Intrusion PreventionHTTP2.RST_STREAM.Rapid.Reset.DoS
Description
This indicates an attack attempt to exploit a Denial of Service Vulnerability in HTTP/2 protocol.
The vulnerability is due to HTTP/2 request cancellation can reset many streams quickly. A remote, unauthenticated attacker can exploit this vulnerability by initiating a large number of request and reset to a vulnerable server. Successful exploitation results in the consumption of excessive amounts of memory, eventually leading to denial of service conditions.
Outbreak Alert
A newly identified Distributed Denial-of-Service (DDoS) attack technique is used in the wild. This DDoS attack, known as ‘HTTP/2 Rapid Reset’, leverages a flaw in the implementation of protocol HTTP/2.
Affected Products
Web servers that support HTTP/2 protocol
Impact
Denial of Service: Remote attackers can crash vulnerable systems.
Recommended Actions
Apply the most recent upgrade or patch from the vendor.
https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/
https://aws.amazon.com/security/security-bulletins/AWS-2023-011/
Telemetry
Coverage
| IPS (Regular DB) | |
| IPS (Extended DB) |
Version Updates
| Date | Version | Detail |
|---|---|---|
| 2023-11-15 | 26.678 | Sig Added |
| 2023-11-07 | 26.672 | Default_action:pass:drop |
| 2023-10-24 | 25.663 | Modified |
| 2023-10-23 | 25.662 | Sig Added |
| 2023-10-12 | 25.655 |
| ID | 54090 |
| Created | Oct 11, 2023 |
| Updated | Nov 15, 2023 |
| Outbreak Alert | HTTP2 Rapid Reset Attack |
| Threat Signal | View Report |
| Risk |
|
| CVE ID | CVE-2023-44487 |
| Known Exploited | Yes |
| Exploit Prediction Score | 72.01% |
| Default Action | drop |
| Active | |
| Affected OS | All |
| Affected App | Other |