1706527200000
Session Recording
by Scott Treacy
New
Announcement
Improvement
This past weekend we introduced Session Recording for troubleshooting layer-7 application problems when passing traffic through the WAF-as-a-Service datapath proxies. Those of you who have previously used the Barracuda WAF appliances will
1706457600000
Vulnerability Mapping
by Scott Treacy
New
Announcement
Improvement
We are pleased to announce that we have released Vulnerability mapping for Common Weakness Enumeration (see above) and several OWASP awareness standards (see below) for log entries in WAF-as-a-Service. The Vulnerability mapping is
1706450400000
Security Advisory
by Vishal Khandelwal
We are hardening WAF-as-a-Service to protect against two design limitations and associated vulnerabilities, discovered in the previous firmware. When an application is in Block mode, under certain configurations is may be possible to 1706309596194
Application Page improvments
by Scott Treacy
New
Announcement
Improvement
This weekend we are introducing some minor changes to the Applications page which are in preparation for several new features we will be releasing in the coming months. The most prominent of these introduces a default Production group with
1676023497185
OpenSSL Vulnerabilities (CVE-2023-0286, CVE-2022-4304, CVE-2022-4203, CVE-2023-0215, CVE-2022-4450, CVE-2023-0216, CVE-2023-0217 and CVE-2023-0401)
by Scott Treacy
OpenSSL have announced a new security advisory. Please see Barracuda Campus for the latest news on this advisory. 
1674176014611
Datapath Management Fix
by Scott Treacy
A few customers experienced an issue with the logic that manages the scaling of the datapath under certain conditions. We have implemented and tested a fix which will be deployed to the version 11 datapath on Sunday 22nd and the version 12 1671029820000
Claroty JSON SQLi Vulnerabilities
by Scott Treacy
The Claroty T82 research team released a blog last week demonstrating a newly identified SQL injection in JSON based SQL and how this bypasses many name brand WAF vendors. While we have had custom patterns available via the Barracuda 1670491721675
Resolved Datapath v10.1 to v11 upgrade issue
by Scott Treacy
After the upgrade of a particular customer from Datapath v10.1 to Datapath v11 we have uncovered a configuration edge case that caused the updated configuration to be pushed to the existing datapath before deployment of Datapath v11 (or 1667300400000
OpenSSL v3 X.509 Email Address Buffer Overflows (CVE-2022-3786 and CVE-2022-3602)
by Scott Treacy
Last week the OpenSSL Project announced they would release OpenSSL v3.0.7 on November 1st, highlighting that this release will be a security fix for a critical vulnerability of the highest severity. Upon release of the fix and the advisory,