Oracle Cloud Infrastructure Documentation

Supported Protection Rules

The Oracle Cloud Infrastructure WAF service supports many protection rule types. The following list provides a brief explanation of the purpose of each protection rule type.

Protection Rules

Rule ID/Key

Name

Description

90001 Filter Profanity

Detects profanity used in request headers and body.

90002 United States Social Security Number Leakage

Detects leakage of US SSN in response body and headers.

90004 Executable File Upload Attempt

Detects attempts to upload executable files though input forms.

90005 Brazilian Social Security Number (CPF) Leakage Detects leakage of Brazilian CPF in response body and headers
90006 Credit Card Leakage in Request: GSA SmartPay Detects GSA SmartPay credit card numbers in user input.
90007 Credit Card Leakage in Request: MasterCard Detects MasterCard credit card numbers in user input.
90008 Credit Card Leakage in Request: Visa Detects Visa credit card numbers in user input.
90009 Credit Card Leakage in Request: American Express Detects American Express credit card numbers in user input.
90010 Credit Card Leakage in Request: Diners Club Detects Diners Club credit card numbers in user input.
90011 Credit Card Leakage in Request: enRoute Detects enRoute credit card numbers in user input.
90012 Credit Card Leakage in Request: Discover Detects Discover credit card numbers in user input.
90013 Credit Card Leakage in Request: JCB Detects JCB credit card numbers in user input.
90014 Credit Card Leakage in Request: GSA SmartPay Detects GSA SmartPay credit card numbers sent from site to user.
90015 Credit Card Leakage in Request: MasterCard Detects MasterCard credit card numbers sent from site to user.
90016 Credit Card Leakage in Request: Visa Detects Visa credit card numbers sent from site to user.
90017 Credit Card Leakage in Request: American Express Detects American Express credit card numbers sent from site to user.
90018 Credit Card Leakage in Request: Diners Club Detects Diners Club credit card numbers sent from site to user.
90019 Credit Card Leakage in Request: enRoute Detects enRoute credit card numbers sent from site to user.
90020 Credit Card Leakage in Request: Discover Detects Discover credit card numbers sent from site to user.
90021 Credit Card Leakage in Request: JCB Detects JCB credit card numbers sent from site to user.
90022 Credit Card Track 1 Data Leakage Detects credit card track 1 data in the response body.
90023 Credit Card Track 2 Data Leakage Detects credit card track 2 data in the response body.
90024 Credit Card PAN Leakage Detects credit card primary account number in the response body.
90025 visitorTracker_isMob Malware Detection Detects and/or blocks visitorTracker_isMob malware.
120123 Joomla! Core CVE-2015-8562 Remote Code Execution Vulnerability Prevention Detects Joomla! Core CVE-2015-8562 Remote Code Execution Vulnerability payload.
120133 Canadian Social Identification Number (SIN) Leakage Detects leakage of Canadian SIN in response body and headers.
900032 HTTP Parameter Pollution (HPP) Detection Detects requests that have multiple arguments with the same name indicative of an HPP attack.
911100 Restrict HTTP Request Methods Allows only request methods specified by the configurable "Allowed http methods" parameter.
920100 Invalid HTTP Request Line Detects an invalid HTTP request line.
920280 Missing/Empty Host Header Detects a missing/empty host header.
920350 Invalid HTTP Request Line Detects invalid HTTP request lines.
941100 Cross-Site Scripting (XSS) Attempt: Libinjection - XSS Detection Detects XSS Libinjection attempt.
941101 Cross-Site Scripting (XSS) Attempt: SS Attack Detected via libinjection Detects an SS attack via libinjection.
941110 Cross-Site Scripting (XSS) Attempt: XSS Filters - Category 1

Detects script tag-based XSS vectors, for example, <script> alert(1)</script>.

941120 Cross-Site Scripting (XSS) Attempt: XSS Filters - Category 2

Detects XSS vectors making use of event handlers like onerror, onload etc., for example, <body onload="alert(1)">.

