Cloudflare observations of Confluence zero day (CVE-2022-26134)
June 05, 2022 9:54PM
On 2022-06-02 at 20:00 UTC Atlassian released a Security Advisory relating to a remote code execution (RCE) vulnerability affecting Confluence Server and Confluence Data Center products. This post covers our current analysis of this vulnerability...
Continue reading »
CVE-2022-1096: How Cloudflare Zero Trust provides protection from zero day browser vulnerabilities
March 29, 2022 4:51PM
Browser Isolation
Remote Browser Isolation
RBI
Zero Day Threats
Zero Trust
CVE-2022-1096 is yet another zero day vulnerability affecting web browsers. Cloudflare zero trust mitigates the risk of zero day attacks in the browser and has been patched...
Sanitizing Cloudflare Logs to protect customers from the Log4j vulnerability
December 14, 2021 10:23AM
Logs
Vulnerabilities
Zero Day Threats
Security
Log4J
Many Cloudflare customers consume their logs using software that uses Log4j, so we are mitigating any exploit attempts via Cloudflare Logs....
Secure how your servers connect to the Internet today
December 10, 2021 9:24PM
Cloudflare Zero Trust
Cloudflare One
Zero Trust
Cloudflare Gateway
Zero Day Threats
The vulnerability disclosed yesterday in the Java-based logging package, log4j, allows attackers to execute code on a remote server. We’ve updated Cloudflare’s WAF to defend your infrastructure against this 0-day attack....
Inside the Log4j2 vulnerability (CVE-2021-44228)
December 10, 2021 6:36PM
Vulnerabilities
Zero Day Threats
Security
WAF Rules
Log4J
In this post we explain the history of this vulnerability, how it was introduced, how Cloudflare is protecting our clients. We will update later with actual attempted exploitation we are seeing blocked by our firewall service....
December 10, 2021 11:39AM
CVE-2021-44228 - Log4j RCE 0-day mitigation
A zero-day exploit affecting the popular Apache Log4j utility (CVE-2021-44228) was made public on December 9, 2021 that results in remote code execution (RCE). This vulnerability is actively being exploited and anyone using Log4j should update to version 2.15.0 as soon as possible....