FearsOff研究人员在审查WAF配置拦截全局访问、仅允许特定来源的应用时发现了该漏洞。测试表明,针对ACME挑战路径的请求会完全绕过WAF规则,使主机服务器直接响应而非返回Cloudflare拦截页面。
A critical vulnerability in Cloudflare's Web Application Firewall (WAF) gave attackers easy access to otherwise protected ...
Cloudflare announced that it closed all HTTP connections and it is now accepting only secure, HTTPS connections for api.cloudflare.com. The move prevents unencrypted API requests from being sent, even ...
一些您可能无法访问的结果已被隐去。
显示无法访问的结果