Categories: US-Cert-Repository

HTTP/2 Rapid Reset Vulnerability, CVE-2023-44487

Researchers and vendors have disclosed a denial-of-service (DoS) vulnerability in HTTP/2 protocol. The vulnerability (CVE-2023-44487), known as Rapid Reset, has been exploited in the wild in August 2023 through October 2023.

CISA recommends organizations that provide HTTP/2 services apply patches when available and consider configuration changes and other mitigations discussed in the references below. For more information on Rapid Reset, see:

Cloudflare: HTTP/2 Rapid Reset: deconstructing the record-breaking attack
Google: How it works: The novel HTTP/2 ‘Rapid Reset’ DDoS attack
AWS: CVE-2023-44487 – HTTP/2 Rapid Reset Attack
NGINX: HTTP/2 Rapid Reset Attack Impacting NGINX Products
Microsoft Response to Distributed Denial of Service (DDoS) Attacks against HTTP/2

Organizations can take proactive steps to reduce the effects of DoS attacks. See the following guidance for more information:

CISA: Understanding and Responding to Distributed Denial-of-Service Attacks
CISA: Additional DDoS Guidance for Federal Agencies

Source link

admin

Next CISA Adds One Known Exploited Vulnerability to Catalog »

Previous « Fortinet Releases Security Updates for Multiple Products

This website uses cookies.

HTTP/2 Rapid Reset Vulnerability, CVE-2023-44487

Recent Posts

MyDoom.B Virus

Multiple Vulnerabilities in Microsoft Internet Explorer

HTTP Parsing Vulnerabilities in Check Point Firewall-1

Multiple Vulnerabilities in Microsoft Windows

Vulnerability in Microsoft Outlook 2002

Multiple Vulnerabilities in OpenSSL