Security News > 2023 > October > Dangerous vulnerability can be exploited to carry out massive DDoS attacks (CVE-2023-44487)
Cloudflare, Google, and Amazon AWS revealed that a zero-day vulnerability in the HTTP/2 protocol has been used to mount massive, high-volume DDoS attacks, which they dubbed HTTP/2 Rapid Reset.
Based on Cloudflare's data, several attacks leveraging Rapid Reset were nearly three times larger than the largest DDoS attack in Internet history.
At the peak of this DDoS campaign, Cloudflare recorded and handled over 201 million requests per second and mitigated thousands of additional attacks.
Threat actors with record-shattering attack methods have difficulty testing and understanding their effectiveness due to the lack of infrastructure to absorb the attacks.
"While large-scale attacks such as those leveraging vulnerabilities like Rapid Reset can be complex and difficult to mitigate, they provide us unprecedented visibility into new threat actor techniques early in development," said Grant Bourzikas, CSO at Cloudflare.
"While this DDoS attack and vulnerability may be in a league of their own, there will always be other zero-day, evolving threat actor tactics, and new novel attacks and techniques-the continuous preparation and response to these is core to our mission to help build a better Internet," said Matthew Prince, CEO at Cloudflare.
News URL
https://www.helpnetsecurity.com/2023/10/10/cve-2023-44487-http-2-rapid-reset/
Related news
- CISA: Here’s how you can foil DDoS attacks (source)
- Crafting Shields: Defending Minecraft Servers Against DDoS Attacks (source)
- Attack Surface Management vs. Vulnerability Management (source)
- Ivanti fixes VPN gateway vulnerability allowing RCE, DoS attacks (source)
- New HTTP/2 Vulnerability Exposes Web Servers to DoS Attacks (source)
- Critical 'BatBadBut' Rust Vulnerability Exposes Windows Systems to Attacks (source)
- New R Programming Vulnerability Exposes Projects to Supply Chain Attacks (source)
- Germany points finger at Fancy Bear for widespread 2023 hacks, DDoS attacks (source)
- New Wi-Fi Vulnerability Enables Network Eavesdropping via Downgrade Attacks (source)