941130 Cross-Site Scripting (XSS) Attempt: XSS Filters - Category 3 Detects XSS vectors making use of attribute vectors.
941140 Cross-Site Scripting (XSS) Attempt: XSS Filters - Category 4

Detects XSS vectors making use of javascript URI and tags, for example, <p style="background:url(javascript:alert(1))">.

941150 Cross-Site Scripting (XSS) Attempt: XSS Filters - Category 5 Detects HTML attributes - src, style, and href.
941160 Cross-Site Scripting (XSS) Attempt: NoScript XSS Filters Detects NoScript InjectionChecker: HTML Injection.
941170 Cross-Site Scripting (XSS) Attempt: NoScript XSS Filters Detects NoScript InjectionChecker: Attributes injection.
941180 Cross-Site Scripting (XSS) Attempt: Blacklist Keywords from Node-Validator Detects Blacklist Keywords from Node-Validator.
941190 Cross-Site Scripting (XSS) Attempt: XSS Filters from Internet Explorer Detects XSS Filters from IE.
941200 Cross-Site Scripting (XSS) Attempt: XSS Filters from Internet Explorer Detects XSS Filters from IE.
941210 Cross-Site Scripting (XSS) Attempt: XSS Filters from Internet Explorer Detects XSS Filters from IE.
941220 Cross-Site Scripting (XSS) Attempt: XSS Filters from Internet Explorer Detects XSS Filters from IE.
941230 Cross-Site Scripting (XSS) Attempt: XSS Filters from Internet Explorer Detects XSS Filters from IE.
941240 Cross-Site Scripting (XSS) Attempt: XSS Filters from Internet Explorer Detects XSS Filters from IE.
941250 Cross-Site Scripting (XSS) Attempt: XSS Filters from Internet Explorer Detects XSS Filters from IE.
941260 Cross-Site Scripting (XSS) Attempt: XSS Filters from Internet Explorer Detects XSS Filters from IE.
941270 Cross-Site Scripting (XSS) Attempt: XSS Filters from Internet Explorer Detects XSS Filters from IE.
941280 Cross-Site Scripting (XSS) Attempt: XSS Filters from Internet Explorer Detects XSS Filters from IE.
941300 Cross-Site Scripting (XSS) Attempt: XSS Filters from Internet Explorer Detects XSS Filters from IE.
941310

Cross-Site Scripting (XSS) Attempt: US-ASCII encoding bypass listed on XSS filter evasion

Cross-Site Scripting (XSS) Attempt: US-ASCII encoding bypass listed on XSS filter evasion

941320 Cross-Site Scripting (XSS) Attempt: HTML Tag Handler Cross-Site Scripting (XSS) Attempt: HTML Tag Handler
941330 Cross-Site Scripting (XSS) Attempt: XSS Filters from Internet Explorer Detects XSS Filters from IE.
941340 Cross-Site Scripting (XSS) Attempt: XSS Filters from Internet Explorer Detects XSS Filters from IE.
941350 Cross-Site Scripting (XSS) Attempt: UTF-7 encoding XSS filter evasion for IE Cross-Site Scripting (XSS) Attempt: UTF-7 encoding XSS filter evasion for IE.
950002 Common System Command Access Attempt Detects access attempts to common system commands, such as map, telnet, ftp, rcms, cmd.
950005 Common System Files Access Attempt Detects access attempts to common system files, such as access, passwd, groupm global.asa, httpd.conf, boot.ini, /etc.
950006 Injection for Common System Commands Detects injections for common system commands such as telnet, map, blocalgroup, ftp, rcmd, echo, cmd, chmod, passwd, mail.
950007 Blind SQL Injection Detects common blind SQL injection attacks.
950009 Session Fixation

Detects Session Fixation, an attack technique that forces a user's session ID to an explicit value. Depending on the functionality of the target website, several techniques can be utilized to "fix" the session ID value. These techniques range from Cross-site Scripting exploits to peppering the website with previously made HTTP requests. After a user's session ID has been fixed, the attacker will wait for that user to log in. Once the user does so, the attacker uses the predefined session ID value to assume the same online identity.

