{"id":3617,"date":"2023-10-09T10:51:53","date_gmt":"2023-10-05T10:51:53","guid":{"rendered":"https:\/\/secry.me\/explore\/?p=3617"},"modified":"2023-10-11T11:11:54","modified_gmt":"2023-10-11T11:11:54","slug":"cloudflare-google-and-aws-disclose-new-zero-day-vulnerability-in-http-2-lead-to-ddos-attack","status":"publish","type":"post","link":"https:\/\/secry.me\/explore\/cloudflare-google-and-aws-disclose-new-zero-day-vulnerability-in-http-2-lead-to-ddos-attack\/","title":{"rendered":"Cloudflare, Google, and AWS Disclose New Zero-Day Vulnerability in HTTP\/2 Lead to DDOS Attack"},"content":{"rendered":"<div class=\"c7f5092f831f91fb6af859cc3a8052cc\" data-index=\"4\" style=\"float: none; margin:10px 0 10px 0; text-align:center;\">\n<script async src=\"https:\/\/securepubads.g.doubleclick.net\/tag\/js\/gpt.js\"><\/script>\r\n<script>\r\n  window.googletag = window.googletag || {cmd: []};\r\n  googletag.cmd.push(function() {\r\n    googletag.defineSlot('\/22608490431\/iklan1', [[320, 100], [300, 50]], 'div-gpt-ad-1696178236578-0').addService(googletag.pubads());\r\n    googletag.pubads().enableSingleRequest();\r\n    googletag.enableServices();\r\n  });\r\n<\/script>\r\n<!-- \/22608490431\/iklan1 -->\r\n<div id='div-gpt-ad-1696178236578-0' style='min-width: 300px; min-height: 50px;'>\r\n  <script>\r\n    googletag.cmd.push(function() { googletag.display('div-gpt-ad-1696178236578-0'); });\r\n  <\/script>\r\n<\/div>\n<\/div>\n<p data-sourcepos=\"3:1-3:234\"><strong>SECRY &#8211; HTTP\/2 Rapid Reset vulnerability &#8211; <\/strong>On October 10, 2023, <em>Cloudflare<\/em>, <em>Google<\/em>, and <em>Amazon Web Services<\/em> (AWS) revealed that a new <a href=\"https:\/\/secry.me\/explore\/news\/\">zero-day vulnerability<\/a> in the HTTP\/2 protocol had been exploited to launch the largest distributed denial-of-service (DDoS) attacks in history.<\/p>\n<p data-sourcepos=\"5:1-5:227\">HTTP\/2 is a newer version of the HTTP protocol that is used to deliver web content more efficiently. It allows multiple requests to be sent over a single TCP connection, which can improve performance and reduce bandwidth usage.<\/p>\n<p data-sourcepos=\"7:1-7:346\">The HTTP\/2 Rapid Reset <a href=\"https:\/\/secry.me\/explore\/news\/\">vulnerability<\/a> exploits the way that HTTP\/2 handles multiple requests over a single TCP connection. By sending a series of requests and then quickly resetting them, attackers can create a large number of concurrent streams on the victim&#8217;s server. This can overwhelm the server&#8217;s resources and cause it to become unavailable.<\/p>\n<p data-sourcepos=\"7:1-7:346\">\n<h2 data-sourcepos=\"7:1-7:346\">The Vulnerability Break the Record<\/h2>\n<p data-sourcepos=\"9:1-9:427\">The DDoS attacks that exploited the HTTP\/2 Rapid Reset vulnerability were unprecedented in size and scale. One of\u00a0DDOS Attack reported by <strong>Cloudflare <\/strong>that peaked at <strong>201 millio<\/strong>n requests per second (RPS), which is more than seven times the largest attack the company had previously seen. <strong>AWS<\/strong> <span class=\"citation-0 citation-end-0\">saw over a dozen HTTP\/2 Rapid Reset attacks over the course of two days in late August, with the largest peaking at <strong>155 million<\/strong> RPS.<\/span><\/p>\n<p data-sourcepos=\"9:1-9:427\">In <strong>Google<\/strong>&#8216;s situation, the company detected a DDoS attack that reached a peak of <strong>398 million<\/strong> requests per second (RPS), which was over seven times larger than the biggest attack the internet giant had witnessed before.