New HTTP/2 'CONTINUATION Flood' Vulnerability Threatens Server Stability

April 5, 2024
New HTTP/2 'CONTINUATION Flood' Vulnerability Threatens Server Stability
Tech
Tech
Cybersecurity
Cybersecurity

  • A new vulnerability in HTTP/2, dubbed 'CONTINUATION Flood', enables DOS attacks via a single TCP connection.

  • The vulnerability involves sending lengthy HTTP/2 CONTINUATION frames to overwhelm and crash server CPUs.

  • Effects of the vulnerability vary, including DoS attacks, memory leaks, and excessive memory consumption.

  • Imperva's Cloud WAF already has defenses against this attack, with additional measures being implemented.

  • CERT/CC notes challenges in detecting the attacks, necessitating raw HTTP traffic analysis for identification.

  • Organizations are urged to address and mitigate the CONTINUATION Flood vulnerability to maintain online security.

Summary based on 3 sources

Get a daily email with more Tech stories

Sources

This hugely dangerous new DoS attack could crash web servers with just a single connection

TechRadar pro • Apr 5, 2024

This hugely dangerous new DoS attack could crash web servers with just a single connection
HTTP/2 CONTINUATION Flood Vulnerability

Security Boulevard • Apr 5, 2024

HTTP/2 CONTINUATION Flood Vulnerability
HTTP/2 CONTINUATION Flood technique can be exploited in DoS attacks

Security Affairs • Apr 5, 2024

HTTP/2 CONTINUATION Flood technique can be exploited in DoS attacks

More Stories