General availability: Security Update for Application Gateway WAF CVE-2023-50164

The next decade in enterprise backup

Source is Azure Business News

Attention all Azure regional WAF customers: We have deployed a new managed rule to address the security vulnerability CVE-2023-50164. This security vulnerability could potentially impact your application.

The fix has been rolled out for the ruleset versions listed below.  If you believe that your application is vulnerable to this exploit we recommend changing the action of this rule from log to block. Please note that anomaly score action is not supported for this rule.

Default Ruleset (DRS): 2.1

  • ID: 99001017
  • Rule Group: MS-ThreatIntel-CVEs
  • State: Enabled
  • Action: Log

Core Ruleset (CRS): 3.2, 3.1

  • ID: 800114
  • Rule Group: KNOWN-CVES
  • State: Enabled
  • Action: Log
  • Note: This rule is only supported on WAFv2. Older WAFs running CRS 3.1 only support logging mode for this rule. To enable block mode you will need to upgrade to a newer ruleset version.

Thank you for choosing Azure for your web security needs.

Source is Azure Business News

Vorig artikelChange tracking and inventory with Log Analytics agent in Azure Automation will be retired on 31 August 2024
Volgend artikelLinux Command-Line Basics