<\/p>\n<p data-sourcepos=\"11:1-11:233\">The vulnerability is a serious threat to the <a href=\"https:\/\/secry.me\/explore\/cyber-security\/\">security<\/a> and stability of the internet. It is important for organizations to patch their servers and other infrastructure against this vulnerability as soon as possible.<\/p>\n<p data-sourcepos=\"11:1-11:233\">\n<h2 data-sourcepos=\"13:1-13:80\">Explanation of the HTTP\/2 Rapid Reset vulnerability<\/h2>\n<p data-sourcepos=\"15:1-15:275\">HTTP\/2 is a multiplexed protocol, which means that it allows multiple requests to be sent over a single TCP connection. This is done by opening multiple streams on the same TCP connection. Each stream is independent of the others, and can be used to send a different request.<\/p>\n<p data-sourcepos=\"17:1-17:343\">The HTTP\/2 Rapid Reset vulnerability exploits the way that HTTP\/2 handles multiple streams on a single TCP connection. By sending a series of requests and then quickly resetting them, attackers can create a large number of concurrent streams on the victim&#8217;s server. This can overwhelm the server&#8217;s resources and cause it to become unavailable.<\/p>\n<figure id=\"attachment_3620\" aria-describedby=\"caption-attachment-3620\" style=\"width: 728px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\" td-modal-image wp-image-3620 size-full\" src=\"https:\/\/secry.me\/explore\/wp-content\/uploads\/2023\/10\/HTTP2-Rapid-Reset-Vulnerability.webp\" alt=\"HTTP\/2 Rapid Reset Vulnerability\" width=\"728\" height=\"375\" srcset=\"https:\/\/secry.me\/explore\/wp-content\/uploads\/2023\/10\/HTTP2-Rapid-Reset-Vulnerability.webp 728w, https:\/\/secry.me\/explore\/wp-content\/uploads\/2023\/10\/HTTP2-Rapid-Reset-Vulnerability-300x155.webp 300w, https:\/\/secry.me\/explore\/wp-content\/uploads\/2023\/10\/HTTP2-Rapid-Reset-Vulnerability-150x77.webp 150w, https:\/\/secry.me\/explore\/wp-content\/uploads\/2023\/10\/HTTP2-Rapid-Reset-Vulnerability-696x359.webp 696w\" sizes=\"auto, (max-width: 728px) 100vw, 728px\" \/><figcaption id=\"caption-attachment-3620\" class=\"wp-caption-text\">HTTP\/2 Rapid Reset Vulnerability Illustration<\/figcaption><\/figure>\n<p data-sourcepos=\"19:1-19:444\">To exploit the vulnerability, attackers typically use a botnet to send a large number of HTTP\/2 requests to the victim&#8217;s server. Each request is sent on a different stream. The attackers then quickly reset the streams, which forces the victim&#8217;s server to close them. The victim&#8217;s server then has to open new streams to handle the next batch of requests. This process is repeated until the victim&#8217;s server is overwhelmed and becomes unavailable.<\/p>\n<p data-sourcepos=\"21:1-21:258\">The HTTP\/2 Rapid Reset vulnerability is a serious threat because it can be used to launch very large and effective DDoS attacks. It is important for organizations to patch their servers and other infrastructure against this vulnerability as soon as possible.<\/p>\n<h2 data-sourcepos=\"21:1-21:258\">Tracked as CVE, Warning and Mitigations of Vulnerabilities &#8216;HTTP\/2 Rapid Reset Attacks&#8217;<\/h2>\n<p>The company observed that the record-breaking attack directed at its customers was executed using a botnet consisting of just 20,000 compromised devices. In contrast, the web security firm frequently encounters attacks orchestrated by botnets powered by hundreds of thousands or even millions of devices.