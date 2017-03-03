Cloudflare last week announced that it has fixed the Cloudbleed software bug responsible for a buffer overrun problem that caused its edge servers to return private information in response to some HTTP requests.

That private information included HTTP cookies, authentication tokens and HTTP POST bodies. However, SSL private keys weren't leaked, said Cloudflare CTO John Graham-Cumming in an online post.

"This happened in response to a very small number of requests in the Cloudflare system -- about 1 in 3.3 million," a Cloudflare spokesperson said in a statement provided to TechNewsWorld by company rep Katie Warmuth.

Some of that data had been cached by search engines.

"We realize that this was a very serious bug and that we dodged a bullet in that [it] did not lead to more problems than it did," the Cloudflare spokesperson remarked.

Cloudflare hasn't discovered any evidence of malicious exploits of the bug or other reports of its existence.

That "is not the same as saying [the bug] was not exploited," remarked James Scott, senior fellow at the Institute for Critical Infrastructure.

"It just means that no exploitation was detected," he told TechNewsWorld.