HTTP/2 Rapid Reset DDOS Vulnerability Affects Virtually Any Website
Server software companies race to patch a severe DDOS vulnerability that potentially affects virtually every website
Brought to you by Trickyenough
Details of a new form of DDOS that requires relatively minimal resources to launch an attack of unprecedented scale, making it a clear danger for websites as server software companies race to release patches to protect against it.
Brought to you by Trickyenough
HTTP/2 Rapid Reset Exploit
The vulnerability takes advantage of the HTTP/2 and HTTP/3 network protocols that allow multiple streams of data to and from a server and a browser.
Brought to you by Trickyenough
This means that the browser can request multiple resources from a server and get them all returned, rather than having to wait for each resource to download one at a time.
Brought to you by Trickyenough
The exploit that was publicly announced by Cloudflare, Amazon Web Services (AWS) and Google is called HTTP/2 Rapid Reset.
Brought to you by Trickyenough
The vast majority of modern web servers use the HTTP/2 network protocol.
Because there is currently no software patch to fix the HTTP/2 security hole, it means that virtually every server is vulnerable.
Brought to you by Trickyenough
An exploit that is new and has no way to mitigate it is called a zero-day exploit.