Understanding the HTTP/2 Zero-Day vulnerability
e92plus
October 2023
by Neil Langridge
Starting on the 25th August, a series of huge, hyper-volumetric Distributed Denial of Service (DDoS) attacks began - resulting in the biggest attack ever recorded. With 1,100 assults generated over 10 million RPS (requests per second), this is on a brand new scale. But what does this mean?
Here's some key information:
What is this attack?
This attack exploits a zero-day vulnerability dubbed the “HTTP/2 Rapid Reset” attack. This attack exploits a weakness in the HTTP/2 protocol.
What is HTTP/2?
It's a fundamental protocol that is critical to how the Internet and all websites work, and this zero-day vulnerability (dubbed the “HTTP/2 Rapid Reset” attack) exploits a weakness in the HTTP/2 protocol.
Why does it matter?
By automating the trivial “request, cancel, request, cancel” pattern at scale, threat actors are able to create a denial of service and take down any server or application running the standard implementation of HTTP/2. And that's a lot of the internet, and public web applications - from online shops to customer portals to standard websites.
Who is vulnerable?
Any organisation running a website that uses HTTP/2 - and that's most of them - might be not be protected. If that web app is key to their business (e.g. used by customers for placing orders), then they are vulernable to having that site being taken down by bad actors. Now the disclosure has been responsibly released by Cloudflare, along with Google and Amazon AWS (after working with software vendors to release patches), everyone knows - including the criminals and malicious hackers.
What can partners do?
Any VAR or MSP providing cybersecurity advice or services should speak to their customers immediately to understand their potential exposure. But it's complex - and so Cloudflare have creating a series of essential resources with more information starting with https://blog.cloudflare.com/zero-day-rapid-reset-http2-record-breaking-ddos-attack/.
Next steps
This is a brand new type of attack, and speed of response is key. Join our 20 minute quick response webinar at 3pm 18th October, when we'll be joined by Saikrishna Chavali from Cloudflare with essential insights, and practical advice on how to support your customers now and in the future.
Wednesday 3pm, 18th October
Register for the webinar at www.e92plus.com/http2
Here's some key information:
What is this attack?
This attack exploits a zero-day vulnerability dubbed the “HTTP/2 Rapid Reset” attack. This attack exploits a weakness in the HTTP/2 protocol.
What is HTTP/2?
It's a fundamental protocol that is critical to how the Internet and all websites work, and this zero-day vulnerability (dubbed the “HTTP/2 Rapid Reset” attack) exploits a weakness in the HTTP/2 protocol.
Why does it matter?
By automating the trivial “request, cancel, request, cancel” pattern at scale, threat actors are able to create a denial of service and take down any server or application running the standard implementation of HTTP/2. And that's a lot of the internet, and public web applications - from online shops to customer portals to standard websites.
Who is vulnerable?
Any organisation running a website that uses HTTP/2 - and that's most of them - might be not be protected. If that web app is key to their business (e.g. used by customers for placing orders), then they are vulernable to having that site being taken down by bad actors. Now the disclosure has been responsibly released by Cloudflare, along with Google and Amazon AWS (after working with software vendors to release patches), everyone knows - including the criminals and malicious hackers.
What can partners do?
Any VAR or MSP providing cybersecurity advice or services should speak to their customers immediately to understand their potential exposure. But it's complex - and so Cloudflare have creating a series of essential resources with more information starting with https://blog.cloudflare.com/zero-day-rapid-reset-http2-record-breaking-ddos-attack/.
Next steps
This is a brand new type of attack, and speed of response is key. Join our 20 minute quick response webinar at 3pm 18th October, when we'll be joined by Saikrishna Chavali from Cloudflare with essential insights, and practical advice on how to support your customers now and in the future.
Wednesday 3pm, 18th October
Register for the webinar at www.e92plus.com/http2