Cybersecurity researchers have recently discovered a new vulnerability in the HTTP/2 protocol, which allows threat actors to mount denial of service (DoS) attacks and even crash servers with a single TCP connection.
The vulnerability relates to the use of HTTP/2 CONTINUATION frames, which is why the researcher who found it, Barket Nowotarski, dubbed it “CONTINUATION Flood”.
As explained by BleepingComputer, HTTP/2 is the updated version of the HTTP protocol, standardized in 2015. Its goal was to improve web performance by introducing binary framing for efficient data transmission, multiplexing which allowed multiple requests and responses over a single connection, and header compression which reduced overhead.
Multiple CVEs
With HTTP/2 messages, header and trailer sections are…
Source link