📛HTTP2 Rapid Reset Attack: CVE-2023-44487

OMG WHAT IS THIS HIGH CVE ON MY SERVER ?

Panic at titanic

---

The HTTP/2 Rapid Reset Attack exploits a weakness in the handling of RST_STREAM frames within the HTTP/2 protocol. By sending a large number of these frames rapidly, an attacker can overwhelm a server, leading to a denial-of-service (DoS) condition.

---

Diagnosing Vulnerability

To check if a server uses HTTP/2, you can use the following curl command:

curl -sl https://example.com -o/dev/null -w '%{http_version}\n'

If the output is 2, the server may be vulnerable.

---

There are very few servers running HTTP/2. So, even if a vulnerability scanner flags this CVE, don't panic. First, check if your server is actually affected by using the curl command or by reviewing your server configuration.

If the command returns 1.1 or 1, your server is not vulnerable. If it returns 2, then you need to consider mitigation measures for HTTP/2.

More resources for you 🎉

How it works: The novel HTTP/2 ‘Rapid Reset’ DDoS attack | Google Cloud BlogGoogle Cloud

Google Cloud Blog

HTTP/2 Rapid Reset : anatomie de l'attaque recordThe Cloudflare Blog

French cloudflare article