HTTP/2 Rapid Reset Attack Vulnerability
Overdue
IETF / HTTP/2
CWE-400
Description
HTTP/2 contains a rapid reset vulnerability that allows for a distributed denial-of-service attack (DDoS).
Required Action
Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
References
- This vulnerability affects a common open-source component, third-party library, or a protocol used by different products. Please check with specific vendors for information on patching status. For more information, please see: https://blog.cloudflare.com/technical-breakdown-http2-rapid-reset-ddos-attack/
- https://nvd.nist.gov/vuln/detail/CVE-2023-44487
Additional Information
- Catalog Version
- 2025.01.24
- Catalog Released
- Jan. 24, 2025
- Days Until Due
- 0 days
- Last Updated
- 6 months ago