/plushcap/analysis/cloudflare/cloudflare-is-protected-against-cve-2015-1635

Protection against critical Windows vulnerability (CVE-2015-1635)

What's this blog post about?

On April 15, 2015, new information emerged about the MS15-034 vulnerability affecting Windows web servers. A proof of concept (PoC) code has been released that can cause a server to hang when it receives an HTTP Range header containing large byte offsets. To address this issue, CloudFlare implemented a Web Application Firewall (WAF) rule blocking such requests. Customers on a paid plan with WAF enabled are automatically protected against this problem. It is strongly advised to update IIS and Windows servers as soon as possible; in the meantime, any attempts to exploit this Denial of Service/Remote Code Execution vulnerability through CloudFlare will be blocked.

Company
Cloudflare

Date published
April 15, 2015

Author(s)
Ben Cartwright-Cox

Word count
106

Language
English

Hacker News points
26


By Matt Makai. 2021-2024.