<\/p>\n<p>The underlying vulnerability, known as <strong>CVE-2023-44487<\/strong>, is believed to affect all web servers that implement HTTP\/2 and has been given a &#8216;<strong>high severity<\/strong>&#8216; rating with a CVSS score of 7.5.<\/p>\n<p>Both <a href=\"https:\/\/blog.cloudflare.com\/technical-breakdown-http2-rapid-reset-ddos-attack\/\">Cloudflare<\/a> and <a href=\"https:\/\/cloud.google.com\/blog\/products\/identity-security\/how-it-works-the-novel-http2-rapid-reset-ddos-attack\">Google<\/a> have released blog posts providing technical insights into the HTTP\/2 Rapid Reset attack, and <a href=\"https:\/\/aws.amazon.com\/blogs\/security\/how-aws-protects-customers-from-ddos-events\/\">AWS<\/a> has also published a blog post detailing its observations of the HTTP\/2 Rapid Reset attacks.<\/p>\n<p>The companies have reported that their existing DDoS defenses were largely effective against the HTTP\/2 Rapid Reset attack, but they have implemented additional measures to mitigate this attack method. They have also alerted web server software companies, which have begun developing patches to prevent the exploitation of this vulnerability.<\/p>\n<p>Google issued a warning, stating, &#8220;Any enterprise or individual providing HTTP-based services on the Internet could be susceptible to this attack. Web applications, services, and APIs hosted on a server or proxy using the HTTP\/2 protocol may be at risk. Organizations should ensure that their servers supporting HTTP\/2 are not vulnerable or apply vendor patches for CVE-2023-44487 to minimize the impact of this attack vector.&#8221;<\/p>\n<h2 data-sourcepos=\"23:1-23:77\">Here are some tips for mitigating the risk of HTTP\/2 Rapid Reset attacks:<\/h2>\n<ul data-sourcepos=\"25:1-28:0\">\n<li data-sourcepos=\"25:1-25:176\"><strong>Patch your servers and other infrastructure against the HTTP\/2 Rapid Reset vulnerability.<\/strong>\u00a0This is the most important thing you can do to protect your systems from attack.<\/li>\n<li data-sourcepos=\"26:1-26:160\"><strong>Use a web application firewall (WAF) to filter HTTP\/2 traffic.<\/strong>\u00a0A WAF can block malicious requests and help to protect your servers from being overwhelmed.<\/li>\n<li data-sourcepos=\"27:1-28:0\"><strong>Implement load balancing and other DDoS mitigation techniques.<\/strong>\u00a0This can help to distribute traffic across multiple servers and make it more difficult for attackers to launch successful DDoS attacks.<\/li>\n<\/ul>\n<p data-sourcepos=\"29:1-29:117\">By following these tips, you can help to protect your systems from HTTP\/2 Rapid Reset attacks and other DDoS attacks.<\/p>\n<div id=\"urban-overlay\" style=\"left: -10px; top: -10px; width: 0px; height: 0px;\"><\/div>\n<div id=\"urban-overlay\" style=\"left: -10px; top: -10px; width: 0px; height: 0px;\"><\/div>\n<div id=\"urban-overlay\" style=\"left: -10px; top: -10px; width: 0px; height: 0px;\"><\/div>\n<div id=\"urban-overlay\" style=\"left: -10px; top: -10px; width: 0px; height: 0px;\"><\/div>\n<div id=\"urban-overlay\" style=\"left: -10px; top: -10px; width: 0px; height: 0px;\"><\/div>\n\n<div style=\"font-size: 0px; height: 0px; line-height: 0px; margin: 0; padding: 0; clear: both;\"><\/div>","protected":false},"excerpt":{"rendered":"<p>SECRY &#8211; HTTP\/2 Rapid Reset vulnerability &#8211; On October 10, 2023, Cloudflare, Google, and Amazon Web Services (AWS) revealed that a new zero-day vulnerability in the HTTP\/2 protocol had been exploited to launch the largest distributed denial-of-service (DDoS) attacks in history. HTTP\/2 is a newer version of the HTTP protocol that is used to deliver [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":3625,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[194,131],"tags":[327,328,192,307,326,163,325,143,324,323],"class_list":{"0":"post-3617","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-cyber-security","8":"category-news","9":"tag-aws","10":"tag-cloudflare","11":"tag-cyber-security","12":"tag-cybersecurity","13":"tag-ddos","14":"tag-dos","15":"tag-exploit","16":"tag-google","17":"tag-vulnerability","18":"tag-zero-day"},"yoast_head":"<!