HTTP/2 Rapid Reset: deconstructing the record-breaking attack

This article discusses two recent HTTP/2 vulnerabilities, CVE-2019-9513 and CVE-2023-44487, that have been exploited by attackers. These vulnerabilities can cause a server to crash or hang due to excessive consumption of resources such as CPU, memory, and file descriptors. The author explains how these vulnerabilities work and provides details on the recent record-breaking DDoS attack that targeted one of Cloudflare's enterprise customers using these exploits. The article outlines several improvements made by Cloudflare to mitigate these attacks, including changes in HTTP/2 processing code, increased resource allocation for handling traffic spikes, and enhanced observability systems for better detection and response capabilities. The author also highlights the importance of proactive threat identification and continuous improvement in DDoS protection measures. Overall, this article provides valuable insights into the evolving landscape of cyberattacks and emphasizes the need for robust security infrastructure and vigilant threat management strategies.