WAF Rule ID 330701
Alert message: Atomicorp.com WAF Rules: CVE-2014-6271 Bash Attack
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 3
Severity: Alert (HIDS: 10)
HTTP Protocol Phase: 1
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
WAF Rule ID 330702
Alert message: Atomicorp.com WAF Rules: CVE-2014-6271 Bash Attack
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 3
Severity: Alert (HIDS: 10)
HTTP Protocol Phase: 1
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
WAF Rule ID 331702
Alert message: Atomicorp.com WAF Rules: Possible JSON-Based SQL Injection
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 6
Severity: Alert (HIDS: 10)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
lowercase
removeWhitespace
urlDecodeUni
Log Types:
Basic Information (log)
Description:
Atomicorp.com WAF Rules: Possible JSON-Based SQL Injection
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 394669
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: Shenzhen TVT Digital Technology Co. Ltd & OEM {DVR/NVR/IPC} API RCE attempt blocked
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: Shenzhen TVT Digital Technology Co. Ltd & OEM {DVR/NVR/IPC} API RCE attempt blocked
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 334071
Alert message: Atomicorp.com WAF Rules: Known PHP code injection Attack
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 2
Severity: Alert (HIDS: 10)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: Known PHP code injection Attack
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 334072
Alert message: Atomicorp.com WAF Rules: CVE-2019-6703 Attack blocked
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 5
Severity: Alert (HIDS: 10)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: CVE-2019-6703 Attack blocked
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 334073
Alert message: Atomicorp.com WAF Rules: Injection Attack blocked
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Alert (HIDS: 10)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
removeWhitespace
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: Injection Attack blocked
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 394667
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: Possible CryptoPHP backdoor attempt
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: Possible CryptoPHP backdoor attempt
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 394666
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: Possible CryptoPHP backdoor attempt
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: Possible CryptoPHP backdoor attempt
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 312863
Alert message: Atomicorp.com WAF Rules: Potential Reflected File Download (RFD) Attack.
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version:
Severity: Emergency (HIDS: 14)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
This rules detects when a potential reflected download attack (RFD) has been detected.
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
http://dl.packetstormsecurity.net/papers/attack/Aspect_File_Download_Injection.pdf
WAF Rule ID 339207
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: Struts CVE-2020-17530 RCE attack blocked
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
base64Decode
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: Struts CVE-2020-17530 RCE attack blocked
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 337207
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: Java RCE attack blocked
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 4
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: Java RCE attack blocked
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 337206
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: Struts RCE attack blocked
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 8
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: Struts RCE attack blocked
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 337208
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: Struts RCE attack blocked
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 6
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: Struts RCE attack blocked
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 337210
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: Java RCE attack blocked
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 8
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: Java RCE attack blocked
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 337218
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: Struts RCE attack blocked
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
lowercase
removeWhitespace
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: Struts RCE attack blocked
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 337211
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: Confluence Pre-Auth Remote Code Execution via OGNL Injection (CVE-2022-26134) blocked
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 4
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: Confluence Pre-Auth Remote Code Execution via OGNL Injection (CVE-2022-26134) blocked
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 337209
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: Java remote code injection blocked
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 5
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: Java remote code injection blocked
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 337106
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: Joomla RCE attack blocked
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 2
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
lowercase
removeWhitespace
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: Joomla RCE attack blocked
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 337107
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: Joomla RCE attack blocked
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 2
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
lowercase
removeWhitespace
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: Joomla RCE attack blocked
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 347195
Alert message: Atomicorp.com WAF Rules: PHP function in HTTP header attack blocked
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
replaceNulls
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: PHP function in HTTP header attack blocked
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 392767
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: Possible BIG_IP attack
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 2
Severity: Alert (HIDS: 10)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: Possible BIG_IP attack
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 392765
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: Naive Java application cross scripting attack
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 2
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
removeComments
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: Naive Java application cross scripting attack
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 393664
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: Wordpress Gravity Forms upload attack
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 2
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
lowercase
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: Wordpress Gravity Forms upload attack
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 393663
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: Possible Wordpress CM Download Manager RCE attempt
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: Possible Wordpress CM Download Manager RCE attempt
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 322272
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: cmdownload XSS attack (CVE-2020-27344)
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 3
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
lowercase
normalisePath
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: cmdownload XSS attack (CVE-2020-27344)
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 391235
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: Drupal pre-auth SQL injection attack
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 8
Severity: Alert (HIDS: 10)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
removeComments
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: Drupal pre-auth SQL injection attack
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 393766
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: semalt.com bot attempt
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 8
Severity: Error (HIDS: 8)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Options: No active Response
Transforms:
lowercase
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: semalt.com bot attempt
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 393669
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: Possible DOS attack
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Alert (HIDS: 10)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: Possible DOS attack
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 384545
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: Joomla Media Manager File Upload Bypass Attack
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: Joomla Media Manager File Upload Bypass Attack
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 393665
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch:Possible W3TC and WP Super Cache PHP Code injection attempt
