Walkthrough in the newly discovered HTTP/2 DoS Rapid Reset Vulnerability
Take action: Check your web server or web application exposed to the internet for new versions that will implement patches to the Rapid Reset vulnerability. Also, check with your cloud provider whether they have implemented fixes for Rapid Reset. As a last resort, disable HTTP/2 protocol for the time being and keep monitoring.
Learn More
Cloudflare, in collaboration with Google and Amazon AWS, recently disclosed a new zero-day vulnerability known as the "HTTP/2 Rapid Reset" attack.
This flaw is tracked as CVE-2023-44487 andcapitalizes on the HTTP/2 protocol, enabling attackers to orchestrate massive DDoS attacks. Cloudflare mitigated an attack, three times larger than any they've seen before, peaking at 201 million requests per second. Over the past month, Cloudflare also countered more than 1,100 other significant attacks.
The attack primarily exploited the HTTP/2 protocol's stream cancellation feature. An automated sequence of sending and then immediately canceling a request was utilized by attackers to disrupt servers or applications using the standard HTTP/2.
The massive attack that drew attention to this vulnerability was executed using a modestly-sized botnet, highlighting the vulnerability's severity. Cloudflare and other cloud services has been proactive in addressing the issue, developing new mitigation technology, and initiating a responsible disclosure process. They have liaised with industry peers and notified relevant authorities.
The proper control is updating web servers and operating systems, and considering implementing secondary DDoS protection providers. As a mitigating measure until proper patching and other defensive tools in the infrastructure are applied is to temporarily disable HTTP/2 and HTTP/3, though that could lead to performance issues.
