CloudFlare – CloudBleed Security Vulnerability Found

A CloudFlare security vulnerability has been found recently. This is a memory bug which could allow sensitive information to get leaked. CloudFlare has since patched this security risk.

However, while this bug was in the wild, valuable data may have been compromised. Tavis Ormandy part of Google's Project Zero first noticed this security problem. He noticed corrupt data from some CloudFlare hyper text transfer protocol servers.

CloudFlare's edge servers were returning back private and sensitive data. Also, this data was being cached by some search engines. This data was only exclusive to non security HTTP requests.

In other words data protected with secure sockets layer was not vulnerable. CloudFlare claims they were able to patch this bug in less than seven hours. Initially, they shutdown email obfuscation, server side excludes and automatic secure hyper text transfer protocol rewrites. CloudFlare worked with Google and other search engines to help removal of possible cached sensitive information.

Unfortunately, sensitive data such as passwords may have been leaked while this exploit was live. CloudFlare is a content delivery network.

Leave a Comment
Did my information help solve one of your most common computer problems? If so, you can contribute to keep getting valuable tips, tricks, and techniques at

About Author Aaron J. Berg

Aaron J. Berg is the owner of Anet Computers, host of the Reality PC podcast, and blogger at For over thirteen years, he worked for fortune 500 companies and the United States Federal government supporting computers. Now he helps you solve your most common computer problems.

Leave a Reply