1706450400000
Security Advisory
by Vishal Khandelwal
We are hardening WAF-as-a-Service to protect against two design limitations and associated vulnerabilities, discovered in the previous firmware. When an application is in Block mode, under certain configurations is may be possible to 1676023497185
OpenSSL Vulnerabilities (CVE-2023-0286, CVE-2022-4304, CVE-2022-4203, CVE-2023-0215, CVE-2022-4450, CVE-2023-0216, CVE-2023-0217 and CVE-2023-0401)
by Scott Treacy
OpenSSL have announced a new security advisory. Please see Barracuda Campus for the latest news on this advisory. 
1674176014611
Datapath Management Fix
by Scott Treacy
A few customers experienced an issue with the logic that manages the scaling of the datapath under certain conditions. We have implemented and tested a fix which will be deployed to the version 11 datapath on Sunday 22nd and the version 12 1671029820000
Claroty JSON SQLi Vulnerabilities
by Scott Treacy
The Claroty T82 research team released a blog last week demonstrating a newly identified SQL injection in JSON based SQL and how this bypasses many name brand WAF vendors. While we have had custom patterns available via the Barracuda 1670491721675
Resolved Datapath v10.1 to v11 upgrade issue
by Scott Treacy
After the upgrade of a particular customer from Datapath v10.1 to Datapath v11 we have uncovered a configuration edge case that caused the updated configuration to be pushed to the existing datapath before deployment of Datapath v11 (or 1667300400000
OpenSSL v3 X.509 Email Address Buffer Overflows (CVE-2022-3786 and CVE-2022-3602)
by Scott Treacy
Last week the OpenSSL Project announced they would release OpenSSL v3.0.7 on November 1st, highlighting that this release will be a security fix for a critical vulnerability of the highest severity. Upon release of the fix and the advisory, 1666279800000
Apache Commons Text packages (CVE-2022-42889)
by Scott Treacy
This article provides an update on the recently discovered vulnerability in Apache Commons Text packages (CVE-2022-42889). This Remote Code Execution (RCE) attack can be carried out on the Apache Commons text packages from version 1.5 until 1664555921055
Updated: Microsoft Exchange Zero-Day (CVE-2022-41040 and CVE-2022-41082)
by Scott Treacy
This article provides information on how you can mitigate the newly discovered Zero-day vulnerabilities in Microsoft Exchange Server using Barracuda WAF-as-a-Service. These vulnerabilities were published on September 29, 2022, and affect 1663280940000
Datapath Upgrade to Version 11.0
by Scott Treacy
We are pleased to announce that we will be upgrading the current datapath from version 10.1 to version 11.0 for all WAF-as-a-Service customers who have selected to Let Barracuda manage my datapath version within their WAF-as-a-Service