urlDecodeUni
Log Types:
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: Zen Cart SQL injection exploit
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 390630
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: Joomla invalid characters
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 8
Severity: Critical (HIDS: 9)
HTTP Protocol Phase:
HTTP Status: 403
Action: deny
Transforms:
lowercase
urlDecodeUni
Log Types:
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: Joomla invalid characters
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 390633
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: Joomla invalid characters format variable in RSS request
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 3
Severity: Critical (HIDS: 9)
HTTP Protocol Phase:
HTTP Status: 403
Action: deny
Transforms:
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: Joomla invalid characters format variable in RSS request
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 390634
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: Wordpress plugin WP-Syntax Remote Command Execution
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: Wordpress plugin WP-Syntax Remote Command Execution
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 390637
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: Zencart PHP code injection attack
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase:
HTTP Status: 403
Action: deny
Transforms:
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: Zencart PHP code injection attack
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 390638
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: Zencart PHP code injection attack
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase:
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
replaceComments
replaceNulls
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: Zencart PHP code injection attack
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 390644
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: MegaBook XSS attack
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase:
HTTP Status: 403
Action: deny
Transforms:
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: MegaBook XSS attack
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 390645
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: Joomla TagTrends variable injection attack
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 5
Severity: Critical (HIDS: 9)
HTTP Protocol Phase:
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
replaceNulls
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: Joomla TagTrends variable injection attack
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 390646
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: Joomla TagTrends variable injection attack
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 5
Severity: Critical (HIDS: 9)
HTTP Protocol Phase:
HTTP Status: 403
Action: deny
Transforms:
lowercase
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: Joomla TagTrends variable injection attack
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 390647
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: Horde command shell access
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase:
HTTP Status: 403
Action: deny
Transforms:
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: Horde command shell access
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 390649
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: Possible vBulletin database credentials theft
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase:
HTTP Status: 403
Action: deny
Transforms:
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: Possible vBulletin database credentials theft
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 390650
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: Possible vBulletin database credentials theft
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase:
HTTP Status: 403
Action: deny
Transforms:
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: Possible vBulletin database credentials theft
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 390570
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: Owl SQL injection attack
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 2
Severity: Critical (HIDS: 9)
HTTP Protocol Phase:
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
replaceNulls
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: Owl SQL injection attack
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 390571
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: Owl SQL injection attack
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 2
Severity: Critical (HIDS: 9)
HTTP Protocol Phase:
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
replaceNulls
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: Owl SQL injection attack
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 390757
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: e107 PHP code injection vulnerability
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 2
Severity: Alert (HIDS: 10)
HTTP Protocol Phase:
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
htmlEntityDecode
lowercase
replaceNulls
urlDecode
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: e107 PHP code injection vulnerability
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 390758
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: Sulata iSoft Local File Disclosure Exploit
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 2
Severity: Critical (HIDS: 9)
HTTP Protocol Phase:
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
replaceNulls
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: Sulata iSoft Local File Disclosure Exploit
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 390759
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: SQL Injection Exploit
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase:
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
replaceNulls
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: SQL Injection Exploit
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 390756
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: Oscommerce Exploit
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 4
Severity: Critical (HIDS: 9)
HTTP Protocol Phase:
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
replaceNulls
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 320757
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: ZenCart Sql Injection Exploit
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 5
Severity: Critical (HIDS: 9)
HTTP Protocol Phase:
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
replaceNulls
urlDecodeUni
Log Types:
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: ZenCart Sql Injection Exploit
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 322100
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: admin-mail-info.php XSS attack (CVE-2016-1000146)
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 2
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: admin-mail-info.php XSS attack (CVE-2016-1000146)
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 322101
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: ultimate-instagram-feed.php XSS attack (CVE-2017-16758)
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 2
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: ultimate-instagram-feed.php XSS attack (CVE-2017-16758)
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 310349
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: eXoops index.php cross-site-scripting attempt
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
Log Types:
Basic Information (log)
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: eXoops index.php cross-site-scripting attempt
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 310324
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: phpSysInfo index.php cross-site-scripting attempt
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: phpSysInfo index.php cross-site-scripting attempt
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 390643
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: Contact form XSS attack
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 2
Severity: Critical (HIDS: 9)
HTTP Protocol Phase:
HTTP Status: 403
Action: deny
Transforms:
htmlEntityDecode
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: Contact form XSS attack
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 390648
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: Horde command shell XSS attack
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase:
HTTP Status: 403
Action: deny
Transforms:
htmlEntityDecode
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: Horde command shell XSS attack
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 393651
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: Possible XSS injection in contactus application comments
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase:
HTTP Status: 403
Action: deny
Transforms:
htmlEntityDecode
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: Possible XSS injection in contactus application comments
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 366000
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: XSS attack
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 3
Severity: Critical (HIDS: 9)
HTTP Protocol Phase:
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
htmlEntityDecode
lowercase
replaceNulls
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: XSS attack
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 366001
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: XSS attack
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 2
Severity: Critical (HIDS: 9)
HTTP Protocol Phase:
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
htmlEntityDecode
lowercase
replaceNulls
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: XSS attack
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 366002
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: XSS attack
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 2
Severity: Critical (HIDS: 9)
HTTP Protocol Phase:
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
htmlEntityDecode
lowercase
replaceNulls
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: XSS attack
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 380201
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: XSS exploit in Sodahead Polls wordpress plugin
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase:
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
htmlEntityDecode
lowercase
replaceNulls
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: XSS exploit in Sodahead Polls wordpress plugin
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 380202
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: XSS exploit in Rating-Widget wordpress plugin
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase:
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
htmlEntityDecode
lowercase
replaceNulls
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: XSS exploit in Rating-Widget wordpress plugin
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 380215
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: TimThumb Command Injection Attempt
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase:
HTTP Status: 403
Action: deny
Transforms:
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: TimThumb Command Injection Attempt
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 381214
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: TimThumb Command Injection Attempt
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase:
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
htmlEntityDecode
lowercase
replaceNulls
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: TimThumb Command Injection Attempt
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 381202
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: TimThumb Remote Code Execution Vulnerability Exploit attempt
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 4
Severity: Critical (HIDS: 9)
HTTP Protocol Phase:
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
htmlEntityDecode
lowercase
replaceNulls
urlDecodeUni
Log Types:
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: TimThumb Remote Code Execution Vulnerability Exploit attempt
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 381203
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: TimThumb Non Image Upload Attempt
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 12
Severity: Critical (HIDS: 9)
HTTP Protocol Phase:
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
htmlEntityDecode
lowercase
replaceNulls
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 381204
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: iBrowser Plugin Probe
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 2
Severity: Critical (HIDS: 9)
HTTP Protocol Phase:
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
htmlEntityDecode
lowercase
replaceNulls
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: iBrowser Plugin Probe
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 381205
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: Curltest Probe
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 2
Severity: Critical (HIDS: 9)
HTTP Protocol Phase:
HTTP Status: 403
Action: deny
Transforms:
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 381215
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: Dbase SQL injection attack
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 2
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: Dbase SQL injection attack
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 381206
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: Access to WordPress configuration file blocked
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 4
Severity: Critical (HIDS: 9)
HTTP Protocol Phase:
HTTP Status: 403
Action: deny
Transforms:
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 381209
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: Wordpress Request is missing required parameters.
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version:
Severity: Emergency (HIDS: 14)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
lowercase
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: Wordpress Request is missing required parameters.
