High Threat Security Alert (A23-10-16): Vulnerability in HTTP/2 protocol
16 October 2023
A vulnerability (CVE-2023-44487) was found in HTTP/2 protocol. A remote attacker could send the specially crafted requests to exploit the vulnerability in an attempt to carrying out distributed denial-of-service (DDoS) attacks as known as “Rapid Reset”.
Reports indicated a denial of service vulnerability (CVE-2023-44487) in HTTP/2 protocol is being exploited to carry out distributed denial-of-service (DDoS) attacks as known as “Rapid Reset”. System administrators are advised to take immediate action to patch your affected systems or follow the recommendations provided by the product vendors to mitigate the elevated risk of cyber attacks.
Systems with HTTP/2 protocol enabled
A successful attack could lead to denial of service on an affected system.
An inexhaustive list of advisories published by product vendors is provided below. It is strongly recommended to consult product vendors if the used software products are affected and corresponding patches/mitigation measures are available. If so, system administrators should apply the patches when available or follow the recommendations provided by the product vendors to mitigate the risk.