Cloudflare’s protection against a new Remote Code Execution vulnerability (CVE-2019-16759) in vBulletin

On September 28, 2019, Cloudflare released a new rule as part of its Cloudflare Specials Rulesets to protect customers against a high-severity vulnerability in vBulletin. The proprietary Internet forum software was found to have a zero-day vulnerability that could allow bad actors to gain privileged access and control over host servers through Remote Code Execution (RCE). This vulnerability has a CVSS score of 9.8/10 and affects seven out of the ten key risk areas of the OWASP Top 10 in 2017. RCE is considered a type of injection that can potentially lead to catastrophic attacks, allowing attackers to gain privileged access to host servers and perform malicious activities such as discovering additional vulnerabilities, checking for misconfigured file permissions, or deleting logs. Cloudflare's continuously learning Firewall provides protection against common RCE attacks, including the specific vBulletin vulnerability through a new rule in its Cloudflare Specials Rulesets (ruleId: 100166). Customers with Managed Rulesets and Cloudflare Specials enabled will be immediately protected. Those who don't have these features can deploy a patch from the vBulletin team to protect themselves.