Today a severe vulnerability was announced by the WordPress Security Team that allows unauthenticated users to change content on a site using unpatched (below version 4.7.2) WordPress. CC BY-SA 2.0 image by Nicola Sap De Mitri The problem was found by the team at Sucuri and reported
CloudFlare sites protected from httpoxy
CC BY 2.0 image by Joe Seggiola We have rolled out automatic protection for all customers for the the newly announced vulnerability called httpoxy. This vulnerability affects applications that use “classic” CGI execution models, and could lead to API token disclosure of the services that your application may talk
Yet Another Padding Oracle in OpenSSL CBC Ciphersuites
Yesterday a new vulnerability has been announced in OpenSSL/LibreSSL. A padding oracle in CBC mode decryption, to be precise. Just like Lucky13. Actually, it’s in the code that fixes Lucky13.
OpenSSL Security Advisory of 19 March 2015
Today there were multiple vulnerabilities released in OpenSSL, a cryptographic library used by CloudFlare (and most sites on the Internet). There has been advance notice that an announcement would be forthcoming, although the contents of the vulnerabilities were kept closely controlled and shared only with major operating system vendors until
No upgrade needed: CloudFlare sites already protected from FREAK
The newly announced FREAK vulnerability is not a concern for CloudFlare's SSL customers. We do not support 'export grade' cryptography (which, by its nature, is weak) and we upgraded to the non-vulnerable version of OpenSSL the day it was released in early January. CC BY 2.0 image by Stuart