all InfoSec news
Exploiting HTTP/2 CONTINUATION frames for DoS attacks
DEV Community dev.to
About the vulnerability
The vulnerability lies in the way HTTP/2 implementations handle CONTINUATION frames, which are used to transmit header blocks larger than the maximum frame size. Attackers exploit this weakness by sending an excessive number of CONTINUATION frames within a single HTTP/2 stream. This flood of frames overwhelms the server's capacity to process them efficiently.
The severity of this vulnerability was highlighted by Bartek Nowotarski, who noted that it poses a more significant threat compared to previous incidents, such …
attackers attacks codesecurity dos exploit exploiting flood go header http lies node opensourcesecurity server single size stream vulnerability weakness