Skip to content Skip to footer

New HTTP/2 Vulnerability Exposes Web Servers to DoS Attacks

New research has found that the CONTINUATION frame in the HTTP/2 protocol can be exploited to conduct denial-of-service (DoS) attacks.

The technique has been codenamed HTTP/2 CONTINUATION Flood by security researcher Bartek Nowotarski, who reported the issue to the CERT Coordination Center (CERT/CC) on January 25, 2024.

Overview of the

As highlighted by Bartek Nowotarski, the lies in the improper limitation or sanitization of the CONTINUATION frame in many HTTP/2 implementations. This oversight opens the door to that can overwhelm servers, disrupting their availability and performance.

Impact on Servers

servers using HTTP/2 are at risk of being targeted by attackers leveraging the HTTP/2 CONTINUATION Flood technique. This poses a serious threat to the stability and reliability of online services that rely on the HTTP/2 protocol for faster and more efficient communication between clients and servers.

Recommendations for Mitigation

To mitigate the risk of exploitation, organizations are advised to update their HTTP/2 implementations promptly with patches that address the . Additionally, implementing proper rate limiting and input validation measures can help prevent targeting the CONTINUATION frame.

Leave a comment

Newsletter Signup
Address

The Grid —
The Matrix Has Me
Big Bear Lake, CA 92315

01010011 01111001 01110011 01110100 01100101 01101101 00100000
01000110 01100001 01101001 01101100 01110101 01110010 01100101

I don't like the idea that I’m not in control of my lifeNeo

Deitasoft © 2024. All Rights Reserved.