Security News > 2023 > October > HTTP/2 Rapid Reset Zero-Day Vulnerability Exploited to Launch Record DDoS Attacks
2023-10-10 15:24
Amazon Web Services (AWS), Cloudflare, and Google on Tuesday said they took steps to mitigate record-breaking distributed denial-of-service (DDoS) attacks that relied on a novel technique called HTTP/2 Rapid Reset. The layer 7 attacks were detected in late August 2023, the companies said in a coordinated disclosure. The cumulative susceptibility to this attack is being tracked as CVE-2023-44487,
News URL
https://thehackernews.com/2023/10/http2-rapid-reset-zero-day.html
Related news
- New HTTP/2 Vulnerability Exposes Web Servers to DoS Attacks (source)
- Apple fixes two new iOS zero-days exploited in attacks on iPhones (source)
- DarkGate Malware Exploited Recently Patched Microsoft Flaw in Zero-Day Attack (source)
- CISA: Here’s how you can foil DDoS attacks (source)
- Crafting Shields: Defending Minecraft Servers Against DDoS Attacks (source)
- Attack Surface Management vs. Vulnerability Management (source)
- Ivanti fixes VPN gateway vulnerability allowing RCE, DoS attacks (source)
- New HTTP/2 DoS attack can crash web servers with a single connection (source)
- Microsoft fixes two Windows zero-days exploited in malware attacks (source)
- Critical 'BatBadBut' Rust Vulnerability Exposes Windows Systems to Attacks (source)
Related Vulnerability
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2023-10-10 | CVE-2023-44487 | Resource Exhaustion vulnerability in multiple products The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023. | 7.5 |