Barracuda delivers updated SSL Inspection feature

Version imprimable, PDF et e-mail

Barracuda has released a critical security update to the Barracuda Web Filter with firmware version, for customers who are using or going to use SSL Inspection on the Barracuda Web Filter. This also applies if you have enabled SSL Inspection in the past, but have subsequently turned it off.  We recommend installing version on your Barracuda Web Filter as soon as it is available, and that you not use the SSL inspection capabilities without upgrading to this firmware version.  You can see the full release notes here.

The new firmware version specifically addresses CVE-2015-0961 and CVE-2015-0962, which Barracuda requested in response to this blog post.  The Barracuda team worked closely with CERT in responding to their call for research, requesting the CVEs, working within CERT timelines, and coordinating disclosure.  We also proactively contacted Barracuda Web Filter customers to advise them of the vulnerabilities that we discovered.

If you are using the SSL Inspection features, you may need to deploy new certificates to clients. We have updated our Tech Library documentation to assist in this process, and we have created a certificate check site to help you determine if your web clients are affected.

In conjunction with CERT, we are also releasing a tech alert on this firmware release.  The tech alert explains the recently discovered implementation weaknesses in features that use SSL Inspection.

Ressources :

The entire tech alert is available on our Tech Alert page here and at the end of this post.

If you have any questions regarding the tech alert, please contact our support team at 888-268-4772.

This post will be updated if new information becomes available.

Barracuda Tech Alert:

Title:  Barracuda Web Filter, SSL Inspection, CVE-2015-0961 and CVE-2015-0962

Date:  2015-04-28

Affected Product(s):   Barracuda Web Filter

Revision:   a1.0

Risk Rating:   High


Parallèlement à des recherches externes récentes de l'équipe d'intervention en cas d'urgence informatique sur les implémentations d'inspection SSL sur le marché, Barracuda Network a effectué un audit de Barracuda Web Filter. Le jeudi 16 avril, nous avons publié la version de Barracuda Web Filter pour résoudre deux problèmes détectés lors de notre audit.

CVE-2015-0961: prior to version, the Barracuda Web Firewall does not properly check the validity of upstream certificates when SSL inspection is enabled. Upgrading to version resolves this issue and no other action is required.

CVE-2015-0962: versions 7.0 through 8.1.003 ship with a set of default root CA certificates that are common across appliances. Upgrading to version ensures that each unit has a unique default root CA certificate. Customers who have configured SSL Inspection with the default certificate should deploy new certificates following the instructions at

Pour une protection maximale, Barracuda Networks recommande à tous ses clients de s'assurer que les définitions de sécurité sont activées et de mettre à jour les firmwares et les définitions de sécurité vers la version à la disposition générale la plus récente.

Remonter en haut de page