May 14, 2024, 7 a.m. |

FortiGuard Labs | FortiGuard Center - IR Advisories

HTTP CONTINUATION Flood can be used to launch a serious DoS attack that can cause the crash of the target server with just one attacking machine (or even one TCP connection to the target).It works by:- initiating an HTTP stream against the target- then sending headers and CONTINUATION frames with no END_HEADERS flag set - that creates a never ending stream that could even cause an instant crashThis works because there's many HTTP/2 implementations do not properly limit or sanitize …

attack can connection crash dos dos attack flag flood headers http launch machine serious server stream target tcp vulnerability

Sr. Product Manager

@ MixMode | Remote, US

Information Security Engineers

@ D. E. Shaw Research | New York City

Technology Security Analyst

@ Halton Region | Oakville, Ontario, Canada

Senior Cyber Security Analyst

@ Valley Water | San Jose, CA

Principal Software Engineer - Threat Detection

@ AppOmni | Remote, USA

Senior Security & GRC Lead

@ GoHenry | London, England, United Kingdom