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Alert (HIDS: 10)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch:Possible W3TC and WP Super Cache PHP Code injection attempt
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 378492
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: Roundcube LFI vulnerablity
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 7
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: Roundcube LFI vulnerablity
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 378497
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: Unauthorized Proxying of Website by .stfi.re
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 7
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: Unauthorized Proxying of Website by .stfi.re
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 378491
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: Possible Attempt to Exploit PHP CGI command injection vulnerablity
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 6
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
lowercase
removeWhitespace
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 378371
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: Possible Attempt to Exploit PHP CGI command injection vulnerablity
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 4
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
removeWhitespace
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 376476
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: VBulleting Code Injection Attack Blocked
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: VBulleting Code Injection Attack Blocked
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 376416
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: W3 Total Cache vulnerablity
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
lowercase
removeWhitespace
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: W3 Total Cache vulnerablity
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 392664
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: Joomla Privilige Escalation Vulnerability
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Alert (HIDS: 10)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: Joomla Privilige Escalation Vulnerability
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 392665
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: Joomla Privilige Escalation Vulnerability
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Alert (HIDS: 10)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: Joomla Privilige Escalation Vulnerability
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 381211
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: MySQL Server Username/Password Disclosure Vulnerability via \
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version:
Severity: Emergency (HIDS: 14)
HTTP Protocol Phase: 4
HTTP Status: 403
Action: deny
Transforms:
lowercase
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: MySQL Server Username/Password Disclosure Vulnerability via \
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 336477
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: Magento Shoplift attack
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 2
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: Magento Shoplift attack
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 336478
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: ModX Revolution 2.3.5-pl Cross Site Scripting attack
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 2
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: ModX Revolution 2.3.5-pl Cross Site Scripting attack
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 391742
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: Wordpress Gravity Forms 1.8.19 Shell Upload Attack
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Emergency (HIDS: 14)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: Wordpress Gravity Forms 1.8.19 Shell Upload Attack
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 391743
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: Wordpress Gravity Forms 1.8.19 Shell Upload Attack
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Emergency (HIDS: 14)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: Wordpress Gravity Forms 1.8.19 Shell Upload Attack
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 390751
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: Wordpress REST API remote code injection attack
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 2
Severity: Emergency (HIDS: 14)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: Wordpress REST API remote code injection attack
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 390753
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: Wordpress REST API remote code injection attack
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Emergency (HIDS: 14)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: Wordpress REST API remote code injection attack
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 390755
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: Drupal Code Injection attack blocked
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 2
Severity: Emergency (HIDS: 14)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: Drupal Code Injection attack blocked
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 390766
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: Drupal Code Injection attack blocked
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version:
Severity: Emergency (HIDS: 14)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: Drupal Code Injection attack blocked
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 390767
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: Drupal Code Injection attack blocked
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version:
Severity: Emergency (HIDS: 14)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: Drupal Code Injection attack blocked
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 390768
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: PHP Code Injection attack blocked
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version:
Severity: Emergency (HIDS: 14)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: PHP Code Injection attack blocked
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 322211
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: WP myEasybackup directory recursion attack
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: WP myEasybackup directory recursion attack
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 393782
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: PGP eval stdin attack blocked
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: PGP eval stdin attack blocked
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 393781
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: WordPress File Manager Plugin attack blocked
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: WordPress File Manager Plugin attack blocked
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 322121
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: WP Live Chat File Upload attack
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 2
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: WP Live Chat File Upload attack
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 393780
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: WordPress Possible TC custom javscript injection attack blocked
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: WordPress Possible TC custom javscript injection attack blocked
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 334616
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: Possible Advanced Access Manager attack attempt
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: Possible Advanced Access Manager attack attempt
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 334617
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: WP User Avatar plugin privilege escalation attack attempt
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: WP User Avatar plugin privilege escalation attack attempt
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 393750
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: WordPress ajax_asyn_link LFI attack blocked
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: WordPress ajax_asyn_link LFI attack blocked
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 393758
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: WordPress backup manager LFI attack blocked
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: WordPress backup manager LFI attack blocked
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 393759
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: WordPress backup manager LFI attack blocked
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: WordPress backup manager LFI attack blocked
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 393771
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: WordPress shortcode LFI attack blocked
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: WordPress shortcode LFI attack blocked
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 393772
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: WordPress adaptive-images-script.php LFI attack blocked
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: WordPress adaptive-images-script.php LFI attack blocked
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 393760
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: OPAC RSS Search SQL injection attack blocked
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: OPAC RSS Search SQL injection attack blocked
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 393749
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: WordPress html2canvas proxy SSRF attack blocked
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: WordPress html2canvas proxy SSRF attack blocked
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 322314
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: WP AccessPress Themes attack (CVE-2020-25378)
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 2
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: WP AccessPress Themes attack (CVE-2020-25378)
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 322313
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: WP recall products plugin XSS attack (CVE-2020-25380)
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 2
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: WP recall products plugin XSS attack (CVE-2020-25380)
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 322111
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: WordPress Load More SQL injection attack
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 2
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: WordPress Load More SQL injection attack
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 322122
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: WP Medoa Recursion attack
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 2
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: WP Medoa Recursion attack
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 393666
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: Possible Wordpress brute force attempt, direct Login Missing Referer (not blocked)
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 4
Severity: Warning (HIDS: 7)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: pass
Options: No active Response
Transforms:
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: Possible Wordpress brute force attempt, direct Login Missing Referer (not blocked)
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 323667
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: WP XSS in Loginizer attack (CVE-2018-11366)
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version:
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: pass
Transforms:
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: WP XSS in Loginizer attack (CVE-2018-11366)
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 356710
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: Wordpress PHP Anywhere < 3.0.0 - Remote Code Execution
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: Wordpress PHP Anywhere < 3.0.0 - Remote Code Execution
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 322182
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: WooCommerce Unauthenticated Arbitrary File Upload attack
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 2
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: WooCommerce Unauthenticated Arbitrary File Upload attack
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 322183
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: WooCommerce Unauthenticated Arbitrary File Upload attack
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 2
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: WooCommerce Unauthenticated Arbitrary File Upload attack
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 322102
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: SQL Injection attack against WP Good Layers Plugin (CVE-2020-27481)
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 2
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: SQL Injection attack against WP Good Layers Plugin (CVE-2020-27481)
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 322172
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: WordPress Download Manager XSS attack (CVE-2013-7319)
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 2
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
htmlEntityDecode
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: WordPress Download Manager XSS attack (CVE-2013-7319)
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 322112
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: Elementor Pro File Upload attack attack
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 2
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: Elementor Pro File Upload attack attack
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 322113
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: Drag and Drop Upload Contact Form Code Injection attack
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 2
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: Drag and Drop Upload Contact Form Code Injection attack
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 322114
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: WP Widget Importer/Export RFI attack
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 2
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: WP Widget Importer/Export RFI attack
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 322115
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: MapPress Maps path recursion attack
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 2
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: MapPress Maps path recursion attack
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 383709
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: KingComposer XSS attack blocked
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: KingComposer XSS attack blocked
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 322222
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: WP CommentLuv XSS attack blocked
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: WP CommentLuv XSS attack blocked
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 303669
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: Adning PHP code injection attack blocked
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: Adning PHP code injection attack blocked
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 303668
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: Adning PHP code injection attack blocked
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: Adning PHP code injection attack blocked
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 303768
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: Possible Newsletter Plugin attack blocked
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: Possible Newsletter Plugin attack blocked
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 303769
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: Possible Newsletter Plugin PHP objection insertion attack blocked
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: Possible Newsletter Plugin PHP objection insertion attack blocked
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 393767
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: Arbitrary File Upload Vulnerability in Jssor Slider attack blocked
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: Arbitrary File Upload Vulnerability in Jssor Slider attack blocked
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 323769
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: wp-config file download attack via duplicator plugin blocked
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: wp-config file download attack via duplicator plugin blocked
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 383769
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: WooCommerce attack blocked
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: WooCommerce attack blocked
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 393769
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: WordPress ajaxServersettingschk command injection attack blocked
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: WordPress ajaxServersettingschk command injection attack blocked
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 393768
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: WordPress ajaxServersettingschk command injection attack blocked
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: WordPress ajaxServersettingschk command injection attack blocked
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 393751
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: WordPress 301bulkoptions attack blocked
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: WordPress 301bulkoptions attack blocked
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 347147
Alert message: Atomicorp.com WAF Rules: Wordpress admin-ajax XSS attack
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 4
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
lowercase
removeNulls
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: Wordpress admin-ajax XSS attack
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 347148
Alert message: Atomicorp.com WAF Rules: Wordpress admin-ajax Live Chat plugin XSS attack
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
lowercase
removeNulls
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: Wordpress admin-ajax Live Chat plugin XSS attack
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 347149
Alert message: Atomicorp.com WAF Rules: Wordpress admin-ajax file injection attack
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
lowercase
removeNulls
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: Wordpress admin-ajax file injection attack
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 347150
