Call usTry Fastly free

Security advisories

Vulnerability in use of HTTP_PROXY by CGI

July 18, 2016

On Monday, July 18, 2016, security researchers published information on a vulnerability in the handling of the HTTP_PROXY environment variable by specific Common Gateway Interface (CGI) scripts. While this vulnerability does not affect Fastly, web servers used as origins may run a variety of scripts, some of which may be vulnerable. This Security Advisory provides guidance to customers on how they can protect origin servers from attacks.

DROWN Attack & Fastly

March 1, 2016

Today in conjunction with an OpenSSL Security Advisory{:target="_blank} several researchers announced a new attack on HTTPS{:target="_blank"} they are calling “Decrypting RSA with Obsolete and Weakened Encryption,” or DROWN. Due to Fastly’s existing TLS configuration, our services, and customers using Fastly as their CDN, are not vulnerable to this attack.

Securing Edge-To-Origin TLS

February 18, 2016

Fastly has fixed a problem in our default Transport Layer Security (TLS) configuration that prevented proper certificate validation when connecting to customer origin servers. Services created after September 6th, 2015 were not affected. This advisory describes the issue to inform our customers of the potential exposure, the fix we’ve made, and additional improvements we’re making.

This vulnerability has been assigned Fastly Security severity rating of HIGH.

CVE-2015-7547 Buffer Overflow in glibc

February 16, 2016

On Tuesday, February 16th, researchers published details about a new vulnerability in the glibc library, a standard C library. The vulnerability existed in the code used to translate hostnames into IP addresses. Processes that use it are very common across network service providers, such as CDNs.

Fastly immediately implemented a security update on affected systems. No customer action is required. Fastly’s service was not impacted.

Subscribe to security advisories.

By submitting your request, you consent to your information being transmitted to Fastly in the United States for processing consistent with our Privacy Policy.