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 381210
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: Multiple Cross Site Scripting Vulnerabilities in \
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version:
Severity: Emergency (HIDS: 14)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
lowercase
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: Multiple Cross Site Scripting Vulnerabilities in \
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 311291
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: 1 Flash Gallery Wordpress Plugin File Upload Exploit
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 2
Severity: Critical (HIDS: 9)
HTTP Protocol Phase:
HTTP Status: 403
Action: deny
Transforms:
lowercase
urlDecodeUni
Log Types:
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: 1 Flash Gallery Wordpress Plugin File Upload Exploit
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 311292
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: abspath RFI Exploit
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 2
Severity: Critical (HIDS: 9)
HTTP Protocol Phase:
HTTP Status: 403
Action: deny
Transforms:
lowercase
urlDecodeUni
Log Types:
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: abspath RFI Exploit
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 311293
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: PhpMyAdmin setup.php RFI Exploit
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: PhpMyAdmin setup.php RFI Exploit
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 311294
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: TestLink Open Source Test Management(<= 1.9.16) Remote Code Execution attack blocked
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: TestLink Open Source Test Management(<= 1.9.16) Remote Code Execution attack blocked
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 311235
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: localjob.php Remote Code Execution attack blocked
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: localjob.php Remote Code Execution attack blocked
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 322194
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: Drupal remote command execution blocked
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 2
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: Drupal remote command execution blocked
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 322193
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: WordPress Woocommerce SQLi blocked
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 2
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: WordPress Woocommerce SQLi blocked
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 322192
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: WordPress nexos theme XSS attack (CVE 2020-15364)
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 2
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: WordPress nexos theme XSS attack (CVE 2020-15364)
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 311295
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: cross site scripting attack blocked
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: cross site scripting attack blocked
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 336463
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: antMan <= 0.9.0c Authentication Bypass attack blocked
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: antMan <= 0.9.0c Authentication Bypass attack blocked
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 336461
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: Possible attempt to maliciously access wp-config.php file
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 8
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 314293
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: Possible Proxy Probe
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 3
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: Possible Proxy Probe
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 317092
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: Exchange server zero day blocked
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 12
Severity: Critical (HIDS: 9)
HTTP Protocol Phase:
HTTP Status: 403
Action: pass
Transforms:
Log Types:
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: Exchange server zero day blocked
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 317091
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: search XSS attempt
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 2
Severity: Critical (HIDS: 9)
HTTP Protocol Phase:
HTTP Status: 403
Action: pass
Transforms:
Log Types:
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: search XSS attempt
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 310091
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: Crystal Reports crystalImageHandler.aspx directory traversal attempt
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 2
Severity: Critical (HIDS: 9)
HTTP Protocol Phase:
HTTP Status: 403
Action: pass
Transforms:
Log Types:
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: Crystal Reports crystalImageHandler.aspx directory traversal attempt
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 310210
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: philboard_admin.asp authentication bypass attempt
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 2
Severity: Critical (HIDS: 9)
HTTP Protocol Phase:
HTTP Status: 403
Action: pass
Transforms:
Log Types:
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: philboard_admin.asp authentication bypass attempt
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 310296
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: ACS Blog search.asp cross-site-scripting attempt
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 2
Severity: Critical (HIDS: 9)
HTTP Protocol Phase:
HTTP Status: 403
Action: pass
Transforms:
Log Types:
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: ACS Blog search.asp cross-site-scripting attempt
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 310300
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: Outlook Web Access owalogon.asp phishing redirect attempt
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 2
Severity: Critical (HIDS: 9)
HTTP Protocol Phase:
HTTP Status: 403
Action: pass
Transforms:
Log Types:
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: Outlook Web Access owalogon.asp phishing redirect attempt
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 310367
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: PortalAPP ad_click.asp SQL injection attempt
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 2
Severity: Critical (HIDS: 9)
HTTP Protocol Phase:
HTTP Status: 403
Action: pass
Transforms:
Log Types:
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: PortalAPP ad_click.asp SQL injection attempt
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 310368
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: PortalAPP content.asp SQL injection attempt
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase:
HTTP Status: 403
Action: pass
Transforms:
Log Types:
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: PortalAPP content.asp SQL injection attempt
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 310370
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: PortalAPP content.asp cross-site-scripting attempt
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase:
HTTP Status: 403
Action: pass
Transforms:
Log Types:
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: PortalAPP content.asp cross-site-scripting attempt
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 310475
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: MetaBid item.asp SQL injection attempt
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase:
HTTP Status: 403
Action: pass
Transforms:
Log Types:
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: MetaBid item.asp SQL injection attempt
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 390180
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: RedDot CMS SQL injection vulnerability
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase:
HTTP Status: 403
Action: pass
Transforms:
compressWhitespace
lowercase
replaceComments
replaceNulls
urlDecodeUni
Log Types:
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: RedDot CMS SQL injection vulnerability
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 390196
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: links.asp SQL injection vulnerability
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase:
HTTP Status: 403
Action: pass
Transforms:
base64Decode
compressWhitespace
hexDecode
lowercase
replaceNulls
urlDecodeUni
Log Types:
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: links.asp SQL injection vulnerability
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 310000
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: web-cgi formmail
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase:
HTTP Status: 403
Action: pass
Transforms:
Log Types:
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: web-cgi formmail
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 310051
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: a.pl access
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase:
HTTP Status: 403
Action: pass
Transforms:
Log Types:
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: a.pl access
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 310089
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: Awstats.pl probe
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase:
HTTP Status: 403
Action: pass
Transforms:
Log Types:
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: Awstats.pl probe
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 310093
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: ftp.pl directory traversal attempt
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase:
HTTP Status: 403
Action: pass
Transforms:
Log Types:
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: ftp.pl directory traversal attempt
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 310100
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: anaconda directory transversal attempt
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase:
HTTP Status: 403
Action: pass
Transforms:
Log Types:
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: anaconda directory transversal attempt
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 310104
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: rwwwshell.pl access
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase:
HTTP Status: 403
Action: pass
Transforms:
Log Types:
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: rwwwshell.pl access
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 310106
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: calendar_admin.pl arbitrary command execution attempt
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase:
HTTP Status: 403
Action: pass
Transforms:
Log Types:
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: calendar_admin.pl arbitrary command execution attempt
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 310111
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: Amaya templates sendtemp.pl directory traversal attempt
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase:
HTTP Status: 403
Action: pass
Transforms:
Log Types:
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: Amaya templates sendtemp.pl directory traversal attempt
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 310114
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: cgiforum.pl attempt
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase:
HTTP Status: 403
Action: pass
Transforms:
Log Types:
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: cgiforum.pl attempt
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 310117
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: cal_make.pl directory traversal attempt
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase:
HTTP Status: 403
Action: pass
Transforms:
Log Types:
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: cal_make.pl directory traversal attempt
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 310119
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: ustorekeeper.pl directory traversal attempt
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase:
HTTP Status: 403
Action: pass
Transforms:
Log Types:
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: ustorekeeper.pl directory traversal attempt
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 310121
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: alibaba.pl arbitrary command execution attempt
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase:
HTTP Status: 403
Action: pass
Transforms:
Log Types:
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: alibaba.pl arbitrary command execution attempt
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 310128
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: eshop.pl arbitrary command execution attempt
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase:
HTTP Status: 403
Action: pass
Transforms:
Log Types:
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: eshop.pl arbitrary command execution attempt
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 310147
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: story.pl file access attempt
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Alert (HIDS: 10)
HTTP Protocol Phase:
HTTP Status: 403
Action: pass
Transforms:
Log Types:
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: story.pl file access attempt
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 310181
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: Talentsoft Web+ source code access attempt
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase:
HTTP Status: 403
Action: pass
Transforms:
Log Types:
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: Talentsoft Web+ source code access attempt
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 310204
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: roads search.pl access attempt
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase:
HTTP Status: 403
Action: pass
Transforms:
Log Types:
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: roads search.pl access attempt
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 310208
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: ans.pl file access attempt
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Alert (HIDS: 10)
HTTP Protocol Phase:
HTTP Status: 403
Action: pass
Transforms:
Log Types:
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: ans.pl file access attempt
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 310254
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: awstats.pl command execution attempt
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Alert (HIDS: 10)
HTTP Protocol Phase:
HTTP Status: 403
Action: pass
Transforms:
Log Types:
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: awstats.pl command execution attempt
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 310255
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: awstats.pl local file access attempt
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Alert (HIDS: 10)
HTTP Protocol Phase:
HTTP Status: 403
Action: pass
Transforms:
Log Types:
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: awstats.pl local file access attempt
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 310256
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: awstats.pl local file access attempt
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Alert (HIDS: 10)
HTTP Protocol Phase:
HTTP Status: 403
Action: pass
Transforms:
Log Types:
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: awstats.pl local file access attempt
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 310257
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: awstats.pl directory traversal attempt
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase:
HTTP Status: 403
Action: pass
Transforms:
Log Types:
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: awstats.pl directory traversal attempt
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 310259
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: awstats local file system access monkey business attempt
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 2
Severity: Critical (HIDS: 9)
HTTP Protocol Phase:
HTTP Status: 403
Action: pass
Transforms:
Log Types:
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: awstats local file system access monkey business attempt
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 310498
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: Formmail probe
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase:
HTTP Status: 403
Action: pass
Transforms:
Log Types:
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: Formmail probe
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 390043
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: quizz.pl exploit
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase:
HTTP Status: 403
Action: pass
Transforms:
Log Types:
