Cloudbleed (also known as CloudLeak and CloudFlare Bug) is a security bug discovered on February 17, 2017 affecting Cloudflare‘s reverse proxies,[1] which caused their edge servers to run past the end of a buffer and return memory that contained private information such as HTTP cookies, authentication tokens, HTTP POST bodies, and other sensitive data.

As a result, data from one Cloudflare customer were leaked out and went to any other CloudFlare customers that happened to be in the server’s memory on that particular moment. Some of this data was cached by search engines.

The discovery was reported by Google Project Zero team.[1] Tavis Ormandy[9]



Post navigation

Leave a Reply

Your email address will not be published. Required fields are marked *

Pin It on Pinterest