Sign In
- Platform
- Solutions
- Modern NDR
- Resources
- Company
Platform
Modern NDR
Resources
Platform
Modern NDR
Resources
DETECTION OVERVIEW
Risk Factors
Web servers that support HTTP/2 are often exposed to the internet. An attacker can create a denial of service (DoS) scenario with attack tools that target HTTP/2. DoS attacks can create outages that disrupt business operations.
Kill Chain
Risk Score
70
The HTTP/2 protocol enables the exchange of messages between endpoints, which is called stream multiplexing. Stream multiplexing enables a client to have multiple in-flight streams within a single TCP connection, with each stream corresponding to one resource request.
An attacker can exploit a vulnerability in HTTP/2 (CVE-2023-44487) by opening many request streams and then canceling each in-flight request right away by sending an RST_STREAM frame. By resetting streams immediately, attackers can have an unlimited number of requests in flight and never exceed the limit of concurrent open streams. When the server cannot process the cancel requests fast enough, a backlog of work accumulates, stressing the server, and potentially leading to a DoS attack.
