New HTTP/2 'CONTINUATION Flood' Vulnerability Threatens Server Stability

April 6, 2024
New HTTP/2 'CONTINUATION Flood' Vulnerability Threatens Server Stability
  • A new vulnerability in HTTP/2, dubbed 'CONTINUATION Flood', enables DOS attacks via a single TCP connection.

  • The vulnerability involves sending lengthy HTTP/2 CONTINUATION frames to overwhelm and crash server CPUs.

  • Effects of the vulnerability vary, including DoS attacks, memory leaks, and excessive memory consumption.

  • Imperva's Cloud WAF already has defenses against this attack, with additional measures being implemented.

  • CERT/CC notes challenges in detecting the attacks, necessitating raw HTTP traffic analysis for identification.

  • Organizations are urged to address and mitigate the CONTINUATION Flood vulnerability to maintain online security.

Summary based on 3 sources


Get a daily email with more Tech stories

Related Stories