Barracuda WAF-as-a-Service Updates

Barracuda WAF-as-a-Service Updates

waas.barracudanetworks.com

App Groups

by Scott Treacy
Update
Announcement
After several months of development, we are very pleased to announce the availability of App Groups. This is a significant new feature that allows you to group applications together with common Resources. For example a staging group of
App Groups

Session Recording

by Scott Treacy
New
Announcement
Improvement
This past weekend we introduced Session Recording for troubleshooting layer-7 application problems when passing traffic through the WAF-as-a-Service datapath proxies. Those of you who have previously used the Barracuda WAF appliances will
Session Recording

Vulnerability Mapping

by Scott Treacy
New
Announcement
Improvement
We are pleased to announce that we have released Vulnerability mapping for Common Weakness Enumeration (see above) and several OWASP awareness standards (see below) for log entries in WAF-as-a-Service. The Vulnerability mapping is
Vulnerability Mapping

Security Advisory

by Vishal Khandelwal
We are hardening WAF-as-a-Service to protect against two design limitations and associated vulnerabilities, discovered in the previous firmware. When an application is in Block mode, under certain configurations is may be possible to
New
Announcement
Improvement
Fix

Application Page improvments

by Scott Treacy
New
Announcement
Improvement
This weekend we are introducing some minor changes to the Applications page which are in preparation for several new features we will be releasing in the coming months. The most prominent of these introduces a default Production group with
Application Page improvments

OpenSSL Vulnerabilities (CVE-2023-0286, CVE-2022-4304, CVE-2022-4203, CVE-2023-0215, CVE-2022-4450, CVE-2023-0216, CVE-2023-0217 and CVE-2023-0401)

by Scott Treacy
Announcement
CVE
OpenSSL have announced a new security advisory. Please see Barracuda Campus for the latest news on this advisory.
OpenSSL Vulnerabilities (CVE-2023-0286, CVE-2022-4304, CVE-2022-4203, CVE-2023-0215, CVE-2022-4450, CVE-2023-0216, CVE-2023-0217 and CVE-2023-0401)

Claroty JSON SQLi Vulnerabilities

by Scott Treacy
The Claroty T82 research team released a blog last week demonstrating a newly identified SQL injection in JSON based SQL and how this bypasses many name brand WAF vendors. While we have had custom patterns available via the Barracuda
Announcement
CVE

OpenSSL v3 X.509 Email Address Buffer Overflows (CVE-2022-3786 and CVE-2022-3602)

by Scott Treacy
Last week the OpenSSL Project announced they would release OpenSSL v3.0.7 on November 1st, highlighting that this release will be a security fix for a critical vulnerability of the highest severity. Upon release of the fix and the advisory,
Announcement
CVE

Apache Commons Text packages (CVE-2022-42889)

by Scott Treacy
This article provides an update on the recently discovered vulnerability in Apache Commons Text packages (CVE-2022-42889). This Remote Code Execution (RCE) attack can be carried out on the Apache Commons text packages from version 1.5 until
Announcement
CVE