Categories: US-Cert-Repository

HTTP/2 Rapid Reset Vulnerability, CVE-2023-44487

Researchers and vendors have disclosed a denial-of-service (DoS) vulnerability in HTTP/2 protocol. The vulnerability (CVE-2023-44487), known as Rapid Reset, has been exploited in the wild in August 2023 through October 2023.

CISA recommends organizations that provide HTTP/2 services apply patches when available and consider configuration changes and other mitigations discussed in the references below. For more information on Rapid Reset, see:

Cloudflare: HTTP/2 Rapid Reset: deconstructing the record-breaking attack
Google: How it works: The novel HTTP/2 ‘Rapid Reset’ DDoS attack
AWS: CVE-2023-44487 – HTTP/2 Rapid Reset Attack
NGINX: HTTP/2 Rapid Reset Attack Impacting NGINX Products
Microsoft Response to Distributed Denial of Service (DDoS) Attacks against HTTP/2

Organizations can take proactive steps to reduce the effects of DoS attacks. See the following guidance for more information:

CISA: Understanding and Responding to Distributed Denial-of-Service Attacks
CISA: Additional DDoS Guidance for Federal Agencies

Source link

admin

Next CISA Adds One Known Exploited Vulnerability to Catalog »

Previous « Fortinet Releases Security Updates for Multiple Products

This website uses cookies.

HTTP/2 Rapid Reset Vulnerability, CVE-2023-44487

Recent Posts

CISA Releases Four Industrial Control Systems Advisories

CISA Adds One Known Exploited Vulnerability to Catalog

CISA Adds Three Known Exploited Vulnerabilities to Catalog

CISA Adds Two Known Exploited Vulnerabilities to Catalog

CISA Releases Thirty-Two Industrial Control Systems Advisories

CISA and Partners Release Asset Inventory Guidance for Operational Technology Owners and Operators