Barracuda WAF-as-a-Service Updates

Barracuda WAF-as-a-Service Updates

waas.barracudanetworks.com

App Groups

by Scott Treacy
Update
Announcement
After several months of development, we are very pleased to announce the availability of App Groups. This is a significant new feature that allows you to group applications together with common Resources. For example a staging group of
App Groups

Session Recording

by Scott Treacy
New
Announcement
Improvement
This past weekend we introduced Session Recording for troubleshooting layer-7 application problems when passing traffic through the WAF-as-a-Service datapath proxies. Those of you who have previously used the Barracuda WAF appliances will
Session Recording

Vulnerability Mapping

by Scott Treacy
New
Announcement
Improvement
We are pleased to announce that we have released Vulnerability mapping for Common Weakness Enumeration (see above) and several OWASP awareness standards (see below) for log entries in WAF-as-a-Service. The Vulnerability mapping is
Vulnerability Mapping

Security Advisory

by Vishal Khandelwal
We are hardening WAF-as-a-Service to protect against two design limitations and associated vulnerabilities, discovered in the previous firmware. When an application is in Block mode, under certain configurations is may be possible to
New
Announcement
Improvement
Fix

Application Page improvments

by Scott Treacy
New
Announcement
Improvement
This weekend we are introducing some minor changes to the Applications page which are in preparation for several new features we will be releasing in the coming months. The most prominent of these introduces a default Production group with
Application Page improvments

OpenSSL Vulnerabilities (CVE-2023-0286, CVE-2022-4304, CVE-2022-4203, CVE-2023-0215, CVE-2022-4450, CVE-2023-0216, CVE-2023-0217 and CVE-2023-0401)

by Scott Treacy
Announcement
CVE
OpenSSL have announced a new security advisory. Please see Barracuda Campus for the latest news on this advisory.
OpenSSL Vulnerabilities (CVE-2023-0286, CVE-2022-4304, CVE-2022-4203, CVE-2023-0215, CVE-2022-4450, CVE-2023-0216, CVE-2023-0217 and CVE-2023-0401)

Datapath Management Fix

by Scott Treacy
A few customers experienced an issue with the logic that manages the scaling of the datapath under certain conditions. We have implemented and tested a fix which will be deployed to the version 11 datapath on Sunday 22nd and the version 12
Fix
Datapath

Claroty JSON SQLi Vulnerabilities

by Scott Treacy
The Claroty T82 research team released a blog last week demonstrating a newly identified SQL injection in JSON based SQL and how this bypasses many name brand WAF vendors. While we have had custom patterns available via the Barracuda
Announcement
CVE

Resolved Datapath v10.1 to v11 upgrade issue

by Scott Treacy
After the upgrade of a particular customer from Datapath v10.1 to Datapath v11 we have uncovered a configuration edge case that caused the updated configuration to be pushed to the existing datapath before deployment of Datapath v11 (or
Datapath
Fix
Improvement