Skip to content

App Gateway - OWASP Changelog: 3.0 → 3.1

Generated: 05 July 2026 | Base: 3.0 | Target: 3.1

Summary: 24 added · 1 removed · 1 changed

Added Rules

Rule ID Rule Group Name Description Action State
800114 Known-CVEs Attempted Apache Struts file upload exploitation - CVE-2023-50164 Log Enabled
800115 Known-CVEs Attempted React2Shell remote code execution exploitation (CVE-2025-55182) AnomalyScoring Enabled
920121 REQUEST-920-PROTOCOL-ENFORCEMENT Attempted multipart/form-data bypass AnomalyScoring Enabled
920171 REQUEST-920-PROTOCOL-ENFORCEMENT GET or HEAD Request with Transfer-Encoding. AnomalyScoring Enabled
920341 REQUEST-920-PROTOCOL-ENFORCEMENT Request containing content requires Content-Type header AnomalyScoring Enabled
920470 REQUEST-920-PROTOCOL-ENFORCEMENT Illegal Content-Type header AnomalyScoring Enabled
920480 REQUEST-920-PROTOCOL-ENFORCEMENT Restrict charset parameter within the content-type header AnomalyScoring Enabled
932106 REQUEST-932-APPLICATION-ATTACK-RCE Remote Command Execution: Unix Command Injection AnomalyScoring Enabled
932180 REQUEST-932-APPLICATION-ATTACK-RCE Restricted File Upload Attempt AnomalyScoring Enabled
932190 REQUEST-932-APPLICATION-ATTACK-RCE Remote Command Execution: Wildcard bypass technique attempt AnomalyScoring Enabled
933190 REQUEST-933-APPLICATION-ATTACK-PHP PHP Injection Attack: PHP Closing Tag Found AnomalyScoring Enabled
941101 REQUEST-941-APPLICATION-ATTACK-XSS XSS Attack Detected via libinjection. AnomalyScoring Enabled
942361 REQUEST-942-APPLICATION-ATTACK-SQLI Detects basic SQL injection based on keyword alter or union AnomalyScoring Enabled
942470 REQUEST-942-APPLICATION-ATTACK-SQLI SQL Injection Attack AnomalyScoring Enabled
942480 REQUEST-942-APPLICATION-ATTACK-SQLI SQL Injection Attack AnomalyScoring Enabled
942490 REQUEST-942-APPLICATION-ATTACK-SQLI Detects classic SQL injection probings 3/3 AnomalyScoring Enabled
944100 REQUEST-944-APPLICATION-ATTACK-JAVA Remote Command Execution: Apache Struts, Oracle WebLogic AnomalyScoring Enabled
944110 REQUEST-944-APPLICATION-ATTACK-JAVA Detects potential payload execution AnomalyScoring Enabled
944120 REQUEST-944-APPLICATION-ATTACK-JAVA Possible payload execution and remote command execution AnomalyScoring Enabled
944130 REQUEST-944-APPLICATION-ATTACK-JAVA Suspicious Java classes AnomalyScoring Enabled
944200 REQUEST-944-APPLICATION-ATTACK-JAVA Exploitation of Java deserialization Apache Commons AnomalyScoring Enabled
944210 REQUEST-944-APPLICATION-ATTACK-JAVA Possible use of Java serialization AnomalyScoring Enabled
944240 REQUEST-944-APPLICATION-ATTACK-JAVA Remote Command Execution: Java serialization AnomalyScoring Enabled
944250 REQUEST-944-APPLICATION-ATTACK-JAVA Remote Command Execution: Suspicious Java method detected AnomalyScoring Enabled

Removed Rules

Rule ID Rule Group Name Description Action State
921100 REQUEST-921-PROTOCOL-ATTACK HTTP Request Smuggling Attack. AnomalyScoring Enabled

Changed Rules

Rule ID Rule Group Field Before After
932130 REQUEST-932-APPLICATION-ATTACK-RCE Description Remote Command Execution: Unix Shell Expression Found Remote Command Execution: Unix Shell Expression or Confluence Vulnerability (CVE-2022-26134) Found