Categories: US-Cert-Repository

HTTP/2 Rapid Reset Vulnerability, CVE-2023-44487

Researchers and vendors have disclosed a denial-of-service (DoS) vulnerability in HTTP/2 protocol. The vulnerability (CVE-2023-44487), known as Rapid Reset, has been exploited in the wild in August 2023 through October 2023.

CISA recommends organizations that provide HTTP/2 services apply patches when available and consider configuration changes and other mitigations discussed in the references below. For more information on Rapid Reset, see:

Cloudflare: HTTP/2 Rapid Reset: deconstructing the record-breaking attack
Google: How it works: The novel HTTP/2 ‘Rapid Reset’ DDoS attack
AWS: CVE-2023-44487 – HTTP/2 Rapid Reset Attack
NGINX: HTTP/2 Rapid Reset Attack Impacting NGINX Products
Microsoft Response to Distributed Denial of Service (DDoS) Attacks against HTTP/2

Organizations can take proactive steps to reduce the effects of DoS attacks. See the following guidance for more information:

CISA: Understanding and Responding to Distributed Denial-of-Service Attacks
CISA: Additional DDoS Guidance for Federal Agencies

Source link

admin

Next CISA Adds One Known Exploited Vulnerability to Catalog »

Previous « Fortinet Releases Security Updates for Multiple Products

This website uses cookies.

HTTP/2 Rapid Reset Vulnerability, CVE-2023-44487

Recent Posts

CISA Releases 10 Industrial Control Systems Advisories

CISA Adds Five Known Exploited Vulnerabilities to Catalog

CISA Releases One Industrial Control Systems Advisory

CISA Directs Federal Agencies to Mitigate Vulnerabilities in F5 Devices

CISA Releases Thirteen Industrial Control Systems Advisories

CISA Adds One Known Exploited Vulnerability to Catalog