February 2017 Archives

On memory overflow and responses

On February 23, 2017, Cloudflare released information on a bug that was disclosed by Google security researcher, Tavis Ormandy, in their content delivery network. The bug potentially exposed sensitive customer data to the Internet. Approximately 1 in every 3,300,000 HTTP requests may have contained potentially sensitive information.  This information would normally be stored and cached by users and search engines as part of normal website sessions.  This bug is similar to Heartbleed, in that uninitialized memory was accidentally being sent along with regular data. Unlike Heartbleed, which required malicious requests, this bug was in Cloudflare's HTML parser code, which means that sensitive data could be sent as part of normal client requests.abcdef

About this Archive

This page is an archive of entries from February 2017 listed from newest to oldest.

April 2017 is the next archive.

Find recent content on the main index or look in the archives to find all content.

Categories

Monthly Archives