/plushcap/analysis/cloudflare/on-the-recent-http-2-dos-attacks

On the recent HTTP/2 DoS attacks

What's this blog post about?

On August 13, 2019, multiple Denial of Service (DoS) vulnerabilities were disclosed for several HTTP/2 server implementations. Cloudflare, which uses NGINX for HTTP/2, has already protected its customers from these attacks. The individual vulnerabilities, discovered by Netflix and included in the announcement, are: CVE-2019-9511 to CVE-2019-9518. As soon as Cloudflare became aware of these vulnerabilities, their Protocols team started working on fixes. They first pushed a patch to detect any attack attempts and then mitigated the vulnerabilities. The changes were rolled out weeks ago, and they continue to monitor similar attacks. Customers who host web services over HTTP/2 on an alternative path not behind Cloudflare are advised to apply the latest security updates to their origin servers for protection against these HTTP/2 vulnerabilities.

Company
Cloudflare

Date published
Aug. 13, 2019

Author(s)
Nafeez

Word count
216

Language
English

Hacker News points
None found.


By Matt Makai. 2021-2024.