Vulnerabilities - The Cloudflare Blog

Protection from Struts Remote Code Execution Vulnerability (S2-057)

Published on September 5th, 2018 2:58PM by Richard Sommerville.

On August 22 a new vulnerability in the Apache Struts framework was announced. We quickly deployed a mitigation to protect customers.

How Cloudflare protects customers from cache poisoning

Published on August 20th, 2018 3:53PM by Jon Levine.

A few days ago, Cloudflare — along with the rest of the world — learned of a "practical" cache poisoning attack. In this post I’ll walk through the attack and explain how Cloudflare mitigated it for our customers.

BGP leaks and cryptocurrencies

Published on April 24th, 2018 10:31PM by Louis Poinsignon.

Over the few last hours, a dozen news stories have broken about how an attacker attempted (and perhaps managed) to steal cryptocurrencies using a BGP leak.

Keeping Drupal sites safe with Cloudflare's WAF

Published on April 20th, 2018 4:14PM by Maitane Zotes.

Cloudflare’s team of security analysts monitor for upcoming threats and vulnerabilities and where possible put protection in place for upcoming threats before they compromise our customers.

Cloudflare is adding Drupal WAF Rule to Mitigate Critical Drupal Exploit

Published on March 29th, 2018 4:10AM by Pasha Kravtsov.

Drupal has recently announced an update to fix a critical remote code execution exploit (SA-CORE-2018-002/CVE-2018-7600). This patch is to disallow forms and form fields from starting with the “#” character.

US callers
1 (888) 99-FLARE
UK callers
+44 (0)20 3514 6970
Singapore callers
+65 3158 3954

Find a Local Number

Request Information

Cloudflare provides performance and security for any website. More than 8 million websites use Cloudflare.

There is no hardware or software. Cloudflare works at the DNS level. It takes only 5 minutes to sign up. To learn more, please visit our website

Full feature list and plan types