Security advisories

GlobalSign TLS certificate revocation errors

October 18, 2016

On October 13, 2016 around 11:10am GMT, users visiting websites using GlobalSign TLS certificates, including some hosted by Fastly, started experiencing TLS certificate validation errors. This issue was caused by incorrect certificate revocation information published by our certificate vendor, GlobalSign.

This security advisory describes the root cause of this issue, and describes the actions Fastly has taken to limit customer impact.

Vulnerability in use of HTTP_PROXY by CGI

July 18, 2016

On Monday, July 18, 2016, security researchers published information on a vulnerability in the handling of the HTTP_PROXY environment variable by specific Common Gateway Interface (CGI) scripts. While this vulnerability does not affect Fastly, web servers used as origins may run a variety of scripts, some of which may be vulnerable. This Security Advisory provides guidance to customers on how they can protect origin servers from attacks.

DROWN Attack & Fastly

March 1, 2016

Today in conjunction with an OpenSSL Security Advisory{:target="_blank} several researchers announced a new attack on HTTPS{:target="_blank"} they are calling “Decrypting RSA with Obsolete and Weakened Encryption,” or DROWN. Due to Fastly’s existing TLS configuration, our services, and customers using Fastly as their CDN, are not vulnerable to this attack.

Securing Edge-To-Origin TLS

February 18, 2016

Fastly has fixed a problem in our default Transport Layer Security (TLS) configuration that prevented proper certificate validation when connecting to customer origin servers. Services created after September 6th, 2015 were not affected. This advisory describes the issue to inform our customers of the potential exposure, the fix we’ve made, and additional improvements we’re making.

This vulnerability has been assigned Fastly Security severity rating of HIGH.

CVE-2015-7547 Buffer Overflow in glibc

February 16, 2016

On Tuesday, February 16th, researchers published details about a new vulnerability in the glibc library, a standard C library. The vulnerability existed in the code used to translate hostnames into IP addresses. Processes that use it are very common across network service providers, such as CDNs.

Fastly immediately implemented a security update on affected systems. No customer action is required. Fastly’s service was not impacted.

Subscribe to security advisories.

By creating an account you agree to the Terms of Service and acknowledge our Privacy Policy.