A collection to detect exploitation of some specific http CVEs.

Works with apache2, nginx, traefik etc.

⚠️ While this collection is frequently updated with trending CVEs, it is not a WAF and does not aims at replacing a WAF. As such, an attacker might be able to bypass those signatures.

• Apache CVE-2021-41773
• Apache CVE-2021-42013
• Grafana CVE-2021-43798
• Fortinet CVE-2018-13379
• Pulse Secure CVE-2019-11510
• F5 BIG-IP CVE-2020-5902
• ThinkPHP CVE-2018-20062
• Apache Log4j2 CVE-2021-44228
• VMware VMSA-2021-0027
• Atlassian Jira CVE-2021-26086
• Spring4Shell CVE-2022-22965
• VMware CVE-2022-22954
• Zimbra CVE-2022-37042
• Microsoft Exchange CVE-2022-41082
• GLPI CVE-2022-35914
• Fortinet CVE-2022-40684
• Confluence CVE-2022-26134
• Text4Shell CVE-2022-42889
• Ghost CMS CVE-2022-41697
• Cacti CVE-2022-46169
• Centos Web Panel 7 CVE-2022-44877
• Telerik UI CVE-2019-18935
• Netgear DGN1000 / DGN2200 Remote Command Execution
• Confluence CVE-2023-22515
• Confluence CVE-2023-22518
• Owncloud CVE-2023-49103
• PHP Unittest Framework CVE-2017-9841
• Apache source disclosure CVE-2024-38475