-- This site is optimized with the Yoast SEO Premium plugin v21.4 (Yoast SEO v27.5) - https:\/\/yoast.com\/product\/yoast-seo-premium-wordpress\/ -->\n<title>Cloudflare, Google, and AWS Disclose New Zero-Day Vulnerability in HTTP\/2 Lead to DDOS Attack | SECRY<\/title>\n<meta name=\"description\" content=\"SECRY - HTTP\/2 Rapid Reset vulnerability - On October 10, 2023, Cloudflare, Google, and Amazon Web Services (AWS) revealed that a new zero-day\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/secry.me\/explore\/cloudflare-google-and-aws-disclose-new-zero-day-vulnerability-in-http-2-lead-to-ddos-attack\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Cloudflare, Google, and AWS Disclose New Zero-Day Vulnerability in HTTP\/2 Lead to DDOS Attack | SECRY\" \/>\n<meta property=\"og:description\" content=\"SECRY - HTTP\/2 Rapid Reset vulnerability - On October 10, 2023, Cloudflare, Google, and Amazon Web Services (AWS) revealed that a new zero-day\" \/>\n<meta property=\"og:url\" content=\"https:\/\/secry.me\/explore\/cloudflare-google-and-aws-disclose-new-zero-day-vulnerability-in-http-2-lead-to-ddos-attack\/\" \/>\n<meta property=\"og:site_name\" content=\"SECRY\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/secry.me\" \/>\n<meta property=\"article:published_time\" content=\"2023-10-05T10:51:53+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2023-10-11T11:11:54+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/secryweb.sirv.com\/WP_secry.me\/2023\/10\/HTTP2-Rapid-Reset-CVE-2023-44487-2.png\" \/>\n\t<meta property=\"og:image:width\" content=\"1280\" \/>\n\t<meta property=\"og:image:height\" content=\"720\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"author\" content=\"Christin\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Christin\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"4 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"NewsArticle\",\"@id\":\"https:\\\/\\\/secry.me\\\/explore\\\/cloudflare-google-and-aws-disclose-new-zero-day-vulnerability-in-http-2-lead-to-ddos-attack\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/secry.me\\\/explore\\\/cloudflare-google-and-aws-disclose-new-zero-day-vulnerability-in-http-2-lead-to-ddos-attack\\\/\"},\"author\":{\"name\":\"Christin\",\"@id\":\"https:\\\/\\\/secry.me\\\/explore\\\/#\\\/schema\\\/person\\\/a0dca9413073b143bfc0db687dd0b0d6\"},\"headline\":\"Cloudflare, Google, and AWS Disclose New Zero-Day Vulnerability in HTTP\\\/2 Lead to DDOS Attack\",\"datePublished\":\"2023-10-05T10:51:53+00:00\",\"dateModified\":\"2023-10-11T11:11:54+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/secry.me\\\/explore\\\/cloudflare-google-and-aws-disclose-new-zero-day-vulnerability-in-http-2-lead-to-ddos-attack\\\/\"},\"wordCount\":871,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\\\/\\\/secry.me\\\/explore\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/secry.me\\\/explore\\\/cloudflare-google-and-aws-disclose-new-zero-day-vulnerability-in-http-2-lead-to-ddos-attack\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/secry.me\\\/explore\\\/wp-content\\\/uploads\\\/2023\\\/10\\\/HTTP2-Rapid-Reset-CVE-2023-44487-2.png\",\"keywords\":[\"AWS\",\"Cloudflare\",\"Cyber