Cloud Vulnerability DB
A community-led vulnerabilities database
Vulnerability DatabaseGHSA-vx74-f528-fxqg
GHSA-vx74-f528-fxqg:
vulnerability analysis and mitigation
Overview
The HTTP/2 Rapid Reset vulnerability (CVE-2023-44487) is a critical denial-of-service vulnerability discovered in the HTTP/2 protocol implementation that allows attackers to cause server resource consumption through rapid request cancellation. The vulnerability was actively exploited in the wild between August and October 2023. It affects a wide range of HTTP/2 server implementations including nginx, Apache Tomcat, Caddy, Akamai CDN, and F5 load balancers (CloudFlare Blog, CISA Alert).
Technical details
The vulnerability exploits HTTP/2's stream multiplexing feature by creating multiple streams and immediately canceling them using RST_STREAM frames before receiving a reply. This causes the server to allocate resources for processing frames while avoiding connection limits, leading to resource exhaustion. The vulnerability has a CVSS v3.1 score of 7.5 (High) with vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H (NVD, GitHub Advisory).
Impact
When exploited, this vulnerability can lead to severe denial-of-service conditions by exhausting server resources. Attackers have leveraged this vulnerability to conduct massive DDoS attacks, with some incidents reaching unprecedented sizes of up to 30 million requests per second. The attack affects the availability of web services while maintaining a relatively low bandwidth footprint (CloudFlare Blog).
Mitigation and workarounds
Organizations can mitigate this vulnerability through several approaches: 1) Update affected software to patched versions, 2) Disable HTTP/2 temporarily if updates aren't immediately available, 3) Implement rate limiting policies against HTTP/2 traffic, 4) Apply edge filtering through DDoS protection services, 5) Reduce HTTP/2 stream limits in server configurations. Specific vendor patches and configuration guidance are available for major implementations (Red Hat Security Bulletin, NGINX Blog).
Community reactions
The vulnerability disclosure prompted immediate response from major technology providers and security organizations. Cloud service providers like Cloudflare, Google Cloud, and Microsoft Azure quickly implemented mitigations. The security community highlighted the significance of this vulnerability, particularly due to its potential for amplifying DDoS attacks. CISA added this vulnerability to their Known Exploited Vulnerabilities Catalog, requiring federal agencies to apply patches (OpenSSF Blog).
Additional resources
Source: This report was generated using AI
Free Vulnerability Assessment
Benchmark your Cloud Security Posture
Evaluate your cloud security practices across 9 security domains to benchmark your risk level and identify gaps in your defenses.
Additional Wiz resources
Get a personalized demo
Ready to see Wiz in action?
"Best User Experience I have ever seen, provides full visibility to cloud workloads."
David EstlickCISO
"Wiz provides a single pane of glass to see what is going on in our cloud environments."
Adam FletcherChief Security Officer
"We know that if Wiz identifies something as critical, it actually is."
Greg PoniatowskiHead of Threat and Vulnerability Management