HTTP2.RST_STREAM.Rapid.Reset.DoS
Description
This indicates an attack attempt to exploit a Denial of Service Vulnerability in HTTP/2 protocol.
The vulnerability is due to HTTP/2 request cancellation can reset many streams quickly. A remote, unauthenticated attacker can exploit this vulnerability by initiating a large number of request and reset to a vulnerable server. Successful exploitation results in the consumption of excessive amounts of memory, eventually leading to denial of service conditions.
Outbreak Alert
A newly identified Distributed Denial-of-Service (DDoS) attack technique is used in the wild. This DDoS attack, known as ‘HTTP/2 Rapid Reset’, leverages a flaw in the implementation of protocol HTTP/2.
Affected Products
Web servers that support HTTP/2 protocol
Impact
Denial of Service: Remote attackers can crash vulnerable systems.
Recommended Actions
Apply the most recent upgrade or patch from the vendor.
https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/
https://aws.amazon.com/security/security-bulletins/AWS-2023-011/
Telemetry
Coverage
IPS (Regular DB) | |
IPS (Extended DB) |
Version Updates
Date | Version | Detail |
---|---|---|
2023-11-15 | 26.678 | Sig Added |
2023-11-07 | 26.672 | Default_action:pass:drop |
2023-10-24 | 25.663 | Modified |
2023-10-23 | 25.662 | Sig Added |
2023-10-12 | 25.655 |