Security\",\"CyberSecurity\",\"DDOS\",\"DOS\",\"Exploit\",\"google\",\"Vulnerability\",\"Zero Day\"],\"articleSection\":[\"Cyber Security\",\"Hacker News\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/secry.me\\\/explore\\\/cloudflare-google-and-aws-disclose-new-zero-day-vulnerability-in-http-2-lead-to-ddos-attack\\\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/secry.me\\\/explore\\\/cloudflare-google-and-aws-disclose-new-zero-day-vulnerability-in-http-2-lead-to-ddos-attack\\\/\",\"url\":\"https:\\\/\\\/secry.me\\\/explore\\\/cloudflare-google-and-aws-disclose-new-zero-day-vulnerability-in-http-2-lead-to-ddos-attack\\\/\",\"name\":\"Cloudflare, Google, and AWS Disclose New Zero-Day Vulnerability in HTTP\\\/2 Lead to DDOS Attack | SECRY\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/secry.me\\\/explore\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/secry.me\\\/explore\\\/cloudflare-google-and-aws-disclose-new-zero-day-vulnerability-in-http-2-lead-to-ddos-attack\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/secry.me\\\/explore\\\/cloudflare-google-and-aws-disclose-new-zero-day-vulnerability-in-http-2-lead-to-ddos-attack\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/secry.me\\\/explore\\\/wp-content\\\/uploads\\\/2023\\\/10\\\/HTTP2-Rapid-Reset-CVE-2023-44487-2.png\",\"datePublished\":\"2023-10-05T10:51:53+00:00\",\"dateModified\":\"2023-10-11T11:11:54+00:00\",\"description\":\"SECRY - HTTP\\\/2 Rapid Reset vulnerability - On October 10, 2023, Cloudflare, Google, and Amazon Web Services (AWS) revealed that a new zero-day\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/secry.me\\\/explore\\\/cloudflare-google-and-aws-disclose-new-zero-day-vulnerability-in-http-2-lead-to-ddos-attack\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/secry.me\\\/explore\\\/cloudflare-google-and-aws-disclose-new-zero-day-vulnerability-in-http-2-lead-to-ddos-attack\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secry.me\\\/explore\\\/cloudflare-google-and-aws-disclose-new-zero-day-vulnerability-in-http-2-lead-to-ddos-attack\\\/#primaryimage\",\"url\":\"https:\\\/\\\/secry.me\\\/explore\\\/wp-content\\\/uploads\\\/2023\\\/10\\\/HTTP2-Rapid-Reset-CVE-2023-44487-2.png\",\"contentUrl\":\"https:\\\/\\\/secry.me\\\/explore\\\/wp-content\\\/uploads\\\/2023\\\/10\\\/HTTP2-Rapid-Reset-CVE-2023-44487-2.png\",\"width\":1280,\"height\":720,\"caption\":\"HTTP2 Rapid Reset Vulnerability - CVE-2023-44487\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/secry.me\\\/explore\\\/cloudflare-google-and-aws-disclose-new-zero-day-vulnerability-in-http-2-lead-to-ddos-attack\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/secry.me\\\/explore\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Cloudflare, Google, and AWS Disclose New Zero-Day Vulnerability in HTTP\\\/2 Lead to DDOS Attack\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/secry.me\\\/explore\\\/#website\",\"url\":\"https:\\\/\\\/secry.me\\\/explore\\\/\",\"name\":\"SECRY\",\"description\":\"#1 Cyber [SEC]urity Sto[RY]  -  News &amp; Bug Bounty Story Collections\",\"publisher\":{\"@id\":\"https:\\\/\\\/secry.me\\\/explore\\\/#organization\"},\"alternateName\":\"Security Story\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/secry.me\\\/explore\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/secry.me\\\/explore\\\/#organization\",\"name\":\"#1 