--- title: Historical (2023) description: Changes to WAF managed rulesets done in 2023. image: https://developers.cloudflare.com/core-services-preview.png --- > Documentation Index > Fetch the complete documentation index at: https://developers.cloudflare.com/waf/llms.txt > Use this file to discover all available pages before exploring further. [Skip to content](#%5Ftop) # Historical (2023) | Ruleset | Rule ID | Legacy Rule ID | Description | Change Date | Old Action | New Action | | ------------------- | ------------ | -------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------- | --------------------- | ---------- | ---------- | | Cloudflare Specials | ...1bc977d1 | N/A | DotNetNuke - File Inclusion - CVE:CVE-2018-9126, CVE:CVE-2011-1892, CVE:CVE-2022-31474 | 2023-12-18 | N/A | Block | | Cloudflare Specials | ...bb6d4e13 | 100615 | Apache Struts - Remote Code Execution - CVE:CVE-2023-50164 | Emergency, 2023-12-14 | N/A | Block | | Cloudflare Specials | ...8ed2b1d9 | 100611 | WordPress:Plugin:WooCommerce - Unauthorized Administrator Access - CVE:CVE-2023-28121 | 2023-11-21 | N/A | Block | | Cloudflare Specials | ...c3b6a372 | 100593 | Adobe ColdFusion - Auth Bypass, Remote Code Execution - CVE:CVE-2023-29298, CVE:CVE-2023-38203, CVE:CVE-2023-26360 | 2023-11-21 | N/A | Block | | Cloudflare Specials | ...c54e7046 | 100614 | Atlassian Confluence - Code Injection - CVE:CVE-2023-22518 | Emergency, 2023-11-06 | N/A | Block | | Cloudflare Specials | ...d59a59db | 100609 | Keycloak - SSRF - CVE:CVE-2020-10770 | 2023-10-30 | N/A | Block | | Cloudflare Specials | ...3e3f706d | 100606 | JetBrains TeamCity - Auth Bypass, Remote Code Execution - CVE:CVE-2023-42793 | 2023-10-23 | N/A | Block | | Cloudflare Specials | ...469c4a38 | 100607 | Progress WS\_FTP - Information Disclosure - CVE:CVE-2023-40044 | 2023-10-23 | N/A | Block | | Cloudflare Specials | ...7ccccdce | 100608 | Progress WS\_FTP - Remote Code Execution - CVE:CVE-2023-40044 | 2023-10-23 | N/A | Block | | Cloudflare Specials | ...ec9f34e1 | 100604 | Atlassian Confluence - Privilege Escalation - CVE:CVE-2023-22515.Also released for Cloudflare Free customers, with rule ID ...91935fcb (updated detection logic). | Emergency, 2023-10-11 | N/A | Block | | Cloudflare Specials | ...ec9f34e1 | 100604,100605 | Atlassian Confluence - Privilege Escalation - CVE:CVE-2023-22515.Also released for Cloudflare Free customers, with rule ID ...91935fcb. | Emergency, 2023-10-04 | N/A | Block | | Cloudflare Specials | ...34780914 | 100532 | Vulnerability scanner activity | 2023-10-02 | N/A | Block | | Cloudflare Specials | ...066c0c9a | 100602 | Code Injection - CVE:CVE-2023-36845 | Emergency, 2023-09-22 | N/A | Block | | Cloudflare Specials | ...0746d000 | 100603 | Information Disclosure - CVE:CVE-2023-28432 | Emergency, 2023-09-22 | N/A | Block | | Cloudflare Specials | ...25ba9d7c | N/A | SSRF Cloud | 2023-09-18 | N/A | Disabled | | Cloudflare Specials | ...c5f041ac | 100597 | Information Disclosure - Path Normalization | 2023-09-04 | Log | Block | | Cloudflare Specials | ...50cec478 | 100598 | Remote Code Execution - Common Bash Bypass | 2023-09-04 | Log | Block | | Cloudflare Specials | ...ec5b0d04 | 100599 | Ivanti - Auth Bypass - CVE:CVE-2023-38035 | 2023-09-04 | Log | Block | | Cloudflare Specials | ...6912c055 | 100601 | Malware - Polymorphic Encoder | 2023-09-04 | Log | Block | | Cloudflare Specials | ...8242627b | 100146B | SSRF Local BETA | 2023-09-04 | Log | Disabled | | Cloudflare Specials | ...84dadf5a | 100595 | MobileIron - Auth Bypass - CVE:CVE-2023-35082 | 2023-08-21 | Log | Block | | Cloudflare Specials | ...48a60154 | N/A | SQLi - Keyword + SubExpress + Comment + BETA | 2023-08-21 | N/A | Disabled | | Cloudflare Specials | ...cac42ce2 | 100596 | Citrix Content Collaboration ShareFile - Remote Code Execution - CVE:CVE-2023-24489 | Emergency, 2023-08-17 | N/A | Block | | Cloudflare Specials | ...c3b6a372 | 100593 | Adobe ColdFusion - Auth Bypass, Remote Code Execution - CVE:CVE-2023-29298, CVE:CVE-2023-38203, CVE:CVE-2023-26360 | 2023-08-07 | N/A | Block | | Cloudflare Specials | ...63d65c25 | 100594 | Citrix Netscaler ADC - Remote Code Execution - CVE:CVE-2023-3519 | 2023-08-07 | Log | Block | | Cloudflare Specials | ...63d65c25 | 100594 | Citrix Netscaler ADC - Remote Code Execution - CVE:CVE-2023-3519 | Emergency, 2023-08-01 | N/A | Log | | Cloudflare Specials | ...777f5c34 | 100590 | Fortigate VPN - Remote Code Execution - CVE:CVE-2023-27997 | 2023-07-31 | N/A | Block | | Cloudflare Specials | ...0bd669ca | 100592 | Code Injection - Generic | 2023-07-31 | N/A | Block | | OWASP Rules | ...af347fde | N/A | 944100: Remote Command Execution: Suspicious Java class detected | 2023-07-10 | N/A | Block | | OWASP Rules | ...9fae472b | N/A | 944110: Remote Command Execution: Java process spawn (CVE-2017-9805) | 2023-07-10 | N/A | Block | | OWASP Rules | ...5ab75703 | N/A | 944120: Remote Command Execution: Java serialization (CVE-2015-4852) | 2023-07-10 | N/A | Block | | OWASP Rules | ...73cd4e53 | N/A | 944210: Magic bytes Detected Base64 Encoded, probable Java serialization in use | 2023-07-10 | N/A | Block | | OWASP Rules | ...e068f5d3 | N/A | 944300: Base64 encoded string matched suspicious keyword | 2023-07-10 | N/A | Block | | Cloudflare Specials | ...6f9bfc13 | 100590 | VMware - Remote Code Execution - CVE:CVE-2023-20887 | 2023-07-05 | N/A | Block | | Cloudflare Specials | ...fb982fd6 | 100008G | SQLi - Libinject with Body Inspection | 2023-07-05 | N/A | Disabled | | Cloudflare Specials | ...7bc0259f | 100008NS | Command Injection - Netcat - Body | 2023-07-05 | N/A | Disabled | | Cloudflare Specials | ...8559ddfa | 100589 | File Inclusion - WEB-INF | 2023-06-19 | N/A | Block | | Cloudflare Specials | ...269024be | 100587 | Code Injection - CVE:CVE-2019-18889 | 2023-06-19 | N/A | Block | | Cloudflare Specials | ...6f9bfc13 | 100590 | VMware - Remote Code Execution - CVE:CVE-2023-20887 | Emergency, 2023-06-14 | N/A | Block | | Cloudflare Specials | ...269024be | 100587 | Code Injection - CVE:CVE-2022-23529 | 2023-06-12 | N/A | Block | | Cloudflare Specials | ...3ff033f6 | 100588 | MoveIT - SSRF | Emergency, 2023-06-09 | N/A | Block | | Cloudflare Specials | ...dae05f0a | 100583 | Sophos - Code Injection - CVE:CVE-2023-1671 | 2023-05-22 | N/A | Block | | Cloudflare Specials | ...dd1b7502 | 100584 | Oracle Opera - Code Injection - CVE:CVE-2023-21932 | 2023-05-22 | N/A | Disabled | | Cloudflare Specials | ...18585d20 | 100582 | vBulletin - Code Injection - CVE:CVE-2023-25135 | 2023-05-02 | N/A | Block | | Cloudflare Specials | ...49e6b538 | 100534 | Webshell Activity | 2023-05-02 | N/A | Block | | Cloudflare Specials | ...8b036974 | 100558 | Malware, Web Shell | 2023-05-02 | N/A | Log | | Cloudflare Specials | ...dfc9b843 | 100580 | XSS - Error handling | 2023-04-11 | N/A | Block | | Cloudflare Specials | ...2f26b3a7 | 100581 | Joomla - Information Disclosure - CVE:CVE-2023-23752 | 2023-04-11 | N/A | Block | | Cloudflare Specials | ...602dabe0 | N/A | XSS - JavaScript Events | 2023-04-11 | N/A | Block | | Cloudflare Specials | N/A | 100546 | XSS - HTML Encoding | 2023-04-11 | N/A | Block | | Cloudflare Specials | ...a47c4be6 | 100577 | Apache Spark - Remote Code Execution - CVE:CVE-2022-33891 | 2023-03-20 | N/A | Block | | Cloudflare Specials | ...54d00d2f | 100578 | GLPI - Remote Code Execution - CVE:CVE-2022-35914 | 2023-03-20 | N/A | Block | | Cloudflare Specials | ...fb4c6991 | 100579 | GitLab - Remote Code Execution - CVE:CVE-2021-22205 | 2023-03-20 | N/A | Block | | Cloudflare Specials | ...ad679b95 | 100575 | ZK Framework - Information Disclosure - CVE:CVE-2022-36537 | 2023-03-13 | N/A | Block | | Cloudflare Specials | ...f2cc4e84 | 100524 | Java - Remote Code Execution | 2023-03-06 | N/A | Block | | Cloudflare Specials | ...30d612c4 | 100572 | Java - Remote Code Execution - URL | 2023-03-06 | N/A | Block | | Cloudflare Specials | ...9497744a | 100570 | FortiNAC - Remote Code Execution - CVE:CVE-2022-39952 | 2023-03-06 | N/A | Block | | Cloudflare Specials | ...5d38ed42 | 100564 | Oracle E-Business Suite - Remote Code Execution - CVE:CVE-2022-21587 | 2023-02-27 | N/A | Block | | Cloudflare Specials | ...d7e78753 | 100566 | Ruby on Rails - Remote Code Execution | 2023-02-27 | N/A | Block | | Cloudflare Specials | ...72612a5b | 100568 | Cacti - Remote Code Execution - CVE:CVE-2022-46169 | 2023-02-27 | N/A | Block | | Cloudflare Specials | ...a6fda143 | 100563 | Template Injection | 2023-02-13 | N/A | Block | | Cloudflare Specials | ...b090ba9a | 100303 | Command Injection - Nslookup | 2023-02-13 | N/A | Block | | Cloudflare Specials | ...0550c529 | 100016 | Version Control - Information Disclosure | 2023-02-13 | N/A | Block | | Cloudflare Specials | ...d3cdd6ac | 100561 | Remote Code Execution - Double Extension | 2023-02-13 | N/A | Block | | Cloudflare Specials | ...f2cc4e84 | 100524 | Java - Remote Code Execution | 2023-02-06 | N/A | Block | | Cloudflare Specials | ...1b4e622e | 100560 | Microsoft Exchange - Broken Authentication - CVE:CVE-2021-33766 | 2023-02-06 | N/A | Block | | Cloudflare Specials | ...de5e2367 | N/A | XSS - JavaScript Events | 2023-01-30 | N/A | Block | | Cloudflare Specials | ...4c2e80c3 | 100557 | Code Injection - JavaScript | 2023-01-30 | N/A | Block | | Cloudflare Specials | ...65414846 | 100559 | Prototype pollution Attack, Headers | 2023-01-30 | N/A | Block | | Cloudflare OWASP | ...fc25d2f1f | N/A | Rollback Cloudflare OWASP to version 3.3.3 from 3.3.4 | 2023-01-24 | N/A | N/A | | Cloudflare Specials | ...8b036974 | 100558 | Malware, Web Shell | 2023-01-16 | N/A | Log | | Cloudflare Specials | N/A | 100135C | XSS - JavaScript Events | 2023-01-16 | N/A | Block | | Cloudflare OWASP | ...fc25d2f1f | N/A | Upgrading Cloudflare OWASP to version 3.3.4 | 2023-01-16 | N/A | N/A | | Cloudflare Specials | ...b604fb62 | 100551B | Microsoft Exchange SSRF and RCE vulnerability 2 - CVE:CVE-2022-41040, CVE:CVE-2022-41082 | 2023-01-09 | N/A | Block | ```json {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"item":{"@id":"/directory/","name":"Directory"}},{"@type":"ListItem","position":2,"item":{"@id":"/waf/","name":"WAF"}},{"@type":"ListItem","position":3,"item":{"@id":"/waf/change-log/","name":"WAF changelog overview"}},{"@type":"ListItem","position":4,"item":{"@id":"/waf/change-log/historical-2023/","name":"Historical (2023)"}}]} ```