"Dangerous Vulnerability Can Be Exploited to Carry Out Massive DDoS Attacks"

Cloudflare, Google, and Amazon AWS have disclosed that a zero-day vulnerability called HTTP/2 Rapid Reset in the HTTP/2 protocol has been exploited to launch massive, high-volume Distributed Denial-of-Service (DDoS) attacks. Cloudflare discovered the zero-day vulnerability developed by an unknown threat actor in August 2023. The vulnerability exploits the standard HTTP/2 protocol, a crucial component of the Internet and most websites. This new attack works by making hundreds of thousands of "requests" that are then promptly canceled. By automating the scale of this "request, cancel, request, cancel" pattern, threat actors can overwhelm websites and render inoperable anything that uses HTTP/2. "Rapid Reset" provides threat actors with a method of attacking victims across the Internet that is more effective than anything the Internet has ever seen. This article continues to discuss the HTTP/2 Rapid Reset vulnerability.

Help Net Security reports "Dangerous Vulnerability Can Be Exploited to Carry Out Massive DDoS Attacks"

Submitted by grigby1