950010 LDAP Injection Detects common LDAP data constructions injections.
950011 SSI Injection Detects common Server-Side-Include format data injections.
950012 HTTP Request Smuggling

Detects specially crafted requests that under certain circumstances could be seen by the attacked entities as two different sets of requests. This allows certain requests to be smuggled through to a second entity without the first one realizing it.

950018 UPDF XSS Injection Detects submitted links that contains the # fragment in a query_string.
950019 Email Injection

Detects mail command injections targeting mail servers and webmail applications that construct IMAP/SMTP statements from user-supplied input that is not properly sanitized.

950103 Path/Directory Traversal Detects path traversal attempts, also known as directory traversal or "../" attacks.
950107 URL Encodings Validation Detects URL encoding inconsistencies, encoding abuse, and invalid formatting.
950110 Trojan, Backdoor, and Webshell Access Attempts Detects when an attacker attempts to access trojan, backdoor, or webshell web page.
950116 Unicode Encoding/Decoding Validation blocks full-width Unicode encoding as decoding evasions could be possible.
950117 URL Contains an IP Address Detects a common RFI attack, when a URL contains an IP address.
950118 PHP Include() Function Detects a common RFI php include() function attacks.
950119 Data Ends with Question Mark(s) (?) Detects a common RFI attack, when data ends with question mark(s) (?).
950120 Host Doesn't Match Localhost Detects a common RFI attack, when host doesn't match localhost.
950801 UTF Encoding Validation Detects UTF encoding inconsistencies and invalid formatting.
950907 OS Command Injection

Detects OS command injection in an application to elevate privileges, execute arbitrary commands, compromise the underlying operating system and install malicious toolkits such as those to participate in botnet attacks.

950910 HTTP Response Splitting

Detects Carriage Return + Linefeed characters in the response header that could cause attacked entities to interpret it as two separate responses instead of one.

