virus logo Threat Signal Report

HTTP/2 Rapid Reset Attack (CVE-2023-44487)

Description

What is
HTTP/2?
HTTP/2 is a network protocol used by the World Wide Web that reduces latency by allowing multiple concurrent exchanges on the same connection.
What is the
Attack? 		A newly identified Distributed Denial-of-Service (DDoS) attack technique is used in the wild. This DDoS attack, known as 'HTTP/2 Rapid Reset', leverages a flaw in the implementation of protocol HTTP/2.
This HTTP/2 vulnerability allows malicious actors to launch a DDoS attack targeting HTTP/2 servers. The attack sends a set number of HTTP requests, to generate a high volume of traffic on the targeted HTTP/2 servers. Attackers can cause a significant increase in the request per second and high CPU utilization on the servers that eventually can cause resource exhaustion.
Why is this
Significant?
According to a Google blog post on Oct 10, 2023, the largest attack reached up to 398 million requests per second. CISA has also released an advisory for this DDoS attack on the same day.
https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487
What is the
Vendor Solution?
The web services deployed with HTTP/2 should check if there are available patches and other mitigations.
What FortiGuard Coverage is available? FortiGuard recommends using application layer protection service such as Web Application Firewall (WAF) to protect web applications against network attacks. Also, recommends using Application Delivery service for load balancing and generally improving security posture.
FortiGuard also recommends restricting Internet access to specific sources as needed and applicable.
https://www.fortinet.com/products/web-application-firewall/fortiweb
https://www.fortinet.com/products/application-delivery-controller/fortiadc

description-logoOutbreak Alert

A newly identified Distributed Denial-of-Service (DDoS) attack technique is used in the wild. This DDoS attack, known as ‘HTTP/2 Rapid Reset’, leverages a flaw in the implementation of protocol HTTP/2.

View the full Outbreak Alert Report

Telemetry

ID 67
Date Oct 11, 2023
Outbreak Alert HTTP2 Rapid Reset Attack
CVE ID CVE-2023-44487
Threat/
Vulnerability		 Vulnerability
Experienced a Breach? We're here to help FortiGuard Incident Response Services
FortiGuard Incident Response Services
Outbreak Alert Outbreak Alert