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: quizz.pl exploit
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 391653
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: Possible OpenMRS Remote code injection
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase:
HTTP Status: 403
Action: deny
Transforms:
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: Possible OpenMRS Remote code injection
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 312657
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: kerbynet command injection blocked
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: kerbynet command injection blocked
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 312608
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: board.cgi command injection blocked
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: board.cgi command injection blocked
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 312668
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: setup.cgi command injection blocked
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: setup.cgi command injection blocked
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 312658
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: Cisco tmunblock.cgi command injection blocked
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: Cisco tmunblock.cgi command injection blocked
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 312659
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: weblogin.cgi command injection blocked
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: weblogin.cgi command injection blocked
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 392658
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: CGI command injection blocked
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 2
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: CGI command injection blocked
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 392657
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: login.cgi command injection blocked
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: login.cgi command injection blocked
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 390653
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: Possible XSS injection in ecommerce CGI
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: Possible XSS injection in ecommerce CGI
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 310001
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: pals-cgi arbitary file access attempt
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: pals-cgi arbitary file access attempt
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 310005
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: cssearch.cgi arbitrary command execution attempt
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: cssearch.cgi arbitrary command execution attempt
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 310006
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: FormHandler.cgi directory traversal attempt attempt
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: FormHandler.cgi directory traversal attempt attempt
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 310007
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: FormHandler.cgi external site redirection attempt
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 2
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: FormHandler.cgi external site redirection attempt
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 310017
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: dcforum.cgi directory traversal attempt
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 2
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: dcforum.cgi directory traversal attempt
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 310024
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: Home Free search.cgi directory traversal attempt
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 2
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: Home Free search.cgi directory traversal attempt
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 310026
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: pfdispaly.cgi arbitrary command execution attempt
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: pfdispaly.cgi arbitrary command execution attempt
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 310027
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: talkback.cgi directory traversal attempt
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: talkback.cgi directory traversal attempt
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 310028
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: technote main.cgi file directory traversal attempt
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: technote main.cgi file directory traversal attempt
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 310029
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: technote print.cgi directory traversal attempt
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase:
HTTP Status: 403
Action: deny
Transforms:
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: technote print.cgi directory traversal attempt
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 310030
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: eXtropia webstore directory traversal
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 2
Severity: Critical (HIDS: 9)
HTTP Protocol Phase:
HTTP Status: 403
Action: deny
Transforms:
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: eXtropia webstore directory traversal
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 310031
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: shopping cart directory traversal
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase:
HTTP Status: 403
Action: deny
Transforms:
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: shopping cart directory traversal
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 310032
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: Allaire Pro Web Shell attempt
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase:
HTTP Status: 403
Action: deny
Transforms:
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: Allaire Pro Web Shell attempt
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 310033
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: Armada Style Master Index directory traversal
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: Armada Style Master Index directory traversal
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 310034
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: cached_feed.cgi moreover shopping cart directory traversal
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: cached_feed.cgi moreover shopping cart directory traversal
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 310035
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: Talentsoft Web+ exploit attempt
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: Talentsoft Web+ exploit attempt
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 310036
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: txt2html.cgi directory traversal attempt
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 2
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: txt2html.cgi directory traversal attempt
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 310037
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: store.cgi directory traversal attempt
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: store.cgi directory traversal attempt
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 310038
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: mrtg.cgi directory traversal attempt
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 2
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: mrtg.cgi directory traversal attempt
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 310039
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: CCBill whereami.cgi arbitrary command execution attempt
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: CCBill whereami.cgi arbitrary command execution attempt
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 310040
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: WhatsUpGold instancename overflow attempt
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: WhatsUpGold instancename overflow attempt
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 310109
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: wayboard attempt
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: wayboard attempt
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 310110
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: commerce.cgi arbitrary file access attempt
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: commerce.cgi arbitrary file access attempt
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 310112
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: webspirs.cgi directory traversal attempt
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: webspirs.cgi directory traversal attempt
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 310113
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: auktion.cgi directory traversal attempt
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 2
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: auktion.cgi directory traversal attempt
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 310115
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: directorypro.cgi attempt
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: directorypro.cgi attempt
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 310116
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: Web Shopper shopper.cgi attempt
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 2
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: Web Shopper shopper.cgi attempt
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 310118
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: ttawebtop.cgi arbitrary file attempt
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 2
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: ttawebtop.cgi arbitrary file attempt
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 310127
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: cssearch.cgi arbitrary command execution attempt
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 2
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: cssearch.cgi arbitrary command execution attempt
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 310129
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: loadpage.cgi directory traversal attempt
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 2
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: loadpage.cgi directory traversal attempt
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 310130
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: faqmanager.cgi arbitrary file attempt
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 2
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: faqmanager.cgi arbitrary file attempt
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 310131
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: Home Free search.cgi directory traversal attempt
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 2
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: Home Free search.cgi directory traversal attempt
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 310132
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: pfdisplay.cgi arbitrary command execution attempt
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Alert (HIDS: 10)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: pfdisplay.cgi arbitrary command execution attempt
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 310133
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: pagelog.cgi directory traversal attempt
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 2
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: pagelog.cgi directory traversal attempt
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 310134
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: pagelog.cgi directory traversal attempt
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 2
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: pagelog.cgi directory traversal attempt
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 310135
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: emumail.cgi NULL attempt
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: emumail.cgi NULL attempt
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 310136
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: technote main.cgi directory traversal attempt
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: technote main.cgi directory traversal attempt
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 310137
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: technote print.cgi directory traversal attempt
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 2
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: technote print.cgi directory traversal attempt
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 310138
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: Allaire Pro authenticate.cgi shell attempt
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Alert (HIDS: 10)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: Allaire Pro authenticate.cgi shell attempt
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 310139
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: Armada Style Master search.cgi directory traversal attempt
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 2
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: Armada Style Master search.cgi directory traversal attempt
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 310140
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: Moreover cached_feed.cgi directory traversal attempt
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: Moreover cached_feed.cgi directory traversal attempt
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 310141
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: Talentsoft Web+ exploit attempt
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 2
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: Talentsoft Web+ exploit attempt
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 310142
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: Bizdbsearch bizdb1-search.cgi mail attempt
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Error (HIDS: 8)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: Bizdbsearch bizdb1-search.cgi mail attempt
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 310143
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: sojourn.cgi file access attempt
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 2
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: sojourn.cgi file access attempt
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 310144
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: infosrch.cgi fname attempt
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: infosrch.cgi fname attempt
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 310145
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: store.cgi directory traversal attempt
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: store.cgi directory traversal attempt
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 310146
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: generate.cgi file access attempt
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Alert (HIDS: 10)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: generate.cgi file access attempt
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 310148
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: mrtg.cgi directory traversal attempt
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: mrtg.cgi directory traversal attempt
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 310150
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: CCbill whereami.cgi command execution attempt
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Alert (HIDS: 10)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: CCbill whereami.cgi command execution attempt
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 310151
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: MDaemon form2raw.cgi overflow attempt
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Alert (HIDS: 10)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: MDaemon form2raw.cgi overflow attempt
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 310152
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: WhatsUpGold _maincfgret.cgi overflow attempt
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Alert (HIDS: 10)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: WhatsUpGold _maincfgret.cgi overflow attempt
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 310250
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: includer.cgi command execution attempt
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Alert (HIDS: 10)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: includer.cgi command execution attempt
