Protection against CVE-2021-45046, the additional Log4j RCE vulnerability
December 15, 2021 1:56PM
This vulnerability is actively being exploited and anyone using Log4J should update to version 2.16.0 as soon as possible, even if you have previously updated to 2.15.0. The latest version can be found on the Log4J download page....
Continue reading »
Inside the Log4j2 vulnerability (CVE-2021-44228)
December 10, 2021 6:36PM
Zero Day Threats
In this post we explain the history of this vulnerability, how it was introduced, how Cloudflare is protecting our clients. We will update later with actual attempted exploitation we are seeing blocked by our firewall service....
CVE-2021-44228 - Log4j RCE 0-day mitigation
December 10, 2021 11:39AM
Zero Day Threats
A zero-day exploit affecting the popular Apache Log4j utility (CVE-2021-44228) was made public on December 9, 2021 that results in remote code execution (RCE). This vulnerability is actively being exploited and anyone using Log4j should update to version 2.15.0 as soon as possible....
Get notified when your site is under attack
December 03, 2021 1:59PM
Cloudflare can now send proactive notifications about any application security event spike, so you are warned whenever an attack might be targeting your application....
Helping Apache Servers stay safe from zero-day path traversal attacks (CVE-2021-41773)
October 08, 2021 11:29AM
On September 29th 2021, the Apache Security team was alerted of a path traversal vulnerability being actively exploited (zero-day) against Apache HTTP Server version 2.4.49. Customers running the affected Apache version, should update to 2.5.51 as soon as possible....
September 08, 2021 10:18AM
How Cloudflare helped mitigate the Atlassian Confluence OGNL vulnerability before the PoC was released
On August 25, 2021, Atlassian released a security advisory affecting their Confluence application. The Cloudflare WAF soon after started mitigating an increase in malicious traffic to vulnerable endpoints ensuring customers remained protected....