Attention all Azure regional WAF customers: We have deployed a new managed rule to address the security vulnerability CVE-2023-50164. This security vulnerability could potentially impact your application.
The fix has been rolled out for the ruleset versions listed below. If you believe that your application is vulnerable to this exploit we recommend changing the action of this rule from log to block. Please note that anomaly score action is not supported for this rule.
Default Ruleset (DRS): 2.1
- ID: 99001017
- Rule Group: MS-ThreatIntel-CVEs
- State: Enabled
- Action: Log
- ID: 800114
- Rule Group: KNOWN-CVES
- State: Enabled
- Action: Log
- Note: This rule is only supported on WAFv2. Older WAFs running CRS 3.1 only support logging mode for this rule. To enable block mode you will need to upgrade to a newer ruleset version.
Thank you for choosing Azure for your web security needs.