Denial of Service Vulnerabilities Discovered in HTTP/2
ATT&CK techniques detected
T1190Exploit Public-Facing Application
81%
"on a closed stream changes the state of the stream to “ open, ” and this is the point at which apache allocates a worker process from its pool during the http / 2 connection. once the stream was opened and the worker process allocated, we started slowly transmitting the request b…"
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1498Network Denial of Service
44%
"pool for each incoming request. after the request is done, the worker process is freed back to the pool. in 2009, a security researcher named robert hanson, also known as “ rsnake, ” discovered a highly effective denial of service attack. it allowed an attacker to take down a ser…"
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1499Endpoint Denial of Service
31%
"pool for each incoming request. after the request is done, the worker process is freed back to the pool. in 2009, a security researcher named robert hanson, also known as “ rsnake, ” discovered a highly effective denial of service attack. it allowed an attacker to take down a ser…"
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
Summary
SETTINGS frame abuse and Slow POST attacks in HTTP/2 can lead to CPU and memory exhaustion.