1. Forum
  2. tqwNet
  3. TQW_GENTECH

  • This hugely dangerous new DoS attack could crash web servers with

    From TechnologyDaily@1337:1/100 to All on Fri Apr 5 11:30:06 2024
    This hugely dangerous new DoS attack could crash web servers with just a single connection

    Date:
    Fri, 05 Apr 2024 11:24:35 +0000

    Description:
    Multiple platforms confirmed being vulnerable to a flaw dubbed CONTINUATION Flood.

    FULL STORY ======================================================================

    Cybersecurity researchers have recently discovered a new vulnerability in the HTTP/2 protocol, which allows threat actors to mount denial of service ( DoS
    ) attacks and even crash servers with a single TCP connection.

    The vulnerability relates to the use of HTTP/2 CONTINUATION frames, which is why the researcher who found it, Barket Nowotarski, dubbed it CONTINUATION Flood.

    As explained by BleepingComputer , HTTP/2 is the updated version of the HTTP protocol, standardized in 2015. Its goal was to improve web performance by introducing binary framing for efficient data transmission, multiplexing
    which allowed multiple requests and responses over a single connection, and header compression which reduced overhead. Multiple CVEs

    With HTTP/2 messages, header and trailer sections are serialized and placed into blocks, which can later be fragmented for transmission. CONTINUATION frames are then used to stitch them together, but thanks to the lack of
    proper frame checks, a threat actor can send too long of a frame. The CPU can end up crashing in an attempt to process these frames.

    "Out of Memory are probably the most boring yet severe cases. There is
    nothing special about it: no strange logic, no interesting race condition and so on," Nowotarski said. "The implementations that allow OOM simply did not limit the size of headers list built using CONTINUATION frames."

    "Implementations without header timeout required just a single HTTP/2 connection to crash the server."

    Depending on the implementation of HTTP/2, the vulnerabilities are tracked under a different CVE. Some are more disruptive than others, and can result
    in DoS attacks, memory leaks, memory consumption, and more:

    CVE-2024-27983, CVE-2024-27919, CVE-2024-2758, CVE-2024-2653, CVE-2023-45288, CVE-2024-28182, CVE-2024-27316, CVE-2024-31309, and CVE-2024-30255.

    Red Hat, SUSE Linux, Arista Networks, Apache HTTP Server Project, nghttp2, Node.js, AMPHP, and the Go Programming Language, have all since confirmed being vulnerable to at least one of these CVEs, BleepingComputer found. More from TechRadar Pro Google says it blocked the largest DDoS attack ever detected Here's a list of the best firewalls around today These are the best endpoint security tools right now



    ======================================================================
    Link to news story: https://www.techradar.com/pro/security/this-hugely-dangerous-new-dos-attack-co uld-crash-web-servers-with-just-a-single-connection


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)