WAF - WAF Release - 2025-08-25
10mo ago
Source
CloudflareWAF - WAF Release - 2025-08-25cloudflare.comThis week's update This week, critical vulnerabilities were disclosed that impact widely used open-source infrastructure, creating high-risk scenarios for code execution and operational disruption. Key Findings Apache HTTP Server – Code Execution (CVE-2024-38474): A flaw in Apache HTTP Server allows attackers to achieve remote code execution, enabling full compromise of affected servers. This vulnerability threatens the confidentiality, integrity, and availability of critical web services. Laravel (CVE-2024-55661): A security flaw in Laravel introduces the potential for remote code execution under specific conditions. Exploitation could provide attackers with unauthorized access to application logic and sensitive backend data. Impact These vulnerabilities pose severe risks to enterprise environments and open-source ecosystems. Remote code execution enables attackers to gain deep system access, steal data, disrupt services, and establish persistent footholds for broader intrusions. Given the widespread deployment of Apache HTTP Server and Laravel in production systems, timely patching and mitigation are critical. Ruleset Rule ID Legacy Rule ID Description Previous Action New Action Comments Cloudflare Managed Ruleset c550282a0f7343ca887bdab528050359 100822_BETA WordPress:Plugin:WPBookit - Remote Code Execution - CVE:CVE-2025-6058 N/A Disabled This was merged in to the original rule "WordPress:Plugin:WPBookit - Remote Code Execution - CVE:CVE-2025-6058" (ID: 9b5c5e13d2ca4253a89769f2194f7b2d ) Cloudflare Managed Ruleset 456b1e8f827b4ed89fb4a54b3bdcdbad 100831 Apache HTTP Server - Code Execution - CVE:CVE-2024-38474 Log Disabled This is a New Detection Cloudflare Managed Ruleset 7dcc01e1dd074e42a26c8ca002eaac5b 100846 Laravel - Remote Code Execution - CVE:CVE-2024-55661 Log Disabled This is a New Detection
You might also wanna read
Cloudflare expands AI bot management tools with granular traffic controls for all customers
Cloudflare is celebrating the second "Content Independence Day" by expanding AI traffic management options for all website owners. Building
Workers - Simpler runtime types with @cloudflare/workers-types v5
Cloudflare·1d ago
AI Search - Manage AI Search sync jobs with Wrangler CLI
Cloudflare·2d ago
Workers - Work across multiple accounts with Wrangler auth profiles
Cloudflare·2d ago
Cache - Cache multiple versions of a URL with Vary
Cloudflare·2d ago
Cloudflare One - Hostname routing for Cloudflare Mesh
Cloudflare·2d ago

Comments
Sign in to join the conversation.
No comments yet. Be the first.