Changelog
Subscribe to RSS
WAF Release - 2025-02-11
Updated leaked credentials database
WAF Release - 2025-01-21
WAF Release - 2025-01-13
WAF Release - 2025-01-06
WAF Release - 2025-02-11
| Ruleset | Rule ID | Legacy Rule ID | Description | Previous Action | New Action | Comments |
|---|---|---|---|---|---|---|
| Cloudflare Managed Ruleset | 100708 | Aviatrix Network - Remote Code Execution - CVE:CVE-2024-50603 | Log | Block | This is a New Detection | |
| Cloudflare Managed Ruleset | 100709 | Next.js - Remote Code Execution - CVE:CVE-2024-46982 | Log | Disabled | This is a New Detection | |
| Cloudflare Managed Ruleset | 100710 | Progress Software WhatsUp Gold - Directory Traversal - CVE:CVE-2024-12105 | Log | Block | This is a New Detection | |
| Cloudflare Managed Ruleset | 100711 | WordPress - Remote Code Execution - CVE:CVE-2024-56064 | Log | Block | This is a New Detection | |
| Cloudflare Managed Ruleset | 100712 | WordPress - Remote Code Execution - CVE:CVE-2024-9047 | Log | Block | This is a New Detection | |
| Cloudflare Managed Ruleset | 100713 | FortiOS - Auth Bypass - CVE:CVE-2022-40684 | Log | Block | This is a New Detection |
Updated leaked credentials database
Added new records to the leaked credentials database from a third-party database.
WAF Release - 2025-01-21
| Ruleset | Rule ID | Legacy Rule ID | Description | Previous Action | New Action | Comments |
|---|---|---|---|---|---|---|
| Cloudflare Managed Ruleset | 100303 | Command Injection - Nslookup | Log | Block | This was released as | |
| Cloudflare Managed Ruleset | 100534 | Web Shell Activity | Log | Block | This was released as |
WAF Release - 2025-01-13
| Ruleset | Rule ID | Legacy Rule ID | Description | Previous Action | New Action | Comments |
|---|---|---|---|---|---|---|
| Cloudflare Managed Ruleset | 100704 | Cleo Harmony - Auth Bypass - CVE:CVE-2024-55956, CVE:CVE-2024-55953 | Log | Block | New Detection | |
| Cloudflare Managed Ruleset | 100705 | Sentry - SSRF | Log | Block | New Detection | |
| Cloudflare Managed Ruleset | 100706 | Apache Struts - Remote Code Execution - CVE:CVE-2024-53677 | Log | Block | New Detection | |
| Cloudflare Managed Ruleset | 100707 | FortiWLM - Remote Code Execution - CVE:CVE-2023-48782, CVE:CVE-2023-34993, CVE:CVE-2023-34990 | Log | Block | New Detection | |
| Cloudflare Managed Ruleset | 100007C_BETA | Command Injection - Common Attack Commands | Disabled |
WAF Release - 2025-01-06
| Ruleset | Rule ID | Legacy Rule ID | Description | Previous Action | New Action | Comments |
|---|---|---|---|---|---|---|
| Cloudflare Specials | 100678 | Pandora FMS - Remote Code Execution - CVE:CVE-2024-11320 | Log | Block | New Detection | |
| Cloudflare Specials | 100679 | Palo Alto Networks - Remote Code Execution - CVE:CVE-2024-0012, CVE:CVE-2024-9474 | Log | Block | New Detection | |
| Cloudflare Specials | 100680 | Ivanti - Command Injection - CVE:CVE-2024-37397 | Log | Block | New Detection | |
| Cloudflare Specials | 100681 | Really Simple Security - Auth Bypass - CVE:CVE-2024-10924 | Log | Block | New Detection | |
| Cloudflare Specials | 100682 | Magento - XXE - CVE:CVE-2024-34102 | Log | Block | New Detection | |
| Cloudflare Specials | 100683 | CyberPanel - Remote Code Execution - CVE:CVE-2024-51567 | Log | Block | New Detection | |
| Cloudflare Specials | 100684 | Microsoft SharePoint - Remote Code Execution - CVE:CVE-2024-38094, CVE:CVE-2024-38024, CVE:CVE-2024-38023 | Log | Block | New Detection | |
| Cloudflare Specials | 100685 | CyberPanel - Remote Code Execution - CVE:CVE-2024-51568 | Log | Block | New Detection | |
| Cloudflare Specials | 100686 | Seeyon - Remote Code Execution | Log | Block | New Detection | |
| Cloudflare Specials | 100687 | WordPress - Remote Code Execution - CVE:CVE-2024-10781, CVE:CVE-2024-10542 | Log | Block | New Detection | |
| Cloudflare Specials | 100688 | ProjectSend - Remote Code Execution - CVE:CVE-2024-11680 | Log | Block | New Detection | |
| Cloudflare Specials | 100689 | Palo Alto GlobalProtect - Remote Code Execution - CVE:CVE-2024-5921 | Log | Block | New Detection | |
| Cloudflare Specials | 100690 | Ivanti - Remote Code Execution - CVE:CVE-2024-37404 | Log | Block | New Detection | |
| Cloudflare Specials | 100691 | Array Networks - Remote Code Execution - CVE:CVE-2023-28461 | Log | Block | New Detection | |
| Cloudflare Specials | 100692 | CyberPanel - Remote Code Execution - CVE:CVE-2024-51378 | Log | Block | New Detection | |
| Cloudflare Specials | 100693 | Symfony Profiler - Auth Bypass - CVE:CVE-2024-50340 | Log | Block | New Detection | |
| Cloudflare Specials | 100694 | Citrix Virtual Apps - Remote Code Execution - CVE:CVE-2024-8069 | Log | Block | New Detection | |
| Cloudflare Specials | 100695 | MSMQ Service - Remote Code Execution - CVE:CVE-2023-21554 | Log | Block | New Detection | |
| Cloudflare Specials | 100696 | Nginxui - Remote Code Execution - CVE:CVE-2024-49368 | Log | Block | New Detection | |
| Cloudflare Specials | 100697 | Apache ShardingSphere - Remote Code Execution - CVE:CVE-2022-22733 | Log | Block | New Detection | |
| Cloudflare Specials | 100698 | Mitel MiCollab - Auth Bypass - CVE:CVE-2024-41713 | Log | Block | New Detection | |
| Cloudflare Specials | 100699 | Apache Solr - Auth Bypass - CVE:CVE-2024-45216 | Log | Block | New Detection |