Alert message: Atomicorp.com WAF Rules: WordPress GDPR Compliance Plugin Exploit blocked
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 2
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
lowercase
removeNulls
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: WordPress GDPR Compliance Plugin Exploit blocked
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 347151
Alert message: Atomicorp.com WAF Rules: WordPress Kiwi Social Plugin Exploit blocked
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
lowercase
removeNulls
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: WordPress Kiwi Social Plugin Exploit blocked
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 347152
Alert message: Atomicorp.com WAF Rules: WordPress Kiwi Social Plugin Exploit blocked
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 2
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
lowercase
removeNulls
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: WordPress Kiwi Social Plugin Exploit blocked
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 347153
Alert message: Atomicorp.com WAF Rules: WordPress Kiwi Social Plugin Exploit blocked
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
lowercase
removeNulls
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: WordPress Kiwi Social Plugin Exploit blocked
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 347154
Alert message: Atomicorp.com WAF Rules: WordPress Kiwi Social Plugin Exploit blocked
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
lowercase
removeNulls
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: WordPress Kiwi Social Plugin Exploit blocked
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 347155
Alert message: Atomicorp.com WAF Rules: WordPress Admin Ajax unauthenticated plugin/extension exploit blocked
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
lowercase
removeNulls
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: WordPress Admin Ajax unauthenticated plugin/extension exploit blocked
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 347156
Alert message: Atomicorp.com WAF Rules: WordPress Admin Ajax unauthenticated plugin/extension exploit blocked
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
lowercase
removeNulls
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: WordPress Admin Ajax unauthenticated plugin/extension exploit blocked
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 347157
Alert message: Atomicorp.com WAF Rules: WordPress Admin Ajax unauthenticated plugin/extension exploit blocked
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
lowercase
removeNulls
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: WordPress Admin Ajax unauthenticated plugin/extension exploit blocked
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 347158
Alert message: Atomicorp.com WAF Rules: WordPress Admin Ajax unauthenticated plugin/extension exploit blocked
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
lowercase
removeNulls
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: WordPress Admin Ajax unauthenticated plugin/extension exploit blocked
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 347159
Alert message: Atomicorp.com WAF Rules: WordPress Admin Ajax unauthenticated plugin/extension exploit blocked
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
lowercase
removeNulls
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: WordPress Admin Ajax unauthenticated plugin/extension exploit blocked
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 347160
Alert message: Atomicorp.com WAF Rules: WordPress Admin Ajax unauthenticated plugin/extension exploit blocked
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
lowercase
removeNulls
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: WordPress Admin Ajax unauthenticated plugin/extension exploit blocked
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 382245
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: Access attempt or probe for known vulnerable yuzo-related-post Plugin blocked
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Emergency (HIDS: 14)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: Access attempt or probe for known vulnerable yuzo-related-post Plugin blocked
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 382241
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: auth.login_form probe blocked
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Emergency (HIDS: 14)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: auth.login_form probe blocked
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 382242
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: auth.login_form probe blocked
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 4
Severity: Emergency (HIDS: 14)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: auth.login_form probe blocked
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 393743
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: WordPress Service Finder Booking Local File Disclosure blocked
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Emergency (HIDS: 14)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: WordPress Service Finder Booking Local File Disclosure blocked
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 391746
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: phpCollab 2.5.1 Unauthenticated File Upload blocked
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Emergency (HIDS: 14)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: phpCollab 2.5.1 Unauthenticated File Upload blocked
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 391747
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: WordPress LearnDash 2.5.3 File Upload
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Emergency (HIDS: 14)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: WordPress LearnDash 2.5.3 File Upload
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 391756
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: WP Cherry Plugin Unauthenticated File Upload blocked
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Emergency (HIDS: 14)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: WP Cherry Plugin Unauthenticated File Upload blocked
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 391748
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: WordPress LearnDash 2.5.3 File Upload
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Emergency (HIDS: 14)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: WordPress LearnDash 2.5.3 File Upload
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 391749
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: Advertisement board Joomla classifieds extension 3.2.0 - Remote Shell Upload Vulnerability blocked
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Emergency (HIDS: 14)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: Advertisement board Joomla classifieds extension 3.2.0 - Remote Shell Upload Vulnerability blocked
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 391759
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: PerfexCRM 1.9.7 a Unrestricted php5 File upload blocked
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Emergency (HIDS: 14)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: PerfexCRM 1.9.7 a Unrestricted php5 File upload blocked
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 390747
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: Boost My Campaign 1.1 Unauthenticated Administrative Access blocked
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Emergency (HIDS: 14)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: Boost My Campaign 1.1 Unauthenticated Administrative Access blocked
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 390769
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: WordPress Theme Newspaper 6.7.1 - Privilege Escalation attack
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Emergency (HIDS: 14)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: WordPress Theme Newspaper 6.7.1 - Privilege Escalation attack
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 390849
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: PHPMailer remote code execution attack
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 2
Severity: Emergency (HIDS: 14)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: PHPMailer remote code execution attack
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 390749
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: Joomla privilege escalation attack
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Emergency (HIDS: 14)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: Joomla privilege escalation attack
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 390746
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: Known Vulnerable Joomla Simple File Upload v1.3 Access blocked
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Emergency (HIDS: 14)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: Known Vulnerable Joomla Simple File Upload v1.3 Access blocked
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 390745
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: Known PHP malware
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Emergency (HIDS: 14)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: Known PHP malware
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 390744
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: Joomla com aceftp Arbitrary File Download Vulnerability
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Emergency (HIDS: 14)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: Joomla com aceftp Arbitrary File Download Vulnerability
