1676023497185
OpenSSL Vulnerabilities (CVE-2023-0286, CVE-2022-4304, CVE-2022-4203, CVE-2023-0215, CVE-2022-4450, CVE-2023-0216, CVE-2023-0217 and CVE-2023-0401)
by Scott Treacy
OpenSSL have announced a new security advisory. Please see Barracuda Campus for the latest news on this advisory. 
1671029820000
Claroty JSON SQLi Vulnerabilities
by Scott Treacy
The Claroty T82 research team released a blog last week demonstrating a newly identified SQL injection in JSON based SQL and how this bypasses many name brand WAF vendors. While we have had custom patterns available via the Barracuda 1667300400000
OpenSSL v3 X.509 Email Address Buffer Overflows (CVE-2022-3786 and CVE-2022-3602)
by Scott Treacy
Last week the OpenSSL Project announced they would release OpenSSL v3.0.7 on November 1st, highlighting that this release will be a security fix for a critical vulnerability of the highest severity. Upon release of the fix and the advisory, 1666279800000
Apache Commons Text packages (CVE-2022-42889)
by Scott Treacy
This article provides an update on the recently discovered vulnerability in Apache Commons Text packages (CVE-2022-42889). This Remote Code Execution (RCE) attack can be carried out on the Apache Commons text packages from version 1.5 until 1664555921055
Updated: Microsoft Exchange Zero-Day (CVE-2022-41040 and CVE-2022-41082)
by Scott Treacy
This article provides information on how you can mitigate the newly discovered Zero-day vulnerabilities in Microsoft Exchange Server using Barracuda WAF-as-a-Service. These vulnerabilities were published on September 29, 2022, and affect 1654868880000
Atlassian Confluence Remote Code Execution Vulnerability (CVE-2022-26134)
by Scott Treacy
In the next few hours we are starting to deploy improvements to the security posture of all customer applications within WAF-as-a-Service in order to provide better protection against the Atlassian Confluence Remote Code Execution
1652282400000
Spring4Shell framework vulnerabilities (CVE-2022-22963 and CVE-2022-22965)
by Scott Treacy
We are rolling out improvements to the security posture of all applications within WAF-as-a-Service in order to provide better protection against the Spring4Shell framework vulnerabilities (CVE-2022-22963 and CVE-2022-22965). If for some 1640110803269
Log4J rules now visible in UI
by Nitzan Miron
Our team has released multiple updates over the past week to keep up with the latest research, scans, and exploits we are seeing in the wild for the Log4J vulnerabilities. You can read more about the updates on Barracuda Campus. Last week, 1639317600000
Apache Log4j Critical Vulnerability (CVE-2021-44228)
by Nitzan Miron
We have added signatures to WAF-as-a-Service to block exploits of Apache Log4j Critical Vulnerability (CVE-2021-44228). This involves protection of headers, cookies, and parameters. The protections in WAF-as-a-Service are being updated