In July and August, our detection team redesigned the detection of Path Traversal attacks. Hackers can use the following approaches for such attacks:

• PHP wrappers

  For example, php://filter/read=convert.base64-encode/resource=/etc/group

• Universal naming conventions for paths (UNC paths)

  For example, \\::1\c$\users\default\ntuser.dat

• File URI scheme

  For example, file://localhost/c|\windows\win.ini

We have updated the mechanism for dealing with such attacks and extended it to make it more difficult for attackers to execute such attacks.

We have also added new Scanner extensions to scan for the following vulnerabilities:

• Detecting debug panels laravel-debugbar, telescope, php-debugbar
• Zend framework configuration information disclosure detection
• LFI & RCE in Citrix ADC / Netscaler (CVE-2019-19781)
• 0 Day RCE at vBulletin (CVE-2020-17496)
• F5-BIG-IP RCE (CVE-2020-5902)

The changes are already available for all Wallarm clients. No additional update steps are required.