958000 Addimport XSS Attack Detects usage of addimport in request, cookies, or arguments.
958001 document Cookie XSS Attack Detects usage of document.cookie in request, cookies, or arguments.
958002 execscript XSS Attack Detects usage of execscript in request, cookies, or arguments.
958003 fromcharcode XSS Attack Detects usage of fromcharcode in request, cookies, or arguments.
958004 innerhtml XSS Attack Detects usage of innerhtml in request, cookies, or arguments.
958005 cdata XSS Attack Detects usage of cdata in request, cookies, or arguments.
958006 body background XSS Attack Detects usage of <body background in request, cookies, or arguments.
958007 onload XSS Attack Detects usage of onload in request, cookies, or arguments.
958008 input type image XSS Attack Detects usage of <input type image in request, cookies, or arguments.
958009 import XSS Attack Detects usage of import in request, cookies, or arguments.
958010 activexobject XSS Attack Detects usage of activexobject in request, cookies, or arguments.
958011 background-image: XSS Attack Detects usage of background-image: in request, cookies, or arguments.
958012 copyparentfolder XSS Attack Detects usage of copyparentfolder in request, cookies, or arguments.
958013 createtextrange XSS Attack Detects usage of createtextrange in request, cookies, or arguments.
958016 getparentfolder XSS Attack Detects usage of getparentfolder in request, cookies, or arguments.
958017 getspecialfolder XSS Attack Detects usage of getspecialfolder in request, cookies, or arguments.
958018 href javascript: XSS Attack Detects usage of href javascript: in request, cookies, or arguments.
958019 href schell XSS Attack Detects usage of href schell in request, cookies, or arguments.
958020 href vbscript: XSS Attack Detects usage of href vbscript: in request, cookies, or arguments.
958022 livescript: XSS Attack Detects usage of livescript: in request, cookies, or arguments.
958023 lowsrc javascript: XSS Attack Detects usage of lowsrc javascript: in request, cookies, or arguments.
958024 lowsrc shell XSS Attack Detects usage of lowsrc shell in request, cookies, or arguments.
958025 lowsrc vbscript XSS Attack Detects usage of lowsrc vbscript in request, cookies, or arguments.
958026 mocha: XSS Attack Detects usage of mocha: in request, cookies, or arguments.
958027 onabort XSS Attack Detects usage of onabort in request, cookies, or arguments.
958028 settimeout XSS Attack Detects usage of settimeout in request, cookies, or arguments.
958030 src http: XSS Attack Detects usage of src http: in request, cookies, or arguments.
958031 javascript: XSS Attack Detects usage of javascript: in request, cookies, or arguments.
958032 src and shell XSS Attack Detects usage of src and shell in request, cookies, or arguments.
958033 vbscript: XSS Attack Detects usage of vbscript: in request, cookies, or arguments.
958034 style bexpression XSS Attack Detects usage of style bexpression in request, cookies, or arguments.
958036 type application x-javascript XSS Attack Detects usage of type application x-javascript in request, cookies, or arguments.
958037 type application x-vbscript XSS Attack Detects usage of type application x-vbscript in request, cookies, or arguments.
958038 type text ecmascript XSS Attack Detects usage of type text ecmascript in request, cookies, or arguments.
958039 type text javascript XSS Attack Detects usage of type text javascript in request, cookies, or arguments.
958040 type text jscript XSS Attack Detects usage of type text jscript in request, cookies, or arguments.
958041 type text vbscript XSS Attack Detects usage of type text vbscript in request, cookies, or arguments.
958045 url javascript: XSS Attack Detects usage of url javascript: in request, cookies, or arguments.
958046 url shell XSS Attack Detects usage of <url shell in request, cookies, or arguments.
958047 url vbscript: XSS Attack Detects usage of url vbscript: in request, cookies, or arguments.
958049 ?meta XSS Attack Detects usage of ?meta in request, cookies, or arguments.
958051 ?script XSS Attack Detects usage of < ?script in request, cookies, or arguments.
958052 alert XSS Attack Detects usage of alert in request, cookies, or arguments.
958054 lowsrc and http: XSS Attack Detects usage of lowsrc and http: in request, cookies, or arguments.
958056 iframe src XSS Attack Detects usage of iframe src in request, cookies, or arguments.
958057 ?iframe XSS Attack Detects usage of ?iframe in request, cookies, or arguments.
958059 asfunction: XSS Attack Detects usage of asfunction: in request, cookies, or arguments.
958291 Range Header Validation Detects range header inconsistencies and invalid formatting.
958295 Connection Header Validation Detects connection header inconsistencies and invalid formatting.
958404 onerror XSS Attack Detects usage of onerror in request, cookies, or arguments.
958405 onblur XSS Attack Detects usage of onblur in request, cookies, or arguments.
958406 onchange XSS Attack Detects usage of onchange in request, cookies, or arguments.
958407 onclick XSS Attack Detects usage of onclick in request, cookies, or arguments.
958408 ondragdrop XSS Attack Detects usage of ondragdrop in request, cookies, or arguments.
958409 onfocus XSS Attack Detects usage of onfocus in request, cookies, or arguments.
958410 onkeydown XSS Attack Detects usage of onkeydown in request, cookies, or arguments.
958411 onkeypress XSS Attack Detects usage of onkeypress in request, cookies, or arguments.
958412 onkeyup XSS Attack Detects usage of onkeyup in request, cookies, or arguments.
958413 onload XSS Attack Detects usage of onload in request, cookies, or arguments.
958414 onmousedown XSS Attack Detects usage of onmousedown in request, cookies, or arguments.
958415 onmousemove XSS Attack Detects usage of onmousemove in request, cookies, or arguments.
958416 bonmouseout XSS Attack Detects usage of bonmouseout in request, cookies, or arguments.
958417 bonmouseover XSS Attack Detects usage of bonmouseover in request, cookies, or arguments.
958418 onmouseup XSS Attack Detects usage of onmouseup in request, cookies, or arguments.
958419 onmove XSS Attack Detects usage of onmove in request, cookies, or arguments.
958420 onresize XSS Attack Detects usage of onresize in request, cookies, or arguments.
958421 onselect XSS Attack Detects usage of onselect in request, cookies, or arguments.
958422 onsubmit XSS Attack Detects usage of onsubmit in request, cookies, or arguments.
958423 onunload XSS Attack Detects usage of onunload in request, cookies, or arguments.
959151 php Code Injection Detects a common injections attack, when request contain any php code e.g. "<\?>".
960000 File Name Validation Detects multipart/form-data file name evasion attempts.
960007 Missing Host Header Detects missing request host header.
960009 Missing User-Agent Header Detects missing request user-agent header.
960011 GET/HEAD Requests Validation Detects if GET/HEAD requests contain request body since it is not a common practice.
960012 Content-Length Header Validation Detects if content-length header is provided with every POST request.
960013 Require Content-Length to be provided with every HTTP/1.1 POST request that has no Transfer-Encoding header Detects HTTP/1.1 requests that do not comply with HTTP 1.1 spec by having no content-length header when transfer-encoding is also absent.
960014 URI Validation Ensures that URI and canonical server name are matching.
960015 Missing Accept Header Detects missing request accept header.
960016 Content-Length Header Validation Detects if content-length HTTP header is not numeric.
960017 Host Header Is IP Address

