Rapid Reset (CVE-2023-44487) - DoS in HTTP/2 - Understanding the root cause

Rapid Reset (CVE-2023-44487) - DoS in HTTP/2 - Understanding the root cause

CVEs

7.5 High Severity

Screenshots from the blog posts

images/cluabvnqojfjg1hmvhe9jagsr.pngimages/cluabvnqojfjg1hmvhe9jagsr.png

Summary

The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023. This post is meant to be a one-stop guide for you to learn all about this vulnerability and perform the hands-on exploit to see everything in action. Lastly, we conclude with understanding the patch for this issue for the Apache server implementation.

Description

@secatgourity

185 posts

Total vcoins

121.1K

Social media links

Comments (0)