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 391744
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: SugarCRM PHP Code injection attack
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Emergency (HIDS: 14)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: SugarCRM PHP Code injection attack
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 391745
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: SugarCRM Insecure fopen attack
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Emergency (HIDS: 14)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: SugarCRM Insecure fopen attack
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 391741
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: Roxy File Manager Shell Upload Attack
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Emergency (HIDS: 14)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: Roxy File Manager Shell Upload Attack
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 391739
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: Easy Hosting Control Panel plaintext password attack denied
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Emergency (HIDS: 14)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: Easy Hosting Control Panel plaintext password attack denied
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 391740
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: WordPress WP Mobile Detector 3.5 Shell Upload
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Emergency (HIDS: 14)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: WordPress WP Mobile Detector 3.5 Shell Upload
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 391709
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: Easy Hosting Control Panel Unauthenticated File upload attack denied
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Emergency (HIDS: 14)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: Easy Hosting Control Panel Unauthenticated File upload attack denied
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 393739
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: PivotX shell upload attack denied
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Emergency (HIDS: 14)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: PivotX shell upload attack denied
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 393738
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: Zenphoto RFI attack denied
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Emergency (HIDS: 14)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: Zenphoto RFI attack denied
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 393737
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: PHP utility belt access denied
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Emergency (HIDS: 14)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: PHP utility belt access denied
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 393734
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: Yeager CMS unauthenticated upload blocked
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Emergency (HIDS: 14)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: Yeager CMS unauthenticated upload blocked
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 393721
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: Yeager CMS SSRF attack blocked
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Emergency (HIDS: 14)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: Yeager CMS SSRF attack blocked
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 393720
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: Grawlix 1.0.3: Code Execution
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Emergency (HIDS: 14)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: Grawlix 1.0.3: Code Execution
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 393719
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: CouchCMS 1.4.5: Code Execution attack blocked
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Emergency (HIDS: 14)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: CouchCMS 1.4.5: Code Execution attack blocked
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 364577
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: Bigware Shop 2.3.01 File Upload Attack blocked
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: Bigware Shop 2.3.01 File Upload Attack blocked
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 344577
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: Magmi file recursion attack
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: Magmi file recursion attack
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 344477
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: ProjeQtor 4.5.2 Shell Upload attack
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: ProjeQtor 4.5.2 Shell Upload attack
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 344479
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: Centreon 2.6.1 Command Injection Vulnerability attack
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: Centreon 2.6.1 Command Injection Vulnerability attack
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 343478
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: Collabtive 2.0 Shell Upload attack
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: Collabtive 2.0 Shell Upload attack
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 343481
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: Vtiger CRM 6.3 Remote Code Execution attack
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: Vtiger CRM 6.3 Remote Code Execution attack
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 348476
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: Wordpress Plugin Navis Documentcloud XSS Vulnerability attack
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: Wordpress Plugin Navis Documentcloud XSS Vulnerability attack
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 348477
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: Pluck remote code injection attack
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: Pluck remote code injection attack
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 348478
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: Pluck recon phpinfon attack
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: Pluck recon phpinfon attack
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 347475
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: Wordpress Plugin wp-symposium Unauthenticated SQL Injection Vulnerability attack
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: Wordpress Plugin wp-symposium Unauthenticated SQL Injection Vulnerability attack
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 347476
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: Wordpress Plugin wp-symposium Unauthenticated SQL Injection Vulnerability attack
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: Wordpress Plugin wp-symposium Unauthenticated SQL Injection Vulnerability attack
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 347474
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: vBulletin Memcache Remote Code Execution Attack
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: vBulletin Memcache Remote Code Execution Attack
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 337472
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: Microweber v1.0.3 File Upload Filter Bypass Remote PHP Code Execution attempt
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: Microweber v1.0.3 File Upload Filter Bypass Remote PHP Code Execution attempt
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 337473
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: Generic wordpress plugins Upload Filter Bypass Remote file access attempt
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: Generic wordpress plugins Upload Filter Bypass Remote file access attempt
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 337474
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: WordPress Fast Image Adder 1.1 Shell Upload attack
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: WordPress Fast Image Adder 1.1 Shell Upload attack
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 337475
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: WordPress Fast Image Adder 1.1 Shell Upload attack
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: WordPress Fast Image Adder 1.1 Shell Upload attack
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 337470
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: Wordpress uploadify upload Attack
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: Wordpress uploadify upload Attack
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 337471
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: uploadify non-media file upload violation
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 3
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: uploadify non-media file upload violation
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 337476
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: uploadify RFI attack blocked
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 3
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: uploadify RFI attack blocked
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 393726
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: Wordpress WooCommerce Privilege Escalation
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Emergency (HIDS: 14)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: Wordpress WooCommerce Privilege Escalation