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 310265
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: Proxy Grabber nph-env.cgi access attempt
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: Proxy Grabber nph-env.cgi access attempt
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 310301
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: ads.cgi local command execution attempt
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 2
Severity: Alert (HIDS: 10)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: ads.cgi local command execution attempt
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 310484
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: Agora CGI Cross Site Scripting
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: Agora CGI Cross Site Scripting
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 310486
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: cpanel remote command execution
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: cpanel remote command execution
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 310488
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: Zeus Admin Interface XSS
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: Zeus Admin Interface XSS
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 310593
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: pdesk directory traversal and file theft
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: pdesk directory traversal and file theft
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 390014
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: aWebAPP XSS attack
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: aWebAPP XSS attack
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 390026
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: X-Changer XSS Vulnerability
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: X-Changer XSS Vulnerability
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 390042
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: Censtore.cgi exploit
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: Censtore.cgi exploit
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 393134
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: Test.fcgi or test.cgi access
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 310107
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: bb-hist.sh directory traversal attempt
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: bb-hist.sh directory traversal attempt
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 310108
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: bb-hostscv.sh attempt
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: bb-hostscv.sh attempt
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 310023
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: hello.bat arbitrary command execution attempt
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: hello.bat arbitrary command execution attempt
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 310123
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: test.bat arbitrary command execution attempt
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: test.bat arbitrary command execution attempt
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 310124
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: input.bat arbitrary command execution attempt
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: input.bat arbitrary command execution attempt
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 310125
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: envout.bat arbitrary command execution attempt
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: envout.bat arbitrary command execution attempt
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 310126
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: hello.bat arbitrary command execution attempt
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: hello.bat arbitrary command execution attempt
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 310485
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: Apache Remote Command Execution via .bat files
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: Apache Remote Command Execution via .bat files
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 310155
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: Coldfusion exampleapp e-mail application.cfm access attempt
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: Coldfusion exampleapp e-mail application.cfm access attempt
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 310156
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: Coldfusion exampleapp publisher application.cfm access attempt
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: Coldfusion exampleapp publisher application.cfm access attempt
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 310157
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: Coldfusion exampleapp e-mail getfile.cfm access attempt
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: Coldfusion exampleapp e-mail getfile.cfm access attempt
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 310158
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: Coldfusion exampleapp addcontent.cfm access attempt
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: Coldfusion exampleapp addcontent.cfm access attempt
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 310160
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: Coldfusion fileexists.cfm access attempt
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: Coldfusion fileexists.cfm access attempt
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 310161
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: Coldfusion expercalc.cfm access attempt
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: Coldfusion expercalc.cfm access attempt
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 310162
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: Coldfusion parks detail.cfm access attempt
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: Coldfusion parks detail.cfm access attempt
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 310163
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: Coldfusion cfappman index.cfm access attempt
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: Coldfusion cfappman index.cfm access attempt
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 310164
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: Coldfusion beaninfo.cfm access attempt
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: Coldfusion beaninfo.cfm access attempt
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 310165
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: Coldfusion evaluate.cfm access attempt
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: Coldfusion evaluate.cfm access attempt
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 310166
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: Coldfusion expeval access attempt
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: Coldfusion expeval access attempt
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 310167
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: Coldfusion displayfile access attempt
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: Coldfusion displayfile access attempt
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 310168
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: Coldfusion mainframeset.cfm access attempt
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: Coldfusion mainframeset.cfm access attempt
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 310171
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: Coldfusion cfmlsyntaxcheck.cfm access attempt
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: Coldfusion cfmlsyntaxcheck.cfm access attempt
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 310172
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: Coldfusion application.cfm direct access attempt
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: Coldfusion application.cfm direct access attempt
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 310173
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: Coldfusion onrequestend.cfm direct access attempt
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: Coldfusion onrequestend.cfm direct access attempt
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 310174
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: Coldfusion startstop.cfm DoS attempt
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: Coldfusion startstop.cfm DoS attempt
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 310175
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: Coldfusion gettempdirectory.cfm direct access attempt
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: Coldfusion gettempdirectory.cfm direct access attempt
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 310176
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: Coldfusion sendmail.cfm direct access attempt
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: Coldfusion sendmail.cfm direct access attempt
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 310154
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: Coldfusion cfcache.map file access attempt
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: Coldfusion cfcache.map file access attempt
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 310185
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: Domino catalog.nsf access attempt
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: Domino catalog.nsf access attempt
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 310186
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: Domino domcfg.nsf access attempt
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: Domino domcfg.nsf access attempt
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 310187
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: Domino domlog.nsf access attempt
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: Domino domlog.nsf access attempt
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 310188
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: Domino log.nsf access attempt
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: Domino log.nsf access attempt
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 310189
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: Domino names.nsf access attempt
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: Domino names.nsf access attempt
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 310190
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: Domino mab.nsf access attempt
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: Domino mab.nsf access attempt
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 310191
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: Domino cersvr.nsf access attempt
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: Domino cersvr.nsf access attempt
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 310192
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: Domino setup.nsf access attempt
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: Domino setup.nsf access attempt
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 310193
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: Domino statrep.nsf access attempt
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: Domino statrep.nsf access attempt
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 310194
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: Domino webadmin.nsf access attempt
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: Domino webadmin.nsf access attempt
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 310195
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: Domino events4.nsf access attempt
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: Domino events4.nsf access attempt
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 310196
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: Domino ntsync4.nsf access attempt
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: Domino ntsync4.nsf access attempt
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 310197
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: Domino collect4.nsf access attempt
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: Domino collect4.nsf access attempt
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 310198
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: Domino mailw46.nsf access attempt
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: Domino mailw46.nsf access attempt
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 310199
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: Domino bookmark.nsf access attempt
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: Domino bookmark.nsf access attempt
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 310200
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: Domino agentrunner.nsf access attempt
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: Domino agentrunner.nsf access attempt
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 310101
Alert message: Atomicorp.com WAF Rules: imagemap.exe overflow attempt
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: imagemap.exe overflow attempt
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 310180
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: Talentsoft Web+ source code access attempt
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: Talentsoft Web+ source code access attempt
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 310226
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: Microsoft Frontpage exploit attempt
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 2
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: Microsoft Frontpage exploit attempt
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 310728
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: /pbserver/pbserver.dll exploit attempt
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: /pbserver/pbserver.dll exploit attempt
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 310529
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: /iiswebagentif.dll exploit attempt
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: /iiswebagentif.dll exploit attempt
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 310709
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: /fsms/fsmsh.dll exploit attempt
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: /fsms/fsmsh.dll exploit attempt
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 310710
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: /msadc/msadcs.dll exploit attempt
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: /msadc/msadcs.dll exploit attempt
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 310711
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: /isapi/tstisapi.dll exploit attempt
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: /isapi/tstisapi.dll exploit attempt
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 310712
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: /webadmin.dll exploit attempt
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: /webadmin.dll exploit attempt
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 340000
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: Solarwinds backdoor attempt
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 340001
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: Solarwinds backdoor attempt
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 310729
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: Oracle SQL config theft attempt
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: Oracle SQL config theft attempt
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 310713
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: Java App Server SOAP config theft attempt
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: Java App Server SOAP config theft attempt
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 310714
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: Java App Server SOAP config theft attempt
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: Java App Server SOAP config theft attempt
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 310715
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: Possible Dreamweaver Information Disclosure
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 2
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: Possible Dreamweaver Information Disclosure
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 310207
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: PCCS MySQL database admin tool access attempt
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase:
HTTP Status: 403
Action: pass
Transforms:
Log Types:
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: PCCS MySQL database admin tool access attempt
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 310218
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: : myphpPagetool pt_config.inc file inclusion attempt
