The Cloudflare Blog

Subscribe to receive notifications of new posts:

New Magento WAF Rule – RCE Vulnerability Protection

2015-04-25

Peter Dumanian

1 min read

Today the Magento Security Team created a new ModSecurity rule and added it to our WAF rules to mitigate an important RCE (remote code execution) vulnerability in the Magento web e-commerce platform. Any customer using the WAF needs to click the ON button next to the “CloudFlare Magento” Group in the WAF Settings to enable protection immediately.

Both Magento version 1.9.1.0 CE and 1.14.1.0 EE are compromised by this vulnerability. CloudFlare WAF protection can help mitigate vulnerabilities like this, but it is vital that Magento users patch Magento immediately. Select and download the patch for SUPEE-5344.

Cloudflare's connectivity cloud protects entire corporate networks, helps customers build Internet-scale applications efficiently, accelerates any website or Internet application, wards off DDoS attacks, keeps hackers at bay, and can help you on your journey to Zero Trust.

Visit 1.1.1.1 from any device to get started with our free app that makes your Internet faster and safer.

To learn more about our mission to help build a better Internet, start here. If you're looking for a new career direction, check out our open positions.

Vulnerabilities WAF Rules Reliability WAF

Follow on X

Cloudflare|@cloudflare

August 12, 2024 2:00 PM

Advancing Threat Intelligence: JA4 fingerprints and inter-request signals

Explore how Cloudflare's JA4 fingerprinting and inter-request signals provide robust and scalable insights for advanced web security and threat detection. ...

Alex Bocharov,
Adam Martinetti

Bot Management, Threat Intelligence, WAF, Application Services

July 25, 2024 1:00 PM

Making WAF ML models go brrr: saving decades of processing time

In this post, we discuss the performance optimizations we've implemented for our WAF ML product. We'll guide you through specific code examples and benchmark numbers, and we'll share the impressive latency reduction numbers observed after the rollout...

Alex Bocharov

Machine Learning, WAF, Performance, Optimization, Rust, AI WAF, WAF Attack Score

July 11, 2024 5:00 PM

Application Security report: 2024 update

Cloudflare’s updated 2024 view on Internet cyber security trends spanning global traffic insights, bot traffic insights, API traffic insights, and client-side risks...

Application Security, WAF, Bot Management, API

July 09, 2024 12:00 PM

RADIUS/UDP vulnerable to improved MD5 collision attack

The RADIUS protocol is commonly used to control administrative access to networking gear. Despite its importance, RADIUS hasn’t changed much in decades. We discuss an attack on RADIUS as a case study for why it’s important for legacy protocols to keep up with advancements in cryptography...

Vulnerabilities