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 393725
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: Wordpress WP User Frontend Plugin Unrestricted File Upload blocked
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Emergency (HIDS: 14)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
lowercase
removeComments
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: Wordpress WP User Frontend Plugin Unrestricted File Upload blocked
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 393723
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: Wordpress Blind SQLi POC blocked
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Emergency (HIDS: 14)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: Wordpress Blind SQLi POC blocked
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 393727
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: Possible Wordpress User Meta Manager Plugin Information Disclosure attack blocked
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Emergency (HIDS: 14)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: Possible Wordpress User Meta Manager Plugin Information Disclosure attack blocked
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 393728
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: Possible Wordpress User Meta Manager Plugin Information Disclosure attack blocked
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Emergency (HIDS: 14)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: Possible Wordpress User Meta Manager Plugin Information Disclosure attack blocked
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 393724
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: Wordpress Privilege Escalation attack blocked
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Emergency (HIDS: 14)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
lowercase
removeComments
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: Wordpress Privilege Escalation attack blocked
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 337469
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: Wordpress Revslider upload Attack
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 3
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 337479
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: Wordpress Revslider non-image file download Attack
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 2
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 336469
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: Wordpress Stored XSS Attack
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: Wordpress Stored XSS Attack
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 336468
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: Google Maps plugin for Joomla probe
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 2
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 1
HTTP Status: 403
Action: deny
Transforms:
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: Google Maps plugin for Joomla probe
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 336467
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: Possible chained PHP array injection attack
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 3
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: Possible chained PHP array injection attack
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 336460
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: Open Flash Charts File Upload Attack
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 3
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: Open Flash Charts File Upload Attack
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 336459
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: Plesk secret_key attack
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 3
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: Plesk secret_key attack
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 336359
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: Wordpress pingback zombie attack
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 2
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 331358
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: Vbulletin zero day attack
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 2
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: Vbulletin zero day attack
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 331357
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: WHMCS SQL injection attack
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 3
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: WHMCS SQL injection attack
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 321357
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: WordPress serialize name change attack
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: WordPress serialize name change attack
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 321356
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: Joomla probe
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
replaceNulls
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: Joomla probe
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 388000
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: Possible Attempt to Access vulnerable FCKeditor file upload connector (Disable if you have configured this connector to require authentication)
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
replaceNulls
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 380800
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: PHP Easter Egg Access
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
replaceNulls
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 380801
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: PHP Easter Egg Access
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
replaceNulls
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 390760
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: RFI Injection Exploit
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: RFI Injection Exploit
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 393756
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch:e107 RFI attack
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Alert (HIDS: 10)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
htmlEntityDecode
lowercase
replaceNulls
urlDecode
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch:e107 RFI attack
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 390655
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: SYSURL RFI attack Vulnerability
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Alert (HIDS: 10)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
Log Types:
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: SYSURL RFI attack Vulnerability
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 390656
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: get variable RFI attack Vulnerability
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Alert (HIDS: 10)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
Log Types:
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: get variable RFI attack Vulnerability
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 391760
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: RFI Injection Exploit
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
replaceNulls
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: RFI Injection Exploit
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 395760
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: RFI Injection Exploit
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: RFI Injection Exploit
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 310054
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: b2 cafelog gm-2-b2.php remote file include attempt
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
Log Types:
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: b2 cafelog gm-2-b2.php remote file include attempt
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 310055
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: BLNews objects.inc.php4 remote file include attempt
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
Log Types:
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: BLNews objects.inc.php4 remote file include attempt
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 310056
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: ttCMS header.php remote file include attempt
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 2
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
Log Types:
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: ttCMS header.php remote file include attempt
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 310059
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: pmachine remote file include attempt
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
Log Types:
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: pmachine remote file include attempt
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 310090
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: Forum remote include attempt
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
Log Types:
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: Forum remote include attempt
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 310227
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: auth.php remote file inclusion attempt
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
Log Types:
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: auth.php remote file inclusion attempt
