App Gateway WAF Security Update CVE-2023-50164 Now Available
A new managed rule has been deployed to address a security vulnerability (CVE-2023-50164) in Azure regional WAF. The fix has been rolled out for the Default Ruleset (DRS) version 2.1 and the Core Ruleset (CRS) versions 3.2 and 3.1. Customers are recommended to change the action of the rule from log to block if they believe their application is vulnerable. The block mode is only supported on WAFv2, and customers using an older WAF with CRS 3.1 will need to upgrade to a newer ruleset version to enable block mode.