Zero Day Threats - The Cloudflare Blog

CVE-2022-1096: How Cloudflare Zero Trust provides protection from zero day browser vulnerabilities

March 29, 2022 4:51PM

CVE-2022-1096 is yet another zero day vulnerability affecting web browsers. Cloudflare zero trust mitigates the risk of zero day attacks in the browser and has been patched...

Tim Obezuk

Sanitizing Cloudflare Logs to protect customers from the Log4j vulnerability

December 14, 2021 10:23AM

Logs Vulnerabilities Zero Day Threats Security Log4J

Many Cloudflare customers consume their logs using software that uses Log4j, so we are mitigating any exploit attempts via Cloudflare Logs....

Secure how your servers connect to the Internet today

December 10, 2021 9:24PM

Cloudflare Zero Trust Cloudflare One Zero Trust Cloudflare Gateway Zero Day Threats

The vulnerability disclosed yesterday in the Java-based logging package, log4j, allows attackers to execute code on a remote server. We’ve updated Cloudflare’s WAF to defend your infrastructure against this 0-day attack....

Sam Rhea

Inside the Log4j2 vulnerability (CVE-2021-44228)

December 10, 2021 6:36PM

Vulnerabilities Zero Day Threats Security WAF Rules Log4J

In this post we explain the history of this vulnerability, how it was introduced, how Cloudflare is protecting our clients. We will update later with actual attempted exploitation we are seeing blocked by our firewall service....

John Graham-Cumming

CVE-2021-44228 - Log4j RCE 0-day mitigation

December 10, 2021 11:39AM

Vulnerabilities Zero Day Threats WAF Rules Security Log4J

A zero-day exploit affecting the popular Apache Log4j utility (CVE-2021-44228) was made public on December 9, 2021 that results in remote code execution (RCE). This vulnerability is actively being exploited and anyone using Log4j should update to version 2.15.0 as soon as possible....