New HTTP/2 Vulnerability Exposes Web Servers to DoS Attacks

April 4, 2024 at 08:03AM New research has revealed a vulnerability in the HTTP/2 protocol, named HTTP/2 CONTINUATION Flood, which can be exploited to conduct denial-of-service (DoS) attacks. The issue affects multiple HTTP/2 implementations and could lead to server crashes, performance degradation, and memory exhaustion. Upgrading affected software or temporarily disabling HTTP/2 is recommended. After … Read more

New HTTP/2 DoS Attack Potentially More Severe Than Record-Breaking Rapid Reset

April 4, 2024 at 07:30AM Researcher Bartek Nowotarski has unveiled a new denial-of-service (DoS) attack method named HTTP/2 Continuation Flood, potentially posing a greater threat than the previous Rapid Reset vulnerability. The attack exploits a flaw in the handling of HTTP/2 frames and has affected various implementations. Patches and mitigations are being issued, and the … Read more