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase:
HTTP Status: 403
Action: pass
Transforms:
Log Types:
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: : myphpPagetool pt_config.inc file inclusion attempt
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 310012
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: phplib remote command attempt
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase:
HTTP Status: 403
Action: pass
Transforms:
Log Types:
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: phplib remote command attempt
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 310074
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: Pagetool pt_config.inc file include
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase:
HTTP Status: 403
Action: pass
Transforms:
Log Types:
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: Pagetool pt_config.inc file include
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 336479
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: Wordpress DOM XSS Attack
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: Wordpress DOM XSS Attack
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 310087
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: TikiWiki directory traversal
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase:
HTTP Status: 403
Action: deny
Transforms:
Log Types:
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: TikiWiki directory traversal
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 310183
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: tomcat contextAdmin exploit attempt
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase:
HTTP Status: 403
Action: deny
Transforms:
Log Types:
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: tomcat contextAdmin exploit attempt
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 310483
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: 12Planet Chat Server Path Disclosure
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase:
HTTP Status: 403
Action: deny
Transforms:
Log Types:
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: 12Planet Chat Server Path Disclosure
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 390489
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: Interchange Catalog Skeleton SQL Injection and ITL Injection Vulnerabilities
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 2
Severity: Critical (HIDS: 9)
HTTP Protocol Phase:
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
replaceComments
replaceNulls
urlDecodeUni
Log Types:
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: Interchange Catalog Skeleton SQL Injection and ITL Injection Vulnerabilities
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 390488
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: Nephp Publisher SQL Injection Vulnerabilities
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 2
Severity: Critical (HIDS: 9)
HTTP Protocol Phase:
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
replaceComments
replaceNulls
urlDecodeUni
Log Types:
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: Nephp Publisher SQL Injection Vulnerabilities
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 390487
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: OpenEdit Cross-Site Scripting Vulnerability
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 2
Severity: Critical (HIDS: 9)
HTTP Protocol Phase:
HTTP Status: 403
Action: deny
Transforms:
Log Types:
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: OpenEdit Cross-Site Scripting Vulnerability
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 390169
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: Xpoze reed SQL Injection Vulnerability
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 2
Severity: Critical (HIDS: 9)
HTTP Protocol Phase:
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
replaceComments
replaceNulls
urlDecodeUni
Log Types:
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: Xpoze reed SQL Injection Vulnerability
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 390193
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: Join.html file inclusion vulnerability
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase:
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
urlDecodeUni
Log Types:
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: Join.html file inclusion vulnerability
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 373357
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: DedeCMSv5 Probe
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase:
HTTP Status: 403
Action: deny
Transforms:
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: DedeCMSv5 Probe
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 311098
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: Possible Revslider exploit attempt
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: Possible Revslider exploit attempt
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 310098
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: Possible WYSIJA exploit attempt
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: Possible WYSIJA exploit attempt
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 310097
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: /wwwboard/passwd.txt access
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 2
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: /wwwboard/passwd.txt access
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 310184
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: eCommerce import.txt access attempt
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: eCommerce import.txt access attempt
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 310202
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: Ecommerce checks.txt access attempt
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: Ecommerce checks.txt access attempt
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 390486
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: Simple PHP Blog Exposure of user Credentials
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: Simple PHP Blog Exposure of user Credentials
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 312318
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: PHP file manager database access attempt
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: PHP file manager database access attempt
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 312310
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: SQL error log access attempt
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: SQL error log access attempt
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 310318
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: Betaparticle Blog dbBlogMX.mdb database access attempt
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: Betaparticle Blog dbBlogMX.mdb database access attempt
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 310319
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: Betaparticle Blog Blog.mdb database access attempt
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: Betaparticle Blog Blog.mdb database access attempt
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 390485
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: HTMLJunction EZGuestbook Remote Database Disclosure Vulnerability
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: HTMLJunction EZGuestbook Remote Database Disclosure Vulnerability
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 393485
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: Sukru Alatas Guestbook Exposure of user Credentials
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: Sukru Alatas Guestbook Exposure of user Credentials
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 390484
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: uguestbook Exposure of user Credentials
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: uguestbook Exposure of user Credentials
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 390483
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: information Call Center Exposure of user Credentials
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: information Call Center Exposure of user Credentials
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 391487
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: Attempted hsh.mdb file access
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: Attempted hsh.mdb file access
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 311299
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: Secure Contact Administrators data leak block
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 2
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
lowercase
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: Secure Contact Administrators data leak block
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 310299
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: Macromedia SiteSpring 500error.jsp cross-site-scripting attempt
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 2
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
lowercase
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: Macromedia SiteSpring 500error.jsp cross-site-scripting attempt
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 390482
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: ManageEngine netFlow Analyzer Cross-Site Scripting Vulnerability
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
lowercase
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: ManageEngine netFlow Analyzer Cross-Site Scripting Vulnerability
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 390481
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: FileLister searchwhat Cross-Site Scripting Vulnerability
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
lowercase
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: FileLister searchwhat Cross-Site Scripting Vulnerability
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 310047
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: Generic PHP application RFI exploitation attempt
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 2
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
htmlEntityDecode
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: Generic PHP application RFI exploitation attempt
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 310305
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: b2-include local command execution attempt
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 2
Severity: Alert (HIDS: 10)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: b2-include local command execution attempt
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 390480
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: MWChat file include Vulnerability
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
htmlEntityDecode
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: MWChat file include Vulnerability
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 390479
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: Yapig remote file include Vulnerability
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
htmlEntityDecode
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: Yapig remote file include Vulnerability
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 390478
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: yawp file include Vulnerability
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
htmlEntityDecode
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: yawp file include Vulnerability
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 390477
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: PHP iCalendar File Inclusion Vulnerability and XSS
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 2
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
htmlEntityDecode
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: PHP iCalendar File Inclusion Vulnerability and XSS
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 390476
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: SocketKB 1.1.x file include Vulnerability
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
htmlEntityDecode
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: SocketKB 1.1.x file include Vulnerability
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 390084
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: Generic BBCodeFile variable Remote File Inclusion Vulnerability
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
htmlEntityDecode
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: Generic BBCodeFile variable Remote File Inclusion Vulnerability
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 390085
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: Generic wb_class_dir variable Remote File Inclusion Vulnerability
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
htmlEntityDecode
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: Generic wb_class_dir variable Remote File Inclusion Vulnerability
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 390086
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: Generic component_dir variable Remote File Inclusion Vulnerability
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
htmlEntityDecode
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: Generic component_dir variable Remote File Inclusion Vulnerability
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 390087
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: Generic da_path variable Remote File Inclusion Vulnerability
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
htmlEntityDecode
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: Generic da_path variable Remote File Inclusion Vulnerability
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 390088
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: Generic spaw_root variable Remote File Inclusion Vulnerability
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: Generic spaw_root variable Remote File Inclusion Vulnerability
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 390089
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: Generic sitee variable Remote File Inclusion Vulnerability
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: Generic sitee variable Remote File Inclusion Vulnerability
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 390094
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: Generic root_path variable Remote File Inclusion Vulnerability
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: Generic root_path variable Remote File Inclusion Vulnerability
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 390105
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: Vivvo Article Management CMS File Inclusion
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: Vivvo Article Management CMS File Inclusion
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 390109
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: CCleague Pro language Parameter Local File Inclusion
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: CCleague Pro language Parameter Local File Inclusion
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 394150
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: ff_compath File Inclusion Vulnerabilities
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: ff_compath File Inclusion Vulnerabilities
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 390166
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: xcart remote include
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: xcart remote include
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 390204
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: no_url ARG URI injection
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 2
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: no_url ARG URI injection
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 320013
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: Java XSS vulnerability
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: Java XSS vulnerability
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 310003
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: phf access
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: phf access
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 310004
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: tsearch arbitrary file read attempt
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: tsearch arbitrary file read attempt
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 310011
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: phplib remote commanSelective REQUEST_URI|REQUEST_BODYd attempt
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: phplib remote commanSelective REQUEST_URI|REQUEST_BODYd attempt
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 310013
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: phpBB Highlighting Code Execution Attempt
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: phpBB Highlighting Code Execution Attempt
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 312019
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: alchemy http server prn arbitrary command execution attempt
