Cloud Vulnerability DB
An open project to list all known cloud vulnerabilities and Cloud Service Provider security issues
Vulnerability DatabaseGHSA-xpw8-rcwv-8f8p
GHSA-xpw8-rcwv-8f8p:
Java vulnerability analysis and mitigation
Overview
The HTTP/2 Rapid Reset Attack (CVE-2023-44487) is a critical vulnerability discovered in the HTTP/2 protocol that enables denial of service attacks through rapid stream resets. The vulnerability was actively exploited in the wild between August and October 2023, leading to some of the largest DDoS attacks ever recorded. The vulnerability affects any system implementing HTTP/2 protocol that doesn't have proper stream reset limitations (Cloudflare Blog, Google Cloud Blog).
Technical details
The vulnerability exploits the HTTP/2 protocol's stream management mechanism by allowing attackers to initiate and rapidly reset multiple streams, causing significant server resource consumption. The attack involves sending numerous RST (reset) frames in quick succession, overwhelming server resources and potentially leading to denial of service. The vulnerability has a CVSS v3.1 base score of 7.5 (HIGH) with vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H, indicating its high severity and potential for remote exploitation without requiring privileges or user interaction (NVD).
Impact
The vulnerability's impact is severe, enabling attackers to launch massive DDoS attacks that have broken previous records. Google Cloud reported mitigating an attack that peaked at 398 million requests per second. The attack can cause significant server resource consumption and potential service disruption across a wide range of HTTP/2 implementations (Google Cloud Blog, Cloudflare Blog).
Mitigation and workarounds
Vendors have released patches and mitigations to address the vulnerability. The primary mitigation strategy involves implementing rate limiting on stream resets and monitoring for abnormal patterns of RST frames. Organizations are advised to update their HTTP/2 implementations to versions that include protections against rapid reset attacks. For systems that cannot be immediately patched, implementing rate limiting at the network level can help mitigate the risk (Microsoft Advisory, Nginx Blog).
Community reactions
The vulnerability has garnered significant attention from the cybersecurity community and major technology providers. Cloud service providers and CDN operators have reported successfully mitigating attacks exploiting this vulnerability. The incident has led to broader discussions about HTTP/2 protocol security and the need for better stream management controls (OpenSSF Blog).
Additional resources
Source: This report was generated using AI
Free Vulnerability Assessment
Benchmark your Cloud Security Posture
Evaluate your cloud security practices across 9 security domains to benchmark your risk level and identify gaps in your defenses.
Get a personalized demo
Ready to see Wiz in action?
“Best User Experience I have ever seen, provides full visibility to cloud workloads.”
David EstlickCISO
“Wiz provides a single pane of glass to see what is going on in our cloud environments.”
Adam FletcherChief Security Officer
“We know that if Wiz identifies something as critical, it actually is.”
Greg PoniatowskiHead of Threat and Vulnerability Management