Detects if host header is a numeric IP address as it could be indicative of automated client access.

960020 Pragma Header Validation

Ensures that pragma, cache-control headers and HTTP protocol version supplied by the client are matching.

960022 Expect Header Validation

Ensures that expect header and HTTP protocol version supplied by the client are matching.

960024 Repetitive Non-Word Chars

Attempts to identify when 4 or more non-word characters are repeated in sequence.

960208 Values Limits

Detects HTTP requests with value length exceeding the configurable "Max length of argument" parameter.

960209 Arguments Limits Detects HTTP requests with argument name length exceeding the 100 symbols.
960335 Number of Arguments Limits

Detects HTTP requests with number of arguments exceeding the configurable "Max amount of arguments" value.

960341 Total Arguments Limits

Detects HTTP requests with total length of all arguments exceeding the configurable "Max total argument length" parameter.

960901 Character Set Validation Ensures that only a specific character set(s) is used.
960902 Content-Encoding Header Validation Ensures that identity is not specified in content-encoding header.
960904 Missing Content-Type Header

Detects missing content-type header or if combination of content-length and content-type headers is invalid.

960911 Request Line Format Validation Against the HTTP RFC

Uses rule negation against the regex for positive security. The regex specifies the proper construction of URI request lines such as: "http:" "//" host [ ":" port ] [ abs_path [ "?" query ]]. It also outlines proper construction for CONNECT, OPTIONS, and GET requests.

960912 Malformed request bodies Checks for request body parsing errors.
960914 Strict Multipart Parsing Checks

Uses strict checks for what is accepted in the multipart/form-data request body. If the rule proves to be too strict for your environment consider changing it to Off.

960915 Multipart Unmatched Boundary Check Checks for signs of evasions during file upload requests.
970002 Statistics Pages Information Leakage Detects statistics pages information leakage.
970003 SQL Errors Information Leakage Detects SQL errors information leakage.
970004 IIS Errors Information Leakage Detects IIS errors information leakage.
970007 Zope Information Leakage Detects Zope information leakage.
970008 ColdFusion Information Leakage Detects ColdFusion information leakage.
970009 PHP Information Leakage Detects PHP information leakage.
970010 ISA Server Existence Revealed Detects if ISA server existence is revealed.
970011 File and/or Directory Names Leakage Detects file and/or directory names leakage.
970012 MS Office Document Properties Leakage Detects MS Office document properties leakage.
970013 Directory Listing Information Leakage Detects directory listing information leakage.
970014 ASP/JSP Source Code Leakage Detects ASP/JSP source code leakage.
970015 PHP Source Code Leakage Detects PHP source code leakage.
970016 ColdFusion Source Code Leakage Detects ColdFusion source code leakage.
970018 IIS Default Location Revealed Detects if IIS default location is revealed.
970021 Weblogic Information Leakage Detects Weblogic information leakage.
970118 Microsoft OLE DB Provider Error Page Leakage Detects Microsoft OLE DB Provider for SQL Server error page.
970901 5XX Status Code Information Leakage

Detects if an application generates 500-level status code. For example, 500 Internal Server Error, 501 Not Implemented...505 HTTP Version Not Supported.