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: alchemy http server prn arbitrary command execution attempt
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 310021
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: alchemy http server NUL arbitrary command execution attempt
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: alchemy http server NUL arbitrary command execution attempt
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 310022
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: AltaVista Intranet search directory traversal attempt
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: AltaVista Intranet search directory traversal attempt
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 310025
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: campus attempt
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 2
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: campus attempt
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 310041
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: Demarc SQL injection attempt
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: Demarc SQL injection attempt
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 310043
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: htgrep attempt
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase:
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
urlDecodeUni
Log Types:
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: htgrep attempt
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 310044
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: musicat empower attempt
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase:
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
urlDecodeUni
Log Types:
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: musicat empower attempt
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 310052
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: strings overflow
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase:
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
urlDecodeUni
Log Types:
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: strings overflow
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 310080
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: PHPBB worm
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 2
Severity: Critical (HIDS: 9)
HTTP Protocol Phase:
HTTP Status: 403
Action: deny
Transforms:
lowercase
Log Types:
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: PHPBB worm
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 310081
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: Mailto domain search possible MyDoom.M,O
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase:
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
urlDecodeUni
Log Types:
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: Mailto domain search possible MyDoom.M,O
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 310082
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: EasyDynamicPages exploit
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase:
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
urlDecodeUni
Log Types:
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: EasyDynamicPages exploit
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 310088
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: BitKeeper arbitrary command attempt
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase:
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
urlDecodeUni
Log Types:
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: BitKeeper arbitrary command attempt
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 310092
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: mailman 2.x path recursion attack
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 2
Severity: Critical (HIDS: 9)
HTTP Protocol Phase:
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
urlDecodeUni
Log Types:
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: mailman 2.x path recursion attack
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 310094
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: Tomcat server snoop access
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 2
Severity: Critical (HIDS: 9)
HTTP Protocol Phase:
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
urlDecodeUni
Log Types:
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: Tomcat server snoop access
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 313098
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: webplus directory traversal
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 2
Severity: Critical (HIDS: 9)
HTTP Protocol Phase:
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
urlDecodeUni
Log Types:
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: webplus directory traversal
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 310099
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: websendmail access
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase:
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
urlDecodeUni
Log Types:
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: websendmail access
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 310103
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: nph-test-cgi access
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase:
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
urlDecodeUni
Log Types:
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: nph-test-cgi access
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 310120
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: htsearch arbitrary configuration file attempt
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase:
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
urlDecodeUni
Log Types:
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: htsearch arbitrary configuration file attempt
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 310122
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: AltaVista Intranet search directory traversal attempt
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase:
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
urlDecodeUni
Log Types:
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: AltaVista Intranet search directory traversal attempt
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 310177
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: Coldfusion debug mode access attempt
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase:
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
urlDecodeUni
Log Types:
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: Coldfusion debug mode access attempt
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 310179
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: Unify eWave UploadServlet abuse attempt
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase:
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
urlDecodeUni
Log Types:
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: Unify eWave UploadServlet abuse attempt
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 310203
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: Mall Log order access attempt
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase:
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
urlDecodeUni
Log Types:
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: Mall Log order access attempt
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 310205
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: SWEditServlet directory traversal attempt
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase:
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
urlDecodeUni
Log Types:
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: SWEditServlet directory traversal attempt
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 310206
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: RBS ISP /newuser directory traversal attempt
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase:
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
urlDecodeUni
Log Types:
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: RBS ISP /newuser directory traversal attempt
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 310209
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: Demarc SQL injection attempt
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase:
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
urlDecodeUni
Log Types:
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: Demarc SQL injection attempt
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 310285
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: readfile.tcl local file access attempt
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Alert (HIDS: 10)
HTTP Protocol Phase:
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
urlDecodeUni
Log Types:
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: readfile.tcl local file access attempt
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 310298
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: Mailman cross-site-scripting attempt
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 2
Severity: Critical (HIDS: 9)
HTTP Protocol Phase:
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
urlDecodeUni
Log Types:
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: Mailman cross-site-scripting attempt
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 310306
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: b2-include local command execution attempt
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase:
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
urlDecodeUni
Log Types:
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: b2-include local command execution attempt
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 310836
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: Allaire JRun sample scripts access attempt
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase:
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
urlDecodeUni
Log Types:
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: Allaire JRun sample scripts access attempt
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 310334
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: Interspire ArticleLive newcomment.php cross-site-scripting attempt
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 2
Severity: Critical (HIDS: 9)
HTTP Protocol Phase:
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
urlDecodeUni
Log Types:
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: Interspire ArticleLive newcomment.php cross-site-scripting attempt
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 310383
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: InterAKT MX Kart mxshop SQL injection attempt
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase:
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
urlDecodeUni
Log Types:
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: InterAKT MX Kart mxshop SQL injection attempt
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 310388
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: CPG Dragonfly Coppermine cross-site-scripting attempt
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase:
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
urlDecodeUni
Log Types:
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: CPG Dragonfly Coppermine cross-site-scripting attempt
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 310390
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: AlstraSoft EPay Pro epal cross-site-scripting attempt
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase:
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
urlDecodeUni
Log Types:
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: AlstraSoft EPay Pro epal cross-site-scripting attempt
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 310419
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: TowerBlog! _dat/login password hash disclosure attempt
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase:
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
urlDecodeUni
Log Types:
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: TowerBlog! _dat/login password hash disclosure attempt
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 310487
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: Oracle 9iAS mod_plsql directory traversal
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase:
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
urlDecodeUni
Log Types:
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: Oracle 9iAS mod_plsql directory traversal
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 310489
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: Oracle 9iAS iSQLplus XSS
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase:
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
urlDecodeUni
Log Types:
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: Oracle 9iAS iSQLplus XSS
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 310592
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: OpenCA HTML Injection
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase:
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
urlDecodeUni
Log Types:
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: OpenCA HTML Injection
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 390475
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: Apache Jakarta-Tomcat /admin Context Vulnerability
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase:
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
urlDecodeUni
Log Types:
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: Apache Jakarta-Tomcat /admin Context Vulnerability
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 390474
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: Common http vulnerability
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase:
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
urlDecodeUni
Log Types:
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: Common http vulnerability
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 390473
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: Gurgens Guest Book Remote Database Disclosure Vulnerability
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase:
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
urlDecodeUni
Log Types:
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: Gurgens Guest Book Remote Database Disclosure Vulnerability
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 390472
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: sawmill remote file access
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 2
Severity: Critical (HIDS: 9)
HTTP Protocol Phase:
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
urlDecodeUni
Log Types:
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: sawmill remote file access
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 390471
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: Javamail information disclosure
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 2
Severity: Critical (HIDS: 9)
HTTP Protocol Phase:
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
urlDecodeUni
Log Types:
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: Javamail information disclosure
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 390470
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: Javamail file access
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase:
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
urlDecodeUni
Log Types:
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: Javamail file access
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 390469
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: Invision Community Blog Module SQL injection
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase:
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
replaceComments
replaceNulls
urlDecodeUni
Log Types:
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: Invision Community Blog Module SQL injection
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 390466
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: Claroline E-Learning SQL injection
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase:
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
replaceComments
replaceNulls
urlDecodeUni
Log Types:
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: Claroline E-Learning SQL injection
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 390465
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: Forum Russian Board 4.2 Full command execution
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 2
Severity: Critical (HIDS: 9)
HTTP Protocol Phase:
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
urlDecodeUni
Log Types:
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: Forum Russian Board 4.2 Full command execution
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 390464
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: cpanel XSS vulnerability
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase:
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
urlDecodeUni
Log Types:
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: cpanel XSS vulnerability
