Hey Yifan,
Thanks for your post.
I think this is one for our support team, so I recommend you raise a ticket on the support portal.
Our support team work closely with our threat research team on CVEs such as these so this feedback is really helpful.
Thanks,
------------------------------
Sarah Lamont(csp)
Digital Community Manager
------------------------------
Original Message:
Sent: 06-28-2022 10:36
From: Yifan Yuan
Subject: About CVE-2013-6227 policy related issues
Recently, when I was testing the policy, I was testing the CVE-2013-6227,I find that the strategy is not well written,
This policy is triggered when the url include "plugins/editor.zoho/agent/save_zoho.php" ,and the Parameter name "content" Match Operation is "Does not Match Regular Expression" Value"is "xls|xlsx|ods|sxc|csv|tsv|ppt|pps|odp|sxi|doc|docx|rtf|odt|sxw"
So i Constructed a request that triggered it and it work,is intercepted intermediately by WAF,
#AllImperva
#AttackAnalytics
#On-PremisesWAF(formerlySecuresphere)
------------------------------
Yifan Yuan
SE
shenzhen
------------------------------