| 800114 |
Known-CVEs |
Attempted Apache Struts file upload exploitation - CVE-2023-50164 |
Log |
Enabled |
| 800115 |
Known-CVEs |
Attempted React2Shell remote code execution exploitation (CVE-2025-55182) |
AnomalyScoring |
Enabled |
| 920121 |
REQUEST-920-PROTOCOL-ENFORCEMENT |
Attempted multipart/form-data bypass |
AnomalyScoring |
Enabled |
| 920171 |
REQUEST-920-PROTOCOL-ENFORCEMENT |
GET or HEAD Request with Transfer-Encoding. |
AnomalyScoring |
Enabled |
| 920341 |
REQUEST-920-PROTOCOL-ENFORCEMENT |
Request containing content requires Content-Type header |
AnomalyScoring |
Enabled |
| 920470 |
REQUEST-920-PROTOCOL-ENFORCEMENT |
Illegal Content-Type header |
AnomalyScoring |
Enabled |
| 920480 |
REQUEST-920-PROTOCOL-ENFORCEMENT |
Restrict charset parameter within the content-type header |
AnomalyScoring |
Enabled |
| 932106 |
REQUEST-932-APPLICATION-ATTACK-RCE |
Remote Command Execution: Unix Command Injection |
AnomalyScoring |
Enabled |
| 932180 |
REQUEST-932-APPLICATION-ATTACK-RCE |
Restricted File Upload Attempt |
AnomalyScoring |
Enabled |
| 932190 |
REQUEST-932-APPLICATION-ATTACK-RCE |
Remote Command Execution: Wildcard bypass technique attempt |
AnomalyScoring |
Enabled |
| 933190 |
REQUEST-933-APPLICATION-ATTACK-PHP |
PHP Injection Attack: PHP Closing Tag Found |
AnomalyScoring |
Enabled |
| 941101 |
REQUEST-941-APPLICATION-ATTACK-XSS |
XSS Attack Detected via libinjection. |
AnomalyScoring |
Enabled |
| 942361 |
REQUEST-942-APPLICATION-ATTACK-SQLI |
Detects basic SQL injection based on keyword alter or union |
AnomalyScoring |
Enabled |
| 942470 |
REQUEST-942-APPLICATION-ATTACK-SQLI |
SQL Injection Attack |
AnomalyScoring |
Enabled |
| 942480 |
REQUEST-942-APPLICATION-ATTACK-SQLI |
SQL Injection Attack |
AnomalyScoring |
Enabled |
| 942490 |
REQUEST-942-APPLICATION-ATTACK-SQLI |
Detects classic SQL injection probings 3/3 |
AnomalyScoring |
Enabled |
| 944100 |
REQUEST-944-APPLICATION-ATTACK-JAVA |
Remote Command Execution: Apache Struts, Oracle WebLogic |
AnomalyScoring |
Enabled |
| 944110 |
REQUEST-944-APPLICATION-ATTACK-JAVA |
Detects potential payload execution |
AnomalyScoring |
Enabled |
| 944120 |
REQUEST-944-APPLICATION-ATTACK-JAVA |
Possible payload execution and remote command execution |
AnomalyScoring |
Enabled |
| 944130 |
REQUEST-944-APPLICATION-ATTACK-JAVA |
Suspicious Java classes |
AnomalyScoring |
Enabled |
| 944200 |
REQUEST-944-APPLICATION-ATTACK-JAVA |
Exploitation of Java deserialization Apache Commons |
AnomalyScoring |
Enabled |
| 944210 |
REQUEST-944-APPLICATION-ATTACK-JAVA |
Possible use of Java serialization |
AnomalyScoring |
Enabled |
| 944240 |
REQUEST-944-APPLICATION-ATTACK-JAVA |
Remote Command Execution: Java serialization |
AnomalyScoring |
Enabled |
| 944250 |
REQUEST-944-APPLICATION-ATTACK-JAVA |
Remote Command Execution: Suspicious Java method detected |
AnomalyScoring |
Enabled |