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 390463
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: PHP-Fusion database backup file retrieval
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase:
HTTP Status: 403
Action: deny
Transforms:
lowercase
urlDecodeUni
Log Types:
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: PHP-Fusion database backup file retrieval
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 390601
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: Wordpress cat vuln
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 2
Severity: Critical (HIDS: 9)
HTTP Protocol Phase:
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
urlDecodeUni
Log Types:
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: Wordpress cat vuln
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 390461
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: PHPlist SQL injection
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase:
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
replaceComments
replaceNulls
urlDecodeUni
Log Types:
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: PHPlist SQL injection
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 310594
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: netquery 3.1 Remote Command Execution vuln
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 2
Severity: Critical (HIDS: 9)
HTTP Protocol Phase:
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
urlDecodeUni
Log Types:
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: netquery 3.1 Remote Command Execution vuln
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 390460
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: PHPlist SQL injection
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase:
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
replaceComments
replaceNulls
urlDecodeUni
Log Types:
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: PHPlist SQL injection
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 390459
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: python namespace exposure with karrigell service
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 4
Severity: Critical (HIDS: 9)
HTTP Protocol Phase:
HTTP Status: 403
Action: deny
Transforms:
lowercase
urlDecodeUni
Log Types:
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: python namespace exposure with karrigell service
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 390458
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: Test CGI probe
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase:
HTTP Status: 403
Action: deny
Transforms:
lowercase
urlDecodeUni
Log Types:
Description:
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 390457
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: Cisco IOS http configuration probe attempts
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase:
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
urlDecodeUni
Log Types:
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: Cisco IOS http configuration probe attempts
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 390455
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: man2web cgi-scripts remote command spawn
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase:
HTTP Status: 403
Action: deny
Transforms:
lowercase
urlDecodeUni
Log Types:
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: man2web cgi-scripts remote command spawn
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 390453
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: mimicboard2 Exposure of user Credentials
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase:
HTTP Status: 403
Action: deny
Transforms:
lowercase
urlDecodeUni
Log Types:
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: mimicboard2 Exposure of user Credentials
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 390452
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: Mall23 eCommerce idPage SQL Injection Vulnerability
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase:
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
replaceComments
replaceNulls
urlDecodeUni
Log Types:
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: Mall23 eCommerce idPage SQL Injection Vulnerability
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 390451
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: TWiki rev Shell Command Injection Vulnerability
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase:
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
urlDecodeUni
Log Types:
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: TWiki rev Shell Command Injection Vulnerability
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 390450
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: TWiki rev Shell Command Injection Vulnerability
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 2
Severity: Critical (HIDS: 9)
HTTP Protocol Phase:
HTTP Status: 403
Action: deny
Transforms:
lowercase
urlDecodeUni
Log Types:
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: TWiki rev Shell Command Injection Vulnerability
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 390449
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: http header PHP code injection attack
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase:
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
urlDecodeUni
Log Types:
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: http header PHP code injection attack
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 390448
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: MediaWiki Cross-Site Scripting Vulnerabilities
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 2
Severity: Critical (HIDS: 9)
HTTP Protocol Phase:
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
urlDecodeUni
Log Types:
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: MediaWiki Cross-Site Scripting Vulnerabilities
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 390447
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: Phorum Injection Attack
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase:
HTTP Status: 403
Action: deny
Transforms:
lowercase
urlDecodeUni
Log Types:
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: Phorum Injection Attack
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 390446
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: Known Wormsign
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase:
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
urlDecodeUni
Log Types:
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: Known Wormsign
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 390445
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: Known PHP Wormsign
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase:
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
urlDecodeUni
Log Types:
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: Known PHP Wormsign
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 390444
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: YaPiG PHP XSS vulnerability
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase:
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
urlDecodeUni
Log Types:
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: YaPiG PHP XSS vulnerability
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 390441
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: HP OpenView network Node Manager Remote Command Execution Attempt
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase:
HTTP Status: 403
Action: deny
Transforms:
lowercase
urlDecodeUni
Log Types:
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: HP OpenView network Node Manager Remote Command Execution Attempt
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 390440
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: RSA ACE/agent for Web image Cross-Site Scripting Vulnerability
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 2
Severity: Critical (HIDS: 9)
HTTP Protocol Phase:
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
urlDecodeUni
Log Types:
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: RSA ACE/agent for Web image Cross-Site Scripting Vulnerability
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 390439
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: PHP config recon attack
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase:
HTTP Status: 403
Action: deny
Transforms:
lowercase
urlDecodeUni
Log Types:
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: PHP config recon attack
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 390438
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: SaveWebPortal menu_dx.php and menu_sx.php Multiple Variable XSS
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase:
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
urlDecodeUni
Log Types:
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: SaveWebPortal menu_dx.php and menu_sx.php Multiple Variable XSS
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 390437
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: eyeOS Script Insertion and Exposure of user Credentials
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase:
HTTP Status: 403
Action: deny
Transforms:
lowercase
urlDecodeUni
Log Types:
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: eyeOS Script Insertion and Exposure of user Credentials
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 319003
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: cutenews shell injection vuln
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase:
HTTP Status: 403
Action: deny
Transforms:
lowercase
urlDecodeUni
Log Types:
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: cutenews shell injection vuln
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 319000
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: Attack Tool probe
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 2
Severity: Critical (HIDS: 9)
HTTP Protocol Phase:
HTTP Status: 403
Action: deny
Transforms:
lowercase
urlDecodeUni
Log Types:
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: Attack Tool probe
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 319001
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: EkinBoard 1.0.3 config.php SQL Injection through cookie
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 2
Severity: Critical (HIDS: 9)
HTTP Protocol Phase:
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
replaceComments
replaceNulls
urlDecodeUni
Log Types:
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: EkinBoard 1.0.3 config.php SQL Injection through cookie
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 390434
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: PmWiki 2.0.12 Cross Site Scripting
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase:
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
replaceComments
replaceNulls
urlDecodeUni
Log Types:
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: PmWiki 2.0.12 Cross Site Scripting
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 390433
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: CommodityRentals user_id SQL Injection Vulnerability
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase:
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
replaceComments
replaceNulls
urlDecodeUni
Log Types:
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: CommodityRentals user_id SQL Injection Vulnerability
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 390432
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: Joomla! mod_poll SQL Injection
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase:
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
replaceComments
replaceNulls
urlDecodeUni
Log Types:
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: Joomla! mod_poll SQL Injection
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 390431
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: vTiger code inclusion attack
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase:
HTTP Status: 403
Action: deny
Transforms:
lowercase
urlDecodeUni
Log Types:
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: vTiger code inclusion attack
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 390430
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: AgileBill id SQL Injection Vulnerability
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase:
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
replaceComments
replaceNulls
urlDecodeUni
Log Types:
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: AgileBill id SQL Injection Vulnerability
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 390667
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: Non Existent File Hack Probe
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Alert (HIDS: 10)
HTTP Protocol Phase:
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
urlDecodeUni
Log Types:
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: Non Existent File Hack Probe
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 390668
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: SocketKB 1.1.x file include Vulnerability
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Alert (HIDS: 10)
HTTP Protocol Phase:
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
urlDecodeUni
Log Types:
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: SocketKB 1.1.x file include Vulnerability
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 390669
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: SocketKB 1.1.x file include Vulnerability
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Alert (HIDS: 10)
HTTP Protocol Phase:
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
replaceComments
replaceNulls
urlDecodeUni
Log Types:
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: SocketKB 1.1.x file include Vulnerability
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 393657
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: Saxon XSLT command execution attacks
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Alert (HIDS: 10)
HTTP Protocol Phase:
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
replaceComments
replaceNulls
urlDecodeUni
Log Types:
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: Saxon XSLT command execution attacks
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 393658
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: Saxon XSLT command execution attacks
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 2
Severity: Alert (HIDS: 10)
HTTP Protocol Phase:
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
replaceComments
replaceNulls
urlDecodeUni
Log Types:
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: Saxon XSLT command execution attacks
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 393659
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: Orca Blog SQL injection Vulnerability
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Alert (HIDS: 10)
HTTP Protocol Phase:
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
replaceComments
replaceNulls
urlDecodeUni
Log Types:
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: Orca Blog SQL injection Vulnerability
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 390662
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: Cross-Site Scripting Attempt in Host header
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 2
Severity: Alert (HIDS: 10)
HTTP Protocol Phase:
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
replaceComments
replaceNulls
urlDecodeUni
Log Types:
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: Cross-Site Scripting Attempt in Host header
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 390663
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: Nortel SSL VPN Web Interface XSS
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Alert (HIDS: 10)
HTTP Protocol Phase:
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
replaceComments
replaceNulls
urlDecodeUni
Log Types:
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: Nortel SSL VPN Web Interface XSS
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 390664
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: SyntaxCMS XSS vulnerability
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Alert (HIDS: 10)
HTTP Protocol Phase:
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
replaceComments
replaceNulls
urlDecodeUni
Log Types:
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: SyntaxCMS XSS vulnerability
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 390665
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: SiteSage norelay_highlight_words Cross-Site Scripting Vulnerability
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Alert (HIDS: 10)
HTTP Protocol Phase:
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
replaceComments
replaceNulls
urlDecodeUni
Log Types:
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: SiteSage norelay_highlight_words Cross-Site Scripting Vulnerability
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 390666
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: SiteSage norelay_highlight_words Cross-Site Scripting Vulnerability
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Alert (HIDS: 10)
HTTP Protocol Phase:
HTTP Status: 403
Action: deny
