#HTTP2Implementation

New HTTP/2 DoS attack can crash web servers with a single connection

by

April 4, 2024 at 11:30AM Newly discovered HTTP/2 protocol vulnerabilities, “CONTINUATION Flood,” can lead to denial of service (DoS) attacks, crashing web servers with a single TCP connection in some implementations. Discovered by researcher Barket Nowotarski, these vulnerabilities relate to the use of HTTP/2 CONTINUATION frames, not properly limited or checked, potentially causing memory outages, … Read more

New HTTP/2 Vulnerability Exposes Web Servers to DoS Attacks

by

April 4, 2024 at 08:03AM New research has revealed a vulnerability in the HTTP/2 protocol, named HTTP/2 CONTINUATION Flood, which can be exploited to conduct denial-of-service (DoS) attacks. The issue affects multiple HTTP/2 implementations and could lead to server crashes, performance degradation, and memory exhaustion. Upgrading affected software or temporarily disabling HTTP/2 is recommended. After … Read more