Record DDoS attacks: fixes quickly released
HTTP2 vulnerability exploited by large-scale DDoS attacks: here are the solutions
Web server vendors address Rapid Reset vulnerability in HTTP2 protocol that caused DDoS attacks. Fixes have been released for many affected products. Large DDoS attacks have been mitigated thanks to a zero-day vulnerability in the HTTP/2 protocol called HTTP/2 Rapid Reset.
Contribute to spreading the culture of prevention!
Support our cause with a small donation by helping us raise awareness among users and companies about cyber threats and defense solutions.
Vendors Rush to Fix Rapid Reset Vulnerability. Web server vendors have worked quickly to respond to a vulnerability in the HTTP2 protocol that Google has detected, which has enabled high-capacity DDoS attacks observed since last August 2023. The vulnerability, identified as CVE-2023-44487, is based on the HTTP2's ability to support multiple streams in a TCP session and is exploited in what Google has called a "Rapid Reset" attack.
The Rapid Reset attack in detail
Essentially, the attacker's client opens a large number of flows per TCP session to the server and immediately cancels them, causing resource exhaustion on the server. "The ability to immediately cancel flows allows each connection to have an infinite number of requests in progress. By explicitly canceling requests, the attacker never exceeds the limit on the number of flows open at the same time," Google's technical post states.
Fixes have already been released for a large number of affected products (a complete list is available in the vulnerability's CVE entry). Among the products already fixed are Eclipse's Jetty project, Swift, the NGHTTP2 library, Alibaba's Tengine, Apache Tomcat, some F5 Big-IP products, Bugzilla's Proxmox, FreeBSD, Golang, Facebook's Proxygen, and many others.
Record DDoS attacks and mitigation
Cloudflare, Google, Microsoft and Amazon say they successfully mitigated the largest DDoS attacks ever recorded in August and September, thanks to a zero-day vulnerability in the HTTP/2 protocol called "HTTP/2 Rapid Reset." The attacks exploited HTTP/2's ability to make simultaneous requests to a website over a single connection, immediately sending and canceling "hundreds of thousands" of requests to websites. The attacks overloaded the servers and rendered them inoperable. Google saw the highest traffic spike, with over 398 million requests per second, while Cloudflare and Amazon recorded 201 million and 155 million requests per second, respectively. Microsoft has not disclosed its data. DDoS attacks are common and can cause serious problems, as has been the case with Outlook, AO3, and other major online services.Follow us on Telegram for more pills like this