Cyber [SEC]urity Sto[RY] - News & Bug Bounty Story Collections\",\"alternateName\":\"SECRY\",\"url\":\"https:\\\/\\\/secry.me\\\/explore\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secry.me\\\/explore\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/secryweb.sirv.com\\\/WP_secry.me\\\/2022\\\/06\\\/cropped-SECRY.webp\",\"contentUrl\":\"https:\\\/\\\/secryweb.sirv.com\\\/WP_secry.me\\\/2022\\\/06\\\/cropped-SECRY.webp\",\"width\":512,\"height\":512,\"caption\":\"#1 Cyber [SEC]urity Sto[RY] - News & Bug Bounty Story Collections\"},\"image\":{\"@id\":\"https:\\\/\\\/secry.me\\\/explore\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/www.facebook.com\\\/secry.me\",\"https:\\\/\\\/pinterest.com\\\/secry_me\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/secry.me\\\/explore\\\/#\\\/schema\\\/person\\\/a0dca9413073b143bfc0db687dd0b0d6\",\"name\":\"Christin\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/b5497f25505814356d5235813688d08a9e63670586640e4bb29680889eabcc9b?s=96&d=robohash&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/b5497f25505814356d5235813688d08a9e63670586640e4bb29680889eabcc9b?s=96&d=robohash&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/b5497f25505814356d5235813688d08a9e63670586640e4bb29680889eabcc9b?s=96&d=robohash&r=g\",\"caption\":\"Christin\"},\"description\":\"A cybersecurity practitioner with more than 5 years of experience in the cybersecurity world. Has an interest in creating simple blog websites, learning about SEO and graphic design, writing, AI, and understanding the concepts of journalism. Intentionally created this website to make the world of cybersecurity more engaging by combining it with journalistic principles and presenting cybersecurity stories that are easy to understand, which can help anyone who wants to develop in the cybersecurity world.\",\"sameAs\":[\"https:\\\/\\\/secry.me\\\/explore\"],\"url\":\"https:\\\/\\\/secry.me\\\/explore\\\/author\\\/secry\\\/\"}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"Cloudflare, Google, and AWS Disclose New Zero-Day Vulnerability in HTTP\/2 Lead to DDOS Attack | SECRY","description":"SECRY - HTTP\/2 Rapid Reset vulnerability - On October 10, 2023, Cloudflare, Google, and Amazon Web Services (AWS) revealed that a new zero-day","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/secry.me\/explore\/cloudflare-google-and-aws-disclose-new-zero-day-vulnerability-in-http-2-lead-to-ddos-attack\/","og_locale":"en_US","og_type":"article","og_title":"Cloudflare, Google, and AWS Disclose New Zero-Day Vulnerability in HTTP\/2 Lead to DDOS Attack | SECRY","og_description":"SECRY - HTTP\/2 Rapid Reset vulnerability - On October 10, 2023, Cloudflare, Google, and Amazon Web Services (AWS) revealed that a new zero-day","og_url":"https:\/\/secry.me\/explore\/cloudflare-google-and-aws-disclose-new-zero-day-vulnerability-in-http-2-lead-to-ddos-attack\/","og_site_name":"SECRY","article_publisher":"https:\/\/www.facebook.com\/secry.me","article_published_time":"2023-10-05T10:51:53+00:00","article_modified_time":"2023-10-11T11:11:54+00:00","og_image":[{"width":1280,"height":720,"url":"https:\/\/secryweb.sirv.com\/WP_secry.me\/2023\/10\/HTTP2-Rapid-Reset-CVE-2023-44487-2.png","type":"image\/png"}],"author":"Christin","twitter_card":"summary_large_image","twitter_misc":{"Written by":"Christin","Est. reading time":"4 