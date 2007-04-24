24/04/07/1632259 story
posted by Fnord666 on Monday April 08, @08:45PM
https://nowotarski.info/http2-continuation-flood-technical-details/
tl;dr: Deep technical analysis of the CONTINUATION Flood: a class of vulnerabilities within numerous HTTP/2 protocol implementations. In many cases, it poses a more severe threat compared to the Rapid Reset: a single machine (and in certain instances, a mere single TCP connection or a handful of frames) has the potential to disrupt server availability, with consequences ranging from server crashes to substantial performance degradation. Remarkably, requests that constitute an attack are not visible in HTTP access logs. A simplified security advisory and list of affected projects can be found in: HTTP/2 CONTINUATION Flood.
This discussion was created by Fnord666 (652) for logged-in users only. Log in and try again!
HTTP/2 CONTINUATION Flood: Technical Details | Log In/Create an Account | Top | Search Discussion
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.