On October 10, 2023, the following HTTP/2 protocol-level weakness, which enables a novel distributed denial of service (DDoS) attack technique, was disclosed:
CVE-2023-44487: HTTP/2 Rapid Reset
For a description of this vulnerability, see the following publications:
How it works: The novel HTTP/2 ‘Rapid Reset’ DDoS attack (Google)
HTTP/2 Zero-Day vulnerability results in record-breaking DDoS attacks (Cloudflare)
CVE-2023-44487 – HTTP/2 Rapid Reset Attack (AWS)
This advisory will be updated as additional information becomes available.
This advisory is available at the following link:
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-http2-reset-d8Kf32vZ
Security Impact Rating: High
CVE: CVE-2023-44487
Source:: Cisco Security Advisories