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 310233
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: PHP formmail.inc.php file inclusion attempt
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 2
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
Log Types:
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: PHP formmail.inc.php file inclusion attempt
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 310234
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: download Center Lite download_center_lite.inc.php command execution attempt
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Alert (HIDS: 10)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
Log Types:
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: download Center Lite download_center_lite.inc.php command execution attempt
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 310235
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: mod_mainmenu.php command execution attempt
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Alert (HIDS: 10)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
Log Types:
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: mod_mainmenu.php command execution attempt
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 310236
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: phpWebLog init.inc.php command execution attempt
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Alert (HIDS: 10)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
Log Types:
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: phpWebLog init.inc.php command execution attempt
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 310238
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: mcNews header.php command execution attempt
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 2
Severity: Alert (HIDS: 10)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
Log Types:
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: mcNews header.php command execution attempt
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 310240
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: votebox.php command execution attempt
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Alert (HIDS: 10)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
Log Types:
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: votebox.php command execution attempt
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 310267
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: phpWebLog init.inc.php remote file inclusion attempt
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase:
HTTP Status: 403
Action: deny
Transforms:
Log Types:
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: phpWebLog init.inc.php remote file inclusion attempt
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 310293
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: poc_root_path remote file inclusion attempt
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase:
HTTP Status: 403
Action: deny
Transforms:
Log Types:
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: poc_root_path remote file inclusion attempt
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 310295
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: PHPOpenChat poc.php remote file inclusion attempt
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase:
HTTP Status: 403
Action: deny
Transforms:
Log Types:
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: PHPOpenChat poc.php remote file inclusion attempt
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 310297
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: mcNews install.php remote command execution attempt
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Alert (HIDS: 10)
HTTP Protocol Phase:
HTTP Status: 403
Action: deny
Transforms:
Log Types:
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: mcNews install.php remote command execution attempt
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 390282
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: page_tail RFI injection Vulnerability
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase:
HTTP Status: 403
Action: deny
Transforms:
Log Types:
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: page_tail RFI injection Vulnerability
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 310237
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: phpWebLog backend index.php command execution attempt
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 2
Severity: Alert (HIDS: 10)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: pass
Transforms:
compressWhitespace
lowercase
replaceNulls
urlDecodeUni
Log Types:
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: phpWebLog backend index.php command execution attempt
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 310268
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: phpWebLog links/index.php remote file inclusion attempt
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: pass
Transforms:
compressWhitespace
lowercase
replaceNulls
urlDecodeUni
Log Types:
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: phpWebLog links/index.php remote file inclusion attempt
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 310289
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: PHPnuke index.php remote file inclusion attempt
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: pass
Transforms:
compressWhitespace
lowercase
replaceNulls
urlDecodeUni
Log Types:
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: PHPnuke index.php remote file inclusion attempt
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 390651
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: Joomla! Shoutbox Pro Component controller Local File Inclusion Vulnerability
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Alert (HIDS: 10)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: pass
Transforms:
compressWhitespace
lowercase
replaceNulls
urlDecodeUni
Log Types:
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: Joomla! Shoutbox Pro Component controller Local File Inclusion Vulnerability
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 310274
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: auraCMA index.php cross-site-scripting attempt
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: pass
Transforms:
compressWhitespace
lowercase
replaceNulls
urlDecodeUni
Log Types:
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: auraCMA index.php cross-site-scripting attempt
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 310337
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: Dream4 Koobi CMS index.php remote file inclusion attempt
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: pass
Transforms:
compressWhitespace
lowercase
replaceNulls
urlDecodeUni
Log Types:
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: Dream4 Koobi CMS index.php remote file inclusion attempt
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 310392
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: AlstraSoft EPay Pro epal/index.php remote file inclusion attempt
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: pass
Transforms:
compressWhitespace
lowercase
replaceNulls
urlDecodeUni
Log Types:
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: AlstraSoft EPay Pro epal/index.php remote file inclusion attempt
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 310580
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: Page argument RFI injection attempt
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: pass
Transforms:
compressWhitespace
lowercase
replaceComments
replaceNulls
urlDecodeUni
Log Types:
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: Page argument RFI injection attempt
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 331323
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: Potential Owncloud information leakage attack blocked
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 2
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: Potential Owncloud information leakage attack blocked
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 393753
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: LFI attack blocked
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Emergency (HIDS: 14)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: LFI attack blocked
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 393754
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: PHP code injection attack blocked
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Emergency (HIDS: 14)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: PHP code injection attack blocked
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 393752
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: LFI attack blocked
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Emergency (HIDS: 14)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: LFI attack blocked
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 390737
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: Joomla Image Upload - Arbitrary File Upload
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Emergency (HIDS: 14)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: Joomla Image Upload - Arbitrary File Upload
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 333458
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: DOKEOS ce30 Authentication Bypass attack blocked
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 2
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: DOKEOS ce30 Authentication Bypass attack blocked
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 333358