973300 Common Direct HTML Injection Detects tags that are the most common direct HTML injection points.
973306 Embedded JavaScript in Style Attribute Detects embedded JavaScript in style attribute.
973307 Embedded Scripts Within JavaScript Fragments

Detects common JavaScript fragments like fromcharcode, alert, eval that can be used for attacks.

973309 CSS Fragments Attacks

Detects common CSS fragments attacks like <div style="background-image: url(javascript:...)"> or <img style="x:expression(document.write(1))">.

973310 Embedded Scripts Within Alert Fragments Detects attacks like alert('xss'), alert("xss"), alert(/xss/).
973311 String.fromCharCode(88,83,83) attacks Detects String.fromCharCode(88,83,83) attacks.
973312 '';!--"<XSS>=&{()} Attacks Detects '';!--"<XSS>=&{()} attacks.
973313 &{alert('xss')} Attacks Detects &{alert('xss')} attacks.
973314 Doctype Entity Inject Detects Doctype Entity inject attacks.
973331 Internet Explorer XSS Filters Detects common IE XSS attacks.
973336 Embedding Scripts Within Scripts

Detects script tag-based XSS vectors. For example, <script> alert(1)</script>.

973337 Embedded Scripts Within Event Handlers

Detects event handler based XSS vectors. For example, <body onload="alert(1)">.

973338 Embedded Scripts Within URI Schemes

Detects "data", "javascript", "src" or other URI schemes/attributes based XSS vectors. For example, <p style="background:url(javascript:alert(1))">.

981004 Potential Obfuscated Javascript, fromCharCode Detects excessive fromCharCode JavaScript in output.
981005 Potential Obfuscated Javascript, Eval+Unescape Detects potential Eval+Unescape in response.
981006 Potential Obfuscated Javascript, Unescape Detects potential Unescape in response.
981007 Potential Obfuscated Javascript, Heap Spray Detects potential Heap Spray in response.
981136 Generic XSS Attacks

Detects common XSS attacks embedded within non-script elements. For example, jscript onsubmit copyparentfolder document javascript meta onchange onmove onkeydown onkeyup activexobject onerror onmouseup ecmascript bexpression onmouseover vbscript.

981172 SQL Character Anomaly Scoring

Attempts to gauge when there is an excessive use of meta-characters within a single parameter payload.

981177 IFrame Injection

Detects iframe injections that could execute malicious code to steal data, redirect to malware infected sites, load malware, etc.

981227 Request URI Validation Detects invalid URI in request.
981242 –°lassic SQL Injection Probings Detects classic SQL injection probings.
981244 SQL Authentication Bypass Attempts Detects basic SQL authentication bypass attempts.
981245 SQL Authentication Bypass Attempts Detects basic SQL authentication bypass attempts.
981246 SQL Authentication Bypass Attempts Detects basic SQL authentication bypass attempts.
981272 SQL Injection Using sleep() or benchmark()

Detects blind SQL injection tests using sleep() or benchmark() functions.

981300 SQL Keyword Anomaly Scoring Detects common SQL keywords anomalies.
981318 String Termination/Statement Ending Identifies common initial SQLi probing requests where attackers insert/append quote characters to the existing normal payload to see how the app/db responds.
1000000 Shellshock Exploit Attempt

Detects the ability to unintentionally execute commands in Bash (CVE-2014-6271).

2017100

Apache Struts 2 Multipart Parser CVE-2017-5638 Remote Code Execution Vulnerability Prevention

Detects Apache Jakarta CVE-2017-5638 Remote Code Execution Vulnerability Payload.