Transforms:
Log Types:
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: SiteSage norelay_highlight_words Cross-Site Scripting Vulnerability
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 390035
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: TFT Gallery passwd Exposure of user Credentials
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase:
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
urlDecodeUni
Log Types:
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: TFT Gallery passwd Exposure of user Credentials
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 390037
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: WEBalbum Local File Inclusion Vulnerability
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase:
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
urlDecodeUni
Log Types:
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: WEBalbum Local File Inclusion Vulnerability
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 390040
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: Horde Help Module Remote Execution
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 2
Severity: Critical (HIDS: 9)
HTTP Protocol Phase:
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
urlDecodeUni
Log Types:
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: Horde Help Module Remote Execution
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 390048
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: ManageEngine OpManager searchTerm Cross-Site Scripting
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 2
Severity: Critical (HIDS: 9)
HTTP Protocol Phase:
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
urlDecodeUni
Log Types:
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: ManageEngine OpManager searchTerm Cross-Site Scripting
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 390066
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: Horde passthru exploit
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 2
Severity: Critical (HIDS: 9)
HTTP Protocol Phase:
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
urlDecodeUni
Log Types:
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: Horde passthru exploit
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 390099
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: TikiWiki non-image upload exploit
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase:
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
urlDecodeUni
Log Types:
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: TikiWiki non-image upload exploit
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 390110
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: TWiki filename Parameter Disclosure of Sensitive information
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 2
Severity: Critical (HIDS: 9)
HTTP Protocol Phase:
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
urlDecodeUni
Log Types:
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: TWiki filename Parameter Disclosure of Sensitive information
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 390153
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: Servlet Auth exposure Vulnerability
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase:
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
urlDecodeUni
Log Types:
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: Servlet Auth exposure Vulnerability
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 390155
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: Eazy Cart Customer Data Access
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase:
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
urlDecodeUni
Log Types:
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: Eazy Cart Customer Data Access
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 390168
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: e-Classifieds Corporate Edition db Cross-Site Scripting
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase:
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
urlDecodeUni
Log Types:
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: e-Classifieds Corporate Edition db Cross-Site Scripting
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 390172
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: Aztech ADSL2/2 remote root
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase:
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
htmlEntityDecode
lowercase
urlDecodeUni
Log Types:
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: Aztech ADSL2/2 remote root
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 393204
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: Joomla token exploit
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase:
HTTP Status: 403
Action: deny
Transforms:
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: Joomla token exploit
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 390600
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: Joomla catid ARG SQL injection
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 3
Severity: Critical (HIDS: 9)
HTTP Protocol Phase:
HTTP Status: 403
Action: deny
Transforms:
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: Joomla catid ARG SQL injection
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 393652
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: JAMWiki message Cross-Site Scripting Vulnerability
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase:
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
replaceNulls
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: JAMWiki message Cross-Site Scripting Vulnerability
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 370651
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: Possible Floating Point DoS Attack
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase:
HTTP Status: 403
Action: deny
Transforms:
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: Possible Floating Point DoS Attack
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 376419
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: Possible Ruby on Rails XML Exploit Attempt
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Emergency (HIDS: 14)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
lowercase
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: Possible Ruby on Rails XML Exploit Attempt
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 370662
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: Apache Struts Probe
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase:
HTTP Status: 403
Action: deny
Transforms:
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: Apache Struts Probe
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 370652
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: Apache Struts Probe
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase:
HTTP Status: 403
Action: deny
Transforms:
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: Apache Struts Probe
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 372356
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: a2billing Probe
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase:
HTTP Status: 403
Action: deny
Transforms:
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: a2billing Probe
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 345113
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: JIRA CVE-2021-26086 attack blocked
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 2
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: JIRA CVE-2021-26086 attack blocked
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 345115
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: log4j CVE-2021-44228 attack blocked
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 7
Severity: Alert (HIDS: 10)
HTTP Protocol Phase: 1
HTTP Status: 403
Action: deny
Transforms:
lowercase
removeWhitespace
removeComments
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: log4j CVE-2021-44228 attack blocked
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 345114
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: log4j CVE-2021-44228 obfuscated attack blocked
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 9
Severity: Alert (HIDS: 10)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
cmdLine
lowercase
removeWhitespace
removeComments
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: log4j CVE-2021-44228 obfuscated attack blocked
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 345117
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: log4j CVE-2021-44228 broad scope obfuscated attack blocked
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 5
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
cmdLine
lowercase
removeWhitespace
removeComments
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: log4j CVE-2021-44228 broad scope obfuscated attack blocked
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 345118
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: log4j CVE-2021-44228 broad scope obfuscated attack blocked
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 5
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 1
HTTP Status: 403
Action: deny
Transforms:
lowercase
removeWhitespace
removeComments
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: log4j CVE-2021-44228 broad scope obfuscated attack blocked
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 375357
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: Themegrill site reset attempt blocked
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase:
HTTP Status: 403
Action: deny
Transforms:
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: Themegrill site reset attempt blocked
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 332751
Alert message: Atomicorp.com WAF Rules: b2evolution CMS 6.6.0 - 6.8.10 PHP code execution attack blocked
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 2
Severity: Alert (HIDS: 10)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
lowercase
removeWhitespace
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: b2evolution CMS 6.6.0 - 6.8.10 PHP code execution attack blocked
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 332791
Alert message: Atomicorp.com WAF Rules: Apache Struts RCE Attack
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 2
Severity: Alert (HIDS: 10)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
lowercase
removeWhitespace
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: Apache Struts RCE Attack
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 334168
Alert message: Atomicorp.com WAF Rules: Request content type header contains invalid characters
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 8
Severity: Emergency (HIDS: 14)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: Request content type header contains invalid characters
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 390692
Alert message: Atomicorp.com WAF Rules - Vulnerability scanner attempting XSRF probe
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 2
Severity: Critical (HIDS: 9)
HTTP Protocol Phase:
HTTP Status: 403
Action: deny
Transforms:
lowercase
replaceNulls
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules - Vulnerability scanner attempting XSRF probe
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 390690
Alert message: Atomicorp.com WAF Rules - Vulnerability scanner attempting response splitting
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase:
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
replaceNulls
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules - Vulnerability scanner attempting response splitting
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 390691
Alert message: Atomicorp.com WAF Rules - Vulnerability scanner attempting SQL unescape probe
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase:
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
replaceNulls
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules - Vulnerability scanner attempting SQL unescape probe
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 397679
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: Unauthorized attempt to access insecure BackupBuddy backup.
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 3
Severity: Critical (HIDS: 9)
HTTP Protocol Phase:
HTTP Status: 403
Action: deny
Transforms:
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 397678
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: Access to unauthenticated BackupBuddy backup file. Not blocked.
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 3
Severity: Critical (HIDS: 9)
HTTP Protocol Phase:
HTTP Status: 403
Action: pass
Transforms:
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Description:
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 397680
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: Attempt to exploit command injection vulnerability in Gitorious.
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 2
Severity: Critical (HIDS: 9)
HTTP Protocol Phase:
HTTP Status: 403
Action: pass
Transforms:
lowercase
urlDecodeUni
Log Types:
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: Attempt to exploit command injection vulnerability in Gitorious.
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 381236
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: Access to non media file uploaded via grapfile WP plugin denied
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase:
HTTP Status: 403
Action: deny
Transforms:
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: Access to non media file uploaded via grapfile WP plugin denied
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 381237
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: DLINK worm probe
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase:
HTTP Status: 403
Action: deny
Transforms:
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: DLINK worm probe
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 381238
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: /info/whitelist.pac worm probe
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase:
HTTP Status: 403
Action: deny
Transforms:
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: /info/whitelist.pac worm probe
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 381239
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: XSS attack
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 2
Severity: Critical (HIDS: 9)
HTTP Protocol Phase:
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: XSS attack
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 382238
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: PHP file execution in uploads directory denied
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 2
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: PHP file execution in uploads directory denied
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 382240
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: JBOSS probe denied
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: JBOSS probe denied
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 382292
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: JIRA attack blocked
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 2
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: JIRA attack blocked
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 382293
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: JIRA attack blocked
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 2
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: JIRA attack blocked
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 382291
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: JIRA SSRF attack blocked
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: JIRA SSRF attack blocked
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 337109
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: SSRF attack blocked
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 4
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
base64Decode
hexDecode
lowercase
removeWhitespace
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: SSRF attack blocked
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 337110
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: AWS SSRF attack blocked
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 5
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
hexDecode
lowercase
removeWhitespace
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: AWS SSRF attack blocked
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 337111
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: AWS SSRF attack blocked
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 5
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
base64Decode
lowercase
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: AWS SSRF attack blocked
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 337181
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: Possible memcached SSRF attack blocked
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 2
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
lowercase
removeWhitespace
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: Possible memcached SSRF attack blocked
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.