Blog | G5 Cyber Security

8 New HTTP/2 Implementation Flaws Expose Websites to DoS Attacks

Vulnerabilities found in HTTP/2, the latest version of the HTTP network protocol, have been found. Seven of eight high-severity, seven discovered by Netflix and one by Google, exist due to resource exhaustion when handling malicious input, allowing a client to overload server’s queue management code. The vulnerabilities can be exploited to launch Denial of Service (DoS) attacks against millions of online services and websites that are running on a vulnerable implementation of the protocol. Affected vendors include NGINX H2O, Nghttp2, Microsoft (IIS), Cloudflare Akamai, Apple (SwiftNIO), Amazon, Amazon, Facebook (Proxygen), Facebook (proxygen), Node.js, and Envoy proxy.

Source: https://thehackernews.com/2019/08/http2-dos-vulnerability.html

Exit mobile version