A critical zero-day vulnerability in Cloudflare’s Web Application Firewall (WAF) allowed attackers to bypass security controls and directly access protected origin servers through a certificate validation path. Security researchers from FearsOff discovered that requests targeting the /.well-known/acme-challenge/ directory could reach origins even when customer-configured WAF rules explicitly blocked all other traffic. The Automatic Certificate Management […]
The post Cloudflare Zero-Day Vulnerability Enables Any Host Access Bypassing Protections appeared first on Cyber Security News.
This article has been indexed from Cyber Security News
Read the original article: