HTTP/2

Organizations Respond to HTTP/2 Zero-Day Exploited for DDoS Attacks

by

October 11, 2023 at 08:24AM Tech companies including Cloudflare, AWS, and Google have responded to the HTTP/2 zero-day vulnerability that led to massive distributed denial-of-service attacks. The attacks exploited the HTTP/2 Rapid Reset feature, resulting in servers being taken down. Organizations like CISA, Microsoft, NGINX, F5, Netty, Apache, Swift, and Linux distributions have issued advisories … Read more

HTTP/2 ‘Rapid Reset’ zero-day exploited in biggest DDoS deluge seen yet

by

October 10, 2023 at 04:46PM Cloudflare reported that the largest distributed denial-of-service (DDoS) attack ever recorded was launched using a zero-day vulnerability in the HTTP/2 protocol. The attack surpassed 398 million requests per second, more than five times larger than the previous record. Google, Cloudflare, and AWS have disclosed the vulnerability and implemented mitigations to … Read more