From 13ff58ff9a9fbefab47c7d4029a56d5b06232bcb Mon Sep 17 00:00:00 2001 From: Vaibhav Singhal Date: Mon, 14 Jul 2025 10:29:27 -0700 Subject: [PATCH 1/3] Release-Jul-14-2025 --- .../docs/waf/change-log/2025-07-14.mdx | 71 +++++++++++++++++++ .../docs/waf/change-log/scheduled-changes.mdx | 61 ++++++++++++---- src/content/release-notes/waf.yaml | 7 +- 3 files changed, 123 insertions(+), 16 deletions(-) create mode 100644 src/content/docs/waf/change-log/2025-07-14.mdx diff --git a/src/content/docs/waf/change-log/2025-07-14.mdx b/src/content/docs/waf/change-log/2025-07-14.mdx new file mode 100644 index 000000000000000..c891c6ce47f973b --- /dev/null +++ b/src/content/docs/waf/change-log/2025-07-14.mdx @@ -0,0 +1,71 @@ +--- +title: "2025-07-14" +type: table +pcx_content_type: release-notes +sidebar: + order: 783 +tableOfContents: false +--- + +import { RuleID } from "~/components"; + +This week’s vulnerability analysis highlights emerging web application threats that exploit modern JavaScript behavior and SQL parsing ambiguities. Attackers continue to refine techniques such as attribute overloading and obfuscated logic manipulation to evade detection and compromise front-end and back-end systems. + +**Key Findings** + +- XSS – Attribute Overloading: A novel cross-site scripting technique where attackers abuse custom or non-standard HTML attributes to smuggle payloads into the DOM. These payloads evade traditional sanitization logic, especially in frameworks that loosely validate attributes or trust unknown tokens. +- XSS – onToggle Event Abuse: Exploits the lesser-used onToggle event (triggered by elements like
) to execute arbitrary JavaScript when users interact with UI elements. This vector is often overlooked by static analyzers and can be embedded in seemingly benign components. +- SQLi – Obfuscated Boolean Logic: An advanced SQL injection variant that uses non-standard Boolean expressions, comment-based obfuscation, or alternate encodings (e.g., /*!true*/, AND/**/1=1) to bypass basic input validation and WAF signatures. This technique is particularly dangerous in dynamic query construction contexts. + +**Impact** + +These vulnerabilities target both user-facing components and backend databases, introducing potential vectors for credential theft, session hijacking, or full data exfiltration. The XSS variants bypass conventional filters through overlooked HTML behaviors, while the obfuscated SQLi enables attackers to stealthily probe backend logic, making them especially difficult to detect and block + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
RulesetRule IDLegacy Rule IDDescriptionPrevious ActionNew ActionComments
Cloudflare Managed Ruleset + + 100798XSS - Attribute OverloadingLogBlockThis is a New Detection
Cloudflare Managed Ruleset + + 100799XSS - OnToggleLogBlockThis is a New Detection
Cloudflare Managed Ruleset + + 100800SQLi - Obfuscated BooleanLogBlockThis is a New Detection
\ No newline at end of file diff --git a/src/content/docs/waf/change-log/scheduled-changes.mdx b/src/content/docs/waf/change-log/scheduled-changes.mdx index fd72d381efc8f55..1ba4aeada5e6dff 100644 --- a/src/content/docs/waf/change-log/scheduled-changes.mdx +++ b/src/content/docs/waf/change-log/scheduled-changes.mdx @@ -25,36 +25,69 @@ import { RSSButton, RuleID } from "~/components"; - 2025-07-07 2025-07-14 + 2025-07-21 Log - 100798 + 100804 - + - XSS - Attribute Overloading + BerriAI - SSRF - CVE:CVE-2024-6587 This is a New Detection + + + 2025-07-14 + 2025-07-21 + Log + 100805 + + + + Wing FTP Server - Remote Code Execution - CVE:CVE-2025-47812 + This is a New Detection - 2025-07-07 - 2025-07-14 + 2025-07-14 + 2025-07-21 + Log + 100807 + + + + Infoblox NetMRI - Command Injection - CVE:CVE-2025-32813 + This is a New Detection + + + 2025-07-14 + 2025-07-21 Log - 100799 + 100808 - + - XSS - OnToggle + Citrix Netscaler ADC - Buffer Error - CVE:CVE-2025-5777 This is a New Detection - 2025-07-07 - 2025-07-14 + 2025-07-14 + 2025-07-21 + Log + 100809 + + + + Citrix Netscaler ADC - Information Disclosure - CVE:CVE-2023-4966 + This is a New Detection + + + 2025-07-14 + 2025-07-21 Log - 100800 + 100810 - + - SQLi - Obfuscated Boolean + Akamai CloudTest - XXE - CVE:CVE-2025-49493 This is a New Detection diff --git a/src/content/release-notes/waf.yaml b/src/content/release-notes/waf.yaml index f30ef88c1144194..3112371b6067a69 100644 --- a/src/content/release-notes/waf.yaml +++ b/src/content/release-notes/waf.yaml @@ -5,11 +5,14 @@ productLink: "/waf/" productArea: Application security productAreaLink: /fundamentals/reference/changelog/security/ entries: - - publish_date: "2025-07-07" - scheduled_date: "2025-07-14" + - publish_date: "2025-07-14" + scheduled_date: "2025-07-21" individual_page: true scheduled: true link: "/waf/change-log/scheduled-changes/" + - publish_date: "2025-07-14" + individual_page: true + link: "/waf/change-log/2025-07-14/" - publish_date: "2025-07-07" individual_page: true link: "/waf/change-log/2025-07-07/" From 3672ac087cd13c8e4e45722bd0a47c2860df1ba4 Mon Sep 17 00:00:00 2001 From: Pedro Sousa <680496+pedrosousa@users.noreply.github.com> Date: Mon, 14 Jul 2025 19:04:23 +0100 Subject: [PATCH 2/3] Apply suggestions from PCX review --- src/content/docs/waf/change-log/2025-07-14.mdx | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/content/docs/waf/change-log/2025-07-14.mdx b/src/content/docs/waf/change-log/2025-07-14.mdx index c891c6ce47f973b..fc05db9074d09f0 100644 --- a/src/content/docs/waf/change-log/2025-07-14.mdx +++ b/src/content/docs/waf/change-log/2025-07-14.mdx @@ -15,11 +15,11 @@ This week’s vulnerability analysis highlights emerging web application threats - XSS – Attribute Overloading: A novel cross-site scripting technique where attackers abuse custom or non-standard HTML attributes to smuggle payloads into the DOM. These payloads evade traditional sanitization logic, especially in frameworks that loosely validate attributes or trust unknown tokens. - XSS – onToggle Event Abuse: Exploits the lesser-used onToggle event (triggered by elements like
) to execute arbitrary JavaScript when users interact with UI elements. This vector is often overlooked by static analyzers and can be embedded in seemingly benign components. -- SQLi – Obfuscated Boolean Logic: An advanced SQL injection variant that uses non-standard Boolean expressions, comment-based obfuscation, or alternate encodings (e.g., /*!true*/, AND/**/1=1) to bypass basic input validation and WAF signatures. This technique is particularly dangerous in dynamic query construction contexts. +- SQLi – Obfuscated Boolean Logic: An advanced SQL injection variant that uses non-standard Boolean expressions, comment-based obfuscation, or alternate encodings (for example, `/*!true*/`, `AND/**/1=1`) to bypass basic input validation and WAF signatures. This technique is particularly dangerous in dynamic query construction contexts. **Impact** -These vulnerabilities target both user-facing components and backend databases, introducing potential vectors for credential theft, session hijacking, or full data exfiltration. The XSS variants bypass conventional filters through overlooked HTML behaviors, while the obfuscated SQLi enables attackers to stealthily probe backend logic, making them especially difficult to detect and block +These vulnerabilities target both user-facing components and back-end databases, introducing potential vectors for credential theft, session hijacking, or full data exfiltration. The XSS variants bypass conventional filters through overlooked HTML behaviors, while the obfuscated SQLi enables attackers to stealthily probe back-end logic, making them especially difficult to detect and block. From 2ca4eb4fc2347bc34df22b7762a1b5ec7afbbf9b Mon Sep 17 00:00:00 2001 From: Pedro Sousa <680496+pedrosousa@users.noreply.github.com> Date: Mon, 14 Jul 2025 19:10:38 +0100 Subject: [PATCH 3/3] Fix build --- src/content/docs/waf/change-log/2025-07-14.mdx | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/content/docs/waf/change-log/2025-07-14.mdx b/src/content/docs/waf/change-log/2025-07-14.mdx index fc05db9074d09f0..75b841739f17565 100644 --- a/src/content/docs/waf/change-log/2025-07-14.mdx +++ b/src/content/docs/waf/change-log/2025-07-14.mdx @@ -14,7 +14,7 @@ This week’s vulnerability analysis highlights emerging web application threats **Key Findings** - XSS – Attribute Overloading: A novel cross-site scripting technique where attackers abuse custom or non-standard HTML attributes to smuggle payloads into the DOM. These payloads evade traditional sanitization logic, especially in frameworks that loosely validate attributes or trust unknown tokens. -- XSS – onToggle Event Abuse: Exploits the lesser-used onToggle event (triggered by elements like
) to execute arbitrary JavaScript when users interact with UI elements. This vector is often overlooked by static analyzers and can be embedded in seemingly benign components. +- XSS – onToggle Event Abuse: Exploits the lesser-used onToggle event (triggered by elements like `
`) to execute arbitrary JavaScript when users interact with UI elements. This vector is often overlooked by static analyzers and can be embedded in seemingly benign components. - SQLi – Obfuscated Boolean Logic: An advanced SQL injection variant that uses non-standard Boolean expressions, comment-based obfuscation, or alternate encodings (for example, `/*!true*/`, `AND/**/1=1`) to bypass basic input validation and WAF signatures. This technique is particularly dangerous in dynamic query construction contexts. **Impact**