[SingCERT] Threat Alert on Cloudflare CloudBleed
24 February 2017
Last updated on 7 March 2017, 15:13
On 18 February 0032 GMT, a critical system vulnerability caused by a parser bug was reported to Cloudflare. On 18 February 0722, Cloudflare determined the root cause and turned off three of its features (namely Email Obfuscation, Server-side Excludes and Automatic HTTPS Rewrites) that were using the same HTML parser chain which caused the leak.