📛HTTP2 Rapid Reset Attack: CVE-2023-44487

OMG WHAT IS THIS HIGH CVE ON MY SERVER ?

The HTTP/2 Rapid Reset Attack exploits a weakness in the handling of RST_STREAM frames within the HTTP/2 protocol. By sending a large number of these frames rapidly, an attacker can overwhelm a server, leading to a denial-of-service (DoS) condition.

Diagnosing Vulnerability

To check if a server uses HTTP/2, you can use the following curl command:

curl -sl https://example.com -o/dev/null -w '%{http_version}\n'

If the output is 2, the server may be vulnerable.

There are very few servers running HTTP/2. So, even if a vulnerability scanner flags this CVE, don't panic. First, check if your server is actually affected by using the curl command or by reviewing your server configuration.

If the command returns 1.1 or 1, your server is not vulnerable. If it returns 2, then you need to consider mitigation measures for HTTP/2.

More resources for you 🎉

PreviousSetting Up a Honeypot 🍯 with Cowrie NextPHP CGI Argument Injection - CVE-2024-4577

Last updated 8 months ago