Threat actors exploit HTTP/2 vulnerability

Image via Unsplash

A HTTP/2 vulnerability was discovered by Cloudfare. In late August 2023, Cloudflare discovered a zero-day vulnerability, developed by an unknown threat actor. The vulnerability exploits the standard HTTP/2 protocol.

HTTP/2 is responsible for how browsers interact with a website, allowing them to ‘request’ to view things like images and text quickly, and all at once no matter how complex the website. This new attack works by making hundreds of thousands of ‘requests’ and immediately canceling them. By automating this “request, cancel, request, cancel” pattern at scale, threat actors overwhelm websites and are able to knock anything that uses HTTP/2 offline.

“Rapid Reset” provides threat actors with a powerful new way to attack victims across the Internet at an order of magnitude larger than anything the Internet has seen before. HTTP/2 is the basis for about 60% of all web applications, and determines the speed and quality of how users see and interact with websites.

ON DEMAND: In this webinar, Regina Lester, Vice President of Security & Safety Operations at Toledo Zoo, will share her insights on implementing security technologies in the entertainment sector and the challenges all organizations face — large and small — when it comes to balancing budget and security.