2018100 CVE-2018-6389 WordPress Parameter Resource Consumption Remote DoS

Detects WordPress parameter resource consumption remote DoS on jquery-ui-core

.
2100019 /_layouts/scriptresx.ashx sections Parameter XSS

Detects Microsoft SharePoint /_layouts/scriptresx.ashx sections parameter XSS attacks.

2100023 /owssrv.dll List Parameter XSS Detects Microsoft SharePoint /owssrv.dll List Parameter XSS attacks.
2100026 _layouts/Chart/WebUI/WizardList.aspx skey Parameter XSS

Detects Microsoft SharePoint _layouts/Chart/WebUI/WizardList.aspx skey Parameter XSS attacks.

2100027 _layouts/themeweb.aspx XSS

Detects Microsoft SharePoint _layouts/themeweb.aspx ctl00$PlaceHolderMain$ctl82$customizeThemeSection$accent6 Parameter XSS attacks.

2100028 _layouts/inplview.aspx ListViewPageUrl Parameter XSS

Detects Microsoft SharePoint _layouts/inplview.aspx ListViewPageUrl Parameter XSS attacks.

2100032 owssrv.dll View Parameter XSS Detects Microsoft SharePoint owssrv.dll View Parameter XSS attacks.
2100033 NewForm.aspx TextField_spSave Parameter XSS

Detects Microsoft SharePoint NewForm.aspx TextField_spSave Parameter XSS attacks.

2100034 /Lists/Calendar/calendar.aspx CalendarDate Parameter XSS

Detects Microsoft SharePoint /Lists/Calendar/calendar.aspx CalendarDate Parameter XSS attacks.

2100035 _layouts/Picker.aspx XSS

Detects Microsoft SharePoint _layouts/Picker.aspx ctl00$PlaceHolderDialogBodySection$ctl04$hiddenSpanData Parameter XSS attacks.

2100048 _layouts/help.aspx cid0 Parameter XSS

Detects Microsoft SharePoint _layouts/help.aspx cid0 Parameter XSS attacks.

2100062 _layouts/ScriptResx.ashx name Parameter LFI Detects Microsoft SharePoint _layouts/ScriptResx.ashx name Parameter LFI attacks.
2100063 _layouts/OSSSearchResults.aspx k Parameter XSS

Detects Microsoft SharePoint _layouts/OSSSearchResults.aspx k Parameter XSS attacks.

2100069 wiki pages multiple Parameter XSS Detects Microsoft SharePoint wiki pages multiple Parameter XSS (CVE-2013-3180) attacks.
2100070 /Lists/Links/AllItems.aspx XSS

Detects Microsoft SharePoint /Lists/Links/AllItems.aspx ctl00$m$g_2085a7 32_4692_4d3e_99d2_4d90ea5108d2$ctl00$ctl05$ctl00$ctl00$ctl00$ctl04$ctl00$ctl00$UrlFieldUrl Parameter XSS attacks.

2100082 Drupal - pre-auth SQL Injection Vulnerability

Detects Drupal pre-auth SQL injection vulnerability. A malicious user can inject arbitrary SQL queries and thereby control the complete Drupal site. This leads to a code execution as well. Drupal 7.32 fixed this bug.

2100083 Gerber WebPDM XSS Vulnerability

Detects cross-site scripting vulnerability in Gerber WebPDM Product Data Management System.

2100084 Gerber WebPDM SQL Injection Vulnerability Detects SQL Injection Vulnerability in Gerber WebPDM Product Data Management System.
2100085 High X-SharePointHealthScore

Detects Microsoft SharePoint High X-SharePointHealthScore - potential DoS attack/availability risk.

2100086 Response Header Found Detects Microsoft SharePoint SharePointError Response Header Found.
2100087 x-virus-infected Response Header Found Detects x-virus-infected Response Header Found.
2100088 Rights Management (IRM) Error Response Header Found

Detects Microsoft SharePoint Information Rights Management (IRM) Error Response Header Found.

