Outbreak AlertHTTP/2 Rapid Reset Attack
Watch Video
Zero-Day DDoS vulnerability exploited in the wild
A newly identified Distributed Denial-of-Service (DDoS) attack technique is used in the wild. This DDoS attack, known as ‘HTTP/2 Rapid Reset’, leverages a flaw in the implementation of protocol HTTP/2. Learn More »
Common Vulnerabilities and Exposures
Background
HTTP/2 is a connection-oriented application-layer protocol that runs over a TCP connection ([TCP]). HTTP/2 enables a more efficient use of network resources and a reduced latency by introducing field compression and allowing multiple concurrent exchanges on the same connection. The attack sends a set number of HTTP requests, to generate a high volume of traffic on the targeted HTTP/2 servers. Attackers can cause a significant increase in the request per second and high CPU utilization on the servers that eventually can cause resource exhaustion causing denial of service.
Threat Radar Overall Score:
 |
CVSS Rating | 7.0 |
 |
FortiRecon Score | 78/100 |
 |
Known Exploited | Yes |
 |
Exploit Prediction Score | 73.93% |
 |
FortiGuard Telemetry | 4377 |
Latest Development
Recent news and incidents related to cybersecurity threats encompassing various events such as data breaches, cyber-attacks, security incidents, and vulnerabilities discovered.
Oct 10, 2023: According to a Google blog post the largest attack reached up to 398 million requests per second.
https://cloud.google.com/blog/products/identity-security/how-it-works-the-novel-http2-rapid-reset-ddos-attack
Oct 10, 2023: CISA released an advisory for this DDoS attack.
https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487
Oct 11, 2023: FortiGuard released a Threat Signal on the vulnerability (CVE-2023-44487)
https://www.fortiguard.com/threat-signal-report/5286/http-2-rapid-reset-attack
Oct 12, 2023: FortiGuard has released an IPS signature to detect and block attacks targeting the denial of service vulnerability on HTTP/2 protocol (CVE-2023-44487)
FortiGuard recommends using application layer protection service such as Web Application Firewall (WAF) to protect web applications against network attacks. Also, recommends using Application Delivery service for load balancing and generally improving security posture.
https://www.fortinet.com/products/web-application-firewall/fortiweb
https://www.fortinet.com/products/application-delivery-controller/fortiadc
Additionally FortiWeb customers should use HTTP Protocol Constraints to define/reduce the max number of requests per client. See the instruction listed on this article:
https://community.fortinet.com/t5/FortiWeb/Technical-Tip-How-to-Enable-HTTP-2-Max-Requests-in-HTTP-Protocol/ta-p/278958
FortiGuard Cybersecurity Framework
Mitigate security threats and vulnerabilities by leveraging the range of FortiGuard Services.
-
Vulnerability
-
IPS
-
Web App Security
-
Outbreak Detection
-
Threat Hunting
-
Assisted Response Services
-
Automated Response
-
NOC/SOC Training
-
End-User Training
-
Attack Surface Hardening
-
Business Reputation
Threat Intelligence
Information gathered from analyzing ongoing cybersecurity events including threat actors, their tactics, techniques, and procedures (TTPs), indicators of compromise (IOCs), malware and related vulnerabilities.
Indicators of compromise
References
Sources of information in support and relation to this Outbreak and vendor.