What is Cloudbleed

Posted by seerer on August 20th, 2021

Tavis Ormandy working for Google project zero team noticed corrupted web pages returned by HTTP request through Cloudflare servers. Websites were returning HTTP session and other information that was confidential including text messages from social dating sites among other sensitive information.

He then contacted Cloudflare and informed them of his observation, the bug was coming  from cloudflare edge servers and on a careful investigation by Cloudflare team turned out to be a serious bug.

Fig 1.1: Ormandy contacting the cloudflare security team after discovering the breach

Some of the services offered by Cloudflare were turned off as they were found to be susceptible to the Cloudbleed bug, the services were :

Like it? Share it!


seerer

About the Author

seerer
Joined: January 22nd, 2020
Articles Posted: 14

More by this author