all InfoSec news
VU#421644: HTTP/2 CONTINUATION frames can be utilized for DoS attacks
April 3, 2024, 5:15 p.m. |
CERT Recently Published Vulnerability Notes kb.cert.org
Overview
HTTP allows messages to include named fields in both header and trailer sections. These header and trailer fields are serialised as field blocks in HTTP/2, so that they can be transmitted in multiple fragments to the target implementation. Many HTTP/2 implementations do not properly limit or sanitize the amount of CONTINUATION frames sent within a single stream. An attacker that can send packets to a target server can send a stream of CONTINUATION frames that will not be appended …
attacks can dos fragments header http implementation limit messages target
More from kb.cert.org / CERT Recently Published Vulnerability Notes
VU#421644: HTTP/2 CONTINUATION frames can be utilized for DoS attacks
3 weeks, 6 days ago |
kb.cert.org
Jobs in InfoSec / Cybersecurity
SOC 2 Manager, Audit and Certification
@ Deloitte | US and CA Multiple Locations
Network Security Engineer – Zscaler SME
@ Peraton | United States
Splunk Data Analytic Subject Matter Expert
@ Peraton | Woodlawn, MD, United States
Principal Consultant, Offensive Security, Proactive Services (Unit 42)- Remote
@ Palo Alto Networks | Santa Clara, CA, United States
Senior Engineer Software Product Security
@ Ford Motor Company | Mexico City, MEX, Mexico
Information System Security Engineer (Red Team)
@ Evolution | Riga, Latvia