Cloudflare, Google, and AWS have disclosed a new zero-day vulnerability attack, “HTTP/2 Rapid Reset,” which exploits a weakness in the HTTP/2 protocol to generate massive DDoS attacks. The vulnerability allows for multiple HTTP/2 connections with requests and resets in quick succession, causing a denial of service. The companies have implemented additional mitigations for their CDN and WAF that support HTTP/2 and recommend customers check with their vendors for potential impact.
Read more at InfoQ…