CVE-2021-44228 - Log4j RCE 0-day mitigation
December 10, 2021 11:39 AM
A zero-day exploit affecting the popular Apache Log4j utility (CVE-2021-44228) was made public on December 9, 2021, that results in remote code execution (RCE)....
Fixing Recent Validation Vulnerabilities in OctoRPKI
November 12, 2021 8:59 PM
A number of vulnerabilities in Resource Public Key Infrastructure (RPKI) validation software were disclosed in a recent NCSC advisory, discovered by researchers from the University of Twente....
Helping Apache Servers stay safe from zero-day path traversal attacks (CVE-2021-41773)
October 08, 2021 10:29 AM
On September 29th 2021, the Apache Security team was alerted of a path traversal vulnerability being actively exploited (zero-day) against Apache HTTP Server version 2.4.49. Customers running the affected Apache version, should update to 2.5.51 as soon as possible....
How Cloudflare helped mitigate the Atlassian Confluence OGNL vulnerability before the PoC was released
September 08, 2021 9:18 AM
On August 25, 2021, Atlassian released a security advisory affecting their Confluence application. The Cloudflare WAF soon after started mitigating an increase in malicious traffic to vulnerable endpoints ensuring customers remained protected....
Protecting against recently disclosed Microsoft Exchange Server vulnerabilities: CVE-2021-26855, CVE-2021-26857, CVE-2021-26858, and CVE-2021-27065
March 07, 2021 12:47 AM
Cloudflare has deployed managed rules protecting customers against a series of remotely exploitable vulnerabilities that were recently found in Microsoft Exchange Server. ...
MORE POSTS
July 07, 2020 5:04 PM
CVE-2020-5902: Helping to protect against the F5 TMUI RCE vulnerability
Cloudflare has deployed a new managed rule protecting customers against a remote code execution vulnerability that has been found in F5 BIG-IP’s web-based Traffic Management User Interface (TMUI)....
- By
October 24, 2019 5:27 PM
Cloudflare response to CPDoS exploits
Three vulnerabilities were disclosed as Cache Poisoning Denial of Service attacks in a paper written by Hoai Viet Nguyen, Luigi Lo Iacono, and Hannes Federrath of TH Köln - University of Applied Sciences. These attacks are similar to the cache poisoning attacks presented last yea...
- By
September 28, 2019 10:54 PM
Cloudflare’s protection against a new Remote Code Execution vulnerability (CVE-2019-16759) in vBulletin
Cloudflare has released a new rule as part of its Cloudflare Specials Rulesets, to protect our customers against a high-severity vulnerability in vBulletin. A new zero-day vulnerability was discovered for vBulletin, a proprietary Internet forum software. ...
- By
August 13, 2019 5:00 PM
On the recent HTTP/2 DoS attacks
Today, multiple Denial of Service (DoS) vulnerabilities were disclosed for a number of HTTP/2 server implementations. Cloudflare uses NGINX for HTTP/2. Customers using Cloudflare are already protected against these attacks....
- By
May 28, 2019 6:45 PM
Stopping SharePoint’s CVE-2019-0604
On Saturday, 11th May 2019, we got the news of a critical web vulnerability being actively exploited in the wild by advanced persistent threats (APTs), affecting Microsoft’s SharePoint server (versions 2010 through 2019)....
- By
March 05, 2019 10:55 PM
Stopping Drupal’s SA-CORE-2019-003 Vulnerability
Drupal discovered a severe vulnerability and said they would release a patch. When the patch was released we analysed and created rules to mitigate these. By analysing the patch we created WAF rules to protect Cloudflare customers running Drupal....
- By
September 05, 2018 2:58 PM
Protection from Struts Remote Code Execution Vulnerability (S2-057)
On August 22 a new vulnerability in the Apache Struts framework was announced. We quickly deployed a mitigation to protect customers....
- By
August 20, 2018 3:53 PM
How Cloudflare protects customers from cache poisoning
A few days ago, Cloudflare — along with the rest of the world — learned of a "practical" cache poisoning attack. In this post I’ll walk through the attack and explain how Cloudflare mitigated it for our customers....
- By
April 24, 2018 10:31 PM
BGP leaks and cryptocurrencies
Over the few last hours, a dozen news stories have broken about how an attacker attempted (and perhaps managed) to steal cryptocurrencies using a BGP leak....
- By
April 20, 2018 4:14 PM
Keeping Drupal sites safe with Cloudflare's WAF
Cloudflare’s team of security analysts monitor for upcoming threats and vulnerabilities and where possible put protection in place for upcoming threats before they compromise our customers....
- By
March 29, 2018 4:10 AM
Cloudflare is adding Drupal WAF Rule to Mitigate Critical Drupal Exploit
Drupal has recently announced an update to fix a critical remote code execution exploit (SA-CORE-2018-002/CVE-2018-7600). This patch is to disallow forms and form fields from starting with the “#” character....
- By
February 27, 2018 2:38 PM
Memcrashed - Major amplification attacks from UDP port 11211
Over last couple of days we've seen a big increase in an obscure amplification attack vector - using the memcached protocol, coming from UDP port 11211. In the past, we have talked a lot about amplification attacks happening on the internet. ...
- By
January 19, 2018 5:38 PM
Web Cache Deception Attack revisited
In April, we wrote about Web Cache Deception attacks, and how our customers can avoid them using origin configuration. Since our previous blog post, we have looked for but have not seen any large scale attacks like this in the wild....
- By
January 18, 2018 12:06 PM
However improbable: The story of a processor bug
Processor problems have been in the news lately, due to the Meltdown and Spectre vulnerabilities. But generally, engineers writing software assume that computer hardware operates in a reliable, well-understood fashion, and that any problems lie on the software side of the softwar...
- By