2100089 /_layouts/mobile/editform.aspx XSS

Detects Microsoft SharePoint /_layouts/mobile/editform.aspx XSS attacks.

2100090 Microsoft OWA X-OWA-Error Response Header Found Detects Microsoft OWA X-OWA-Error Response Header Found.
2200924 IRC Botnet Attacks Detects common IRC Botnet attack commands.
2200925 Detects HOIC DoS Tool Requests Detects HOIC DoS tool requests.
2250117 Common RFI Attacks Detects common types of Remote File Inclusion (RFI) attacks.
2250120 Local File Inclusion Attacks

Detects common local file inclusion attacks like my $dir = "../../../../../../../../../../../../../"; or "http://".$site.$bug.$dir."/proc/self/environ%0000";.

2250121 Local File Inclusion ENV Attack in User-Agent Detects Local File Inclusion ENV Attack in User-Agent
2250122 PHP Injection Attack

Detects common php injection attacks like "send-contactus=1&author_name=[php]eval(base64_decode('".$code."'))%3Bdie%28%29%3B%5B%2Fphp%5D"

2250123 XML-RPC PHP Injection Attack

Detects common XML-RPC PHP Injections like $exploit .= "echo'j13mb0t';".$code."echo'j13mb0t';exit;/*</name></value></param></params></methodCall>";

2250125 osCommerce File Upload

Detects osCommerce file upload attacks like "http://".$site."admin/file_manager.php/login.php";.

2250126 Oscommerce File Disclosure and Admin ByPass Detects Oscommerce File Disclosure and Admin ByPass.
2250127 e107 Plugin my_gallery Exploit

Detects e107 Plugin my_gallery Exploit "http://".$site."e107_plugins/my_gallery/image.php?file=../../e107_config.php".

2250128 Opencart Remote File Upload Vulnerability Detects Opencart remote file upload vulnerability.
2250129 Zen Cart Local File Disclosure Vulnerability Detects Zen Cart local file disclosure vulnerability.
20182056 CVE-2003-1567 CVE-2004-2320 CVE-2010-0360 TRACE & CONNECT Attempts Detects TRACE method attempts.
201821375 CVE-2012-0209, Remote Execution Backdoor Attempt Against Horde Detects remote execution backdoor attempt against Horde.
201821438

CVE-2012-1723, CVE-2012-1889, CVE-2012-4681, Blackhole Exploit Kit JavaScript Carat String Splitting with Hostile Applet

Detects Blackhole exploit kit JavaScript carat string splitting with hostile applet.

201822063

CVE-2012-1823, CVE-2012-2311, CVE-2012-2335, CVE-2012-2336, PHP-CGI Remote File Include Attempt

Detects PHP-CGI remote file include attempts.
201826834

CVE-2012-4681, CVE-2012-5076, CVE-2013-2423, Sweet Orange Exploit Kit Landing Page in.php base64 uri

Detects Sweet Orange exploit kit landing page in.php base64 uri attacks.
201826947

CVE-2013-2423, DotkaChef/Rmayana/DotCache Exploit Kit Inbound Java Exploit Download

Detects DotkaChef/Rmayana/DotCache exploit kit inbound java exploit download attacks.

201826948

CVE-2013-1493, DotkaChef/Rmayana/DotCache Exploit Kit Inbound Java Exploit Download

Detects DotkaChef/Rmayana/DotCache exploit kit inbound java exploit download attacks.

201827040

CVE-2013-0422, CVE-2013-2423, Styx Exploit Kit Plugin Detection Connection Jorg

Detects Styx exploit kit plugin detection connection jorg attacks.

201841409

CVE-2017-3823, CVE-2017-6753, Cisco WebEx Explicit Use of Web Plugin

Detects Cisco WebEx explicit use of web plug-in.
201843811

CVE-2017-9812, Kaspersky Linux File Server WMC Directory Traversal Attempt

Detects Kaspersky Linux file server WMC directory traversal attempts.