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"NewsArticle","@id":"https:\/\/secry.me\/explore\/cloudflare-google-and-aws-disclose-new-zero-day-vulnerability-in-http-2-lead-to-ddos-attack\/#article","isPartOf":{"@id":"https:\/\/secry.me\/explore\/cloudflare-google-and-aws-disclose-new-zero-day-vulnerability-in-http-2-lead-to-ddos-attack\/"},"author":{"name":"Christin","@id":"https:\/\/secry.me\/explore\/#\/schema\/person\/a0dca9413073b143bfc0db687dd0b0d6"},"headline":"Cloudflare, Google, and AWS Disclose New Zero-Day Vulnerability in HTTP\/2 Lead to DDOS Attack","datePublished":"2023-10-05T10:51:53+00:00","dateModified":"2023-10-11T11:11:54+00:00","mainEntityOfPage":{"@id":"https:\/\/secry.me\/explore\/cloudflare-google-and-aws-disclose-new-zero-day-vulnerability-in-http-2-lead-to-ddos-attack\/"},"wordCount":871,"commentCount":0,"publisher":{"@id":"https:\/\/secry.me\/explore\/#organization"},"image":{"@id":"https:\/\/secry.me\/explore\/cloudflare-google-and-aws-disclose-new-zero-day-vulnerability-in-http-2-lead-to-ddos-attack\/#primaryimage"},"thumbnailUrl":"https:\/\/secry.me\/explore\/wp-content\/uploads\/2023\/10\/HTTP2-Rapid-Reset-CVE-2023-44487-2.png","keywords":["AWS","Cloudflare","Cyber Security","CyberSecurity","DDOS","DOS","Exploit","google","Vulnerability","Zero Day"],"articleSection":["Cyber Security","Hacker News"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/secry.me\/explore\/cloudflare-google-and-aws-disclose-new-zero-day-vulnerability-in-http-2-lead-to-ddos-attack\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/secry.me\/explore\/cloudflare-google-and-aws-disclose-new-zero-day-vulnerability-in-http-2-lead-to-ddos-attack\/","url":"https:\/\/secry.me\/explore\/cloudflare-google-and-aws-disclose-new-zero-day-vulnerability-in-http-2-lead-to-ddos-attack\/","name":"Cloudflare, Google, and AWS Disclose New Zero-Day Vulnerability in HTTP\/2 Lead to DDOS Attack | SECRY","isPartOf":{"@id":"https:\/\/secry.me\/explore\/#website"},"primaryImageOfPage":{"@id":"https:\/\/secry.me\/explore\/cloudflare-google-and-aws-disclose-new-zero-day-vulnerability-in-http-2-lead-to-ddos-attack\/#primaryimage"},"image":{"@id":"https:\/\/secry.me\/explore\/cloudflare-google-and-aws-disclose-new-zero-day-vulnerability-in-http-2-lead-to-ddos-attack\/#primaryimage"},"thumbnailUrl":"https:\/\/secry.me\/explore\/wp-content\/uploads\/2023\/10\/HTTP2-Rapid-Reset-CVE-2023-44487-2.png","datePublished":"2023-10-05T10:51:53+00:00","dateModified":"2023-10-11T11:11:54+00:00","description":"SECRY - HTTP\/2 Rapid Reset vulnerability - On October 10, 2023, Cloudflare, Google, and Amazon Web Services (AWS) revealed that a new zero-day","breadcrumb":{"@id":"https:\/\/secry.me\/explore\/cloudflare-google-and-aws-disclose-new-zero-day-vulnerability-in-http-2-lead-to-ddos-attack\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/secry.me\/explore\/cloudflare-google-and-aws-disclose-new-zero-day-vulnerability-in-http-2-lead-to-ddos-attack\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secry.me\/explore\/cloudflare-google-and-aws-disclose-new-zero-day-vulnerability-in-http-2-lead-to-ddos-attack\/#primaryimage","url":"https:\/\/secry.me\/explore\/wp-content\/uploads\/2023\/10\/HTTP2-Rapid-Reset-CVE-2023-44487-2.png","contentUrl":"https:\/\/secry.me\/explore\/wp-content\/uploads\/2023\/10\/HTTP2-Rapid-Reset-CVE-2023-44487-2.png","width":1280,"height":720,"caption":"HTTP2 Rapid Reset Vulnerability - CVE-2023-44487"},{"@type":"BreadcrumbList","@id":"https:\/\/secry.me\/explore\/cloudflare-google-and-aws-disclose-new-zero-day-vulnerability-in-http-2-lead-to-ddos-attack\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/secry.me\/explore\/"},{"@type":"ListItem","position":2,"name":"Cloudflare, Google, and