over 1 year ago
Security Advisory
by Vishal Khandelwal
We are hardening WAF-as-a-Service to protect against two design limitations and associated vulnerabilities, discovered in the previous firmware. When an application is in Block mode, under certain configurations is may be possible toabout 2 years ago
OpenSSL Vulnerabilities (CVE-2023-0286, CVE-2022-4304, CVE-2022-4203, CVE-2023-0215, CVE-2022-4450, CVE-2023-0216, CVE-2023-0217 and CVE-2023-0401)
by Scott Treacy
OpenSSL have announced a new security advisory. Please see Barracuda Campus for the latest news on this advisory. 
over 2 years ago
Datapath Management Fix
by Scott Treacy
A few customers experienced an issue with the logic that manages the scaling of the datapath under certain conditions. We have implemented and tested a fix which will be deployed to the version 11 datapath on Sunday 22nd and the version 12over 2 years ago
Claroty JSON SQLi Vulnerabilities
by Scott Treacy
The Claroty T82 research team released a blog last week demonstrating a newly identified SQL injection in JSON based SQL and how this bypasses many name brand WAF vendors. While we have had custom patterns available via the Barracudaover 2 years ago
Resolved Datapath v10.1 to v11 upgrade issue
by Scott Treacy
After the upgrade of a particular customer from Datapath v10.1 to Datapath v11 we have uncovered a configuration edge case that caused the updated configuration to be pushed to the existing datapath before deployment of Datapath v11 (orover 2 years ago
OpenSSL v3 X.509 Email Address Buffer Overflows (CVE-2022-3786 and CVE-2022-3602)
by Scott Treacy
Last week the OpenSSL Project announced they would release OpenSSL v3.0.7 on November 1st, highlighting that this release will be a security fix for a critical vulnerability of the highest severity. Upon release of the fix and the advisory,over 2 years ago
Apache Commons Text packages (CVE-2022-42889)
by Scott Treacy
This article provides an update on the recently discovered vulnerability in Apache Commons Text packages (CVE-2022-42889). This Remote Code Execution (RCE) attack can be carried out on the Apache Commons text packages from version 1.5 untilover 2 years ago
Updated: Microsoft Exchange Zero-Day (CVE-2022-41040 and CVE-2022-41082)
by Scott Treacy
This article provides information on how you can mitigate the newly discovered Zero-day vulnerabilities in Microsoft Exchange Server using Barracuda WAF-as-a-Service. These vulnerabilities were published on September 29, 2022, and affectover 2 years ago
Apex DNS Resoloution issue
by Scott Treacy
The DNS resolution issue with WAF-as-a-Service has been resolved. This issue was related to a general DNS issue with Ubuntu instances in Azure. Full details are avaliable here https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1988119.