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: Potential JCE image manager attack
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 3
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: Potential JCE image manager attack
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 333359
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: JCE image attempt to rename image file to PHP attack
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 3
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: JCE image attempt to rename image file to PHP attack
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 391663
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: NoNumber Framework Joomla Plugin Vulnerability
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Alert (HIDS: 10)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
replaceNulls
urlDecodeUni
Log Types:
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: NoNumber Framework Joomla Plugin Vulnerability
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 391664
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: NoNumber Framework Joomla Plugin Vulnerability Probe
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Alert (HIDS: 10)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
replaceNulls
urlDecodeUni
Log Types:
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: NoNumber Framework Joomla Plugin Vulnerability Probe
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 391662
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: Module user SQL Injection Vulnerability
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Alert (HIDS: 10)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
replaceComments
replaceNulls
urlDecodeUni
Log Types:
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: Module user SQL Injection Vulnerability
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 310251
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: citrusdb tools/index.php directory traversal attempt
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
replaceNulls
urlDecodeUni
Log Types:
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: citrusdb tools/index.php directory traversal attempt
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 310252
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: citrusdb tools/index.php upload authorization bypass attempt
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Alert (HIDS: 10)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
replaceNulls
urlDecodeUni
Log Types:
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: citrusdb tools/index.php upload authorization bypass attempt
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 310058
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: ttforum remote file include attempt
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
replaceNulls
urlDecodeUni
Log Types:
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: ttforum remote file include attempt
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 310066
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: IdeaBox file include
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
replaceNulls
urlDecodeUni
Log Types:
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: IdeaBox file include
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 310335
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: Dream4 Koobi CMS index.php SQL injection attempt
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 2
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
replaceComments
replaceNulls
urlDecodeUni
Log Types:
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: Dream4 Koobi CMS index.php SQL injection attempt
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 310346
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: eXoops index.php SQL injection attempt
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
replaceNulls
urlDecodeUni
Log Types:
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: eXoops index.php SQL injection attempt
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 310347
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: eXoops sections/index.php cross-site-scripting attempt
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
replaceNulls
urlDecodeUni
Log Types:
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: eXoops sections/index.php cross-site-scripting attempt
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 310372
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: Lighthouse Squirrelcart index.php SQL injection attempt
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
replaceNulls
urlDecodeUni
Log Types:
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: Lighthouse Squirrelcart index.php SQL injection attempt
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 310382
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: InterAKT MX Kart index.php SQL injection attempt
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
replaceNulls
urlDecodeUni
Log Types:
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: InterAKT MX Kart index.php SQL injection attempt
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 310405
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: phpMyAdmin index.php convcharset parameter cross-site-scripting attempt
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
replaceNulls
urlDecodeUni
Log Types:
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: phpMyAdmin index.php convcharset parameter cross-site-scripting attempt
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 310407
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: Cubecart index.php SQL injection attempt
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
replaceNulls
urlDecodeUni
Log Types:
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: Cubecart index.php SQL injection attempt
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 310425
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: phpBB index.php SQL injection attempt
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
lowercase
Log Types:
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: phpBB index.php SQL injection attempt
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 310445
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: Squirrelcart index.php SQL injection attempt
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
replaceNulls
urlDecodeUni
Log Types:
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: Squirrelcart index.php SQL injection attempt
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 310466
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: eGroupWare index.php SQL injection attempt
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
replaceComments
replaceNulls
urlDecodeUni
Log Types:
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: eGroupWare index.php SQL injection attempt
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 310467
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: eGroupWare tts/index.php SQL injection attempt
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
replaceComments
replaceNulls
urlDecodeUni
Log Types:
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: eGroupWare tts/index.php SQL injection attempt
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 390652
Alert message: Atomicorp.com WAF Rules - FreePHPBlogSoftware phpincdir File Inclusion Vulnerability
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
replaceNulls
urlDecodeUni
Log Types:
Description:
Atomicorp.com WAF Rules - FreePHPBlogSoftware phpincdir File Inclusion Vulnerability
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 350023
Alert message: Atomicorp.com WAF Rules: Non-Existant File Google Recon attempt
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
replaceNulls
urlDecodeUni
Log Types:
Description:
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 380005
Alert message: Atomicorp.com WAF Rules: PHP session cookie attack
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
replaceNulls
urlDecodeUni
Log Types:
Description:
Atomicorp.com WAF Rules: PHP session cookie attack
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 310008
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: squirrel mail spell-check arbitrary command attempt
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
replaceNulls
urlDecodeUni
Log Types:
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: squirrel mail spell-check arbitrary command attempt
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 310009
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: squirrel mail theme arbitrary command attempt
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
replaceNulls
urlDecodeUni
Log Types:
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: squirrel mail theme arbitrary command attempt
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 310010
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: directory.php arbitrary command attempt
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
replaceNulls
urlDecodeUni
Log Types:
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: directory.php arbitrary command attempt
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 310045
Alert message: Atomicorp.com WAF Rules - Virtual Just In Time Patch: DNSTools administrator authentication bypass attempt
Rule Class: Generic Attack Ruleset (99_asl_jitp.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
replaceNulls
urlDecodeUni
Log Types:
Description:
Atomicorp.com WAF Rules - Virtual Just In Time Patch: DNSTools administrator authentication bypass attempt
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rule