AWS Disclose New Zero-Day Vulnerability in HTTP\/2 Lead to DDOS Attack"}]},{"@type":"WebSite","@id":"https:\/\/secry.me\/explore\/#website","url":"https:\/\/secry.me\/explore\/","name":"SECRY","description":"#1 Cyber [SEC]urity Sto[RY]  -  News &amp; Bug Bounty Story Collections","publisher":{"@id":"https:\/\/secry.me\/explore\/#organization"},"alternateName":"Security Story","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/secry.me\/explore\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/secry.me\/explore\/#organization","name":"#1 Cyber [SEC]urity Sto[RY] - News & Bug Bounty Story Collections","alternateName":"SECRY","url":"https:\/\/secry.me\/explore\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secry.me\/explore\/#\/schema\/logo\/image\/","url":"https:\/\/secryweb.sirv.com\/WP_secry.me\/2022\/06\/cropped-SECRY.webp","contentUrl":"https:\/\/secryweb.sirv.com\/WP_secry.me\/2022\/06\/cropped-SECRY.webp","width":512,"height":512,"caption":"#1 Cyber [SEC]urity Sto[RY] - News & Bug Bounty Story Collections"},"image":{"@id":"https:\/\/secry.me\/explore\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/secry.me","https:\/\/pinterest.com\/secry_me"]},{"@type":"Person","@id":"https:\/\/secry.me\/explore\/#\/schema\/person\/a0dca9413073b143bfc0db687dd0b0d6","name":"Christin","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/b5497f25505814356d5235813688d08a9e63670586640e4bb29680889eabcc9b?s=96&d=robohash&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/b5497f25505814356d5235813688d08a9e63670586640e4bb29680889eabcc9b?s=96&d=robohash&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/b5497f25505814356d5235813688d08a9e63670586640e4bb29680889eabcc9b?s=96&d=robohash&r=g","caption":"Christin"},"description":"A cybersecurity practitioner with more than 5 years of experience in the cybersecurity world. Has an interest in creating simple blog websites, learning about SEO and graphic design, writing, AI, and understanding the concepts of journalism. Intentionally created this website to make the world of cybersecurity more engaging by combining it with journalistic principles and presenting cybersecurity stories that are easy to understand, which can help anyone who wants to develop in the cybersecurity world.","sameAs":["https:\/\/secry.me\/explore"],"url":"https:\/\/secry.me\/explore\/author\/secry\/"}]}},"_links":{"self":[{"href":"https:\/\/secry.me\/explore\/wp-json\/wp\/v2\/posts\/3617","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/secry.me\/explore\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/secry.me\/explore\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/secry.me\/explore\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/secry.me\/explore\/wp-json\/wp\/v2\/comments?post=3617"}],"version-history":[{"count":6,"href":"https:\/\/secry.me\/explore\/wp-json\/wp\/v2\/posts\/3617\/revisions"}],"predecessor-version":[{"id":3619,"href":"https:\/\/secry.me\/explore\/wp-json\/wp\/v2\/posts\/3617\/revisions\/3619"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/secry.me\/explore\/wp-json\/wp\/v2\/media\/3625"}],"wp:attachment":[{"href":"https:\/\/secry.me\/explore\/wp-json\/wp\/v2\/media?parent=3617"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/secry.me\/explore\/wp-json\/wp\/v2\/categories?post=3617"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/secry.me\/explore\/wp-json\/wp\/v2\/tags?post=3617"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}