Cloudflare memory dump issue ("Cloudbleed")

Follow
Cumulocity is not affected by the recently published Cloudbleed vulnerability.
 
As general security policy,
  • Cumulocity does not employ any content distribution networks to serve IoT requests, but receives and serves the requests directly. This is to ensure end-to-end security from the device to the Cumulocity server as well as from the application to the Cumulocity server.
  • Cumulocity bases its own software development on an implementation technology that makes buffer overruns, a frequent source of vulnerabilities, impossible. The web server employed by Cumulocity is a mainstream open source component that is continuously maintained and under constant monitoring of the security community.
  • Cumulocity enforces a strong separation of customers to prevent leaks of data.
 
Background: https://bugs.chromium.org/p/project-zero/issues/detail?id=1139
Have more questions? Submit a request

Comments