October 29, 2023
In a joint disclosure, notable cloud computing, SaaS, and CDN operators shared their collective encounters in mitigating formidable DDoS attacks leveraging the HTTP/2 protocol. These attacks utilize a zero-day technique known as 'Rapid Reset,' which has been assigned the vulnerability identifier CVE-2023-44487. The vector has been actively exploited to orchestrate impactful DDoS attacks specifically aimed at HTTP/2-enabled servers, services, and applications across various service delivery platforms.
The 'Rapid Reset' technique exploits the 'stream multiplexing' capability of HTTP/2, wherein a multitude of requests followed by immediate cancellations places a significant workload on the server side while incurring minimal costs for the client-side attacker. This attack capitalizes on a feature within HTTP/2 by repetitively sending and terminating requests, leading to the disruption of the targeted website or application's proper functioning. Although HTTP/2 incorporates a safeguard to limit the number of active streams for protection against DoS attacks, its effectiveness is not always guaranteed. The protocol permits clients to cancel streams without requiring the server's consent, a vulnerability that is exploited in this attack. Botnets can generate an enormous volume of requests, thereby posing a severe threat to the targeted web infrastructures.
In response to the CVE-2023-44487 HTTP/2 ‘Rapid Reset’ attack, urgent patching is essential. Organizations that operate HTTP/2-enabled web servers should adhere to the remediation steps outlined in the joint disclosure. This includes deploying the relevant patched software versions and implementing recommended configuration changes as advised.
While closely monitoring the situation, we have determined that our products were not impacted by the ongoing developments. Specifically, our products are fortified with proprietary code developed in-house by Nexusguard. Our unwavering commitment to developing products with resource optimization in mind enables us to remain unaffected by CPU issues. By prioritizing efficiency and strategic resource allocation, we have built robust solutions that effectively navigate and mitigate any challenges posed by CPU-related issues. Moreover, Nexusguard customers can have peace of mind knowing that we are committed to conducting rigorous testing and maintaining constant vigilance through meticulous monitoring.
If you suspect that you have been impacted by this vulnerability, it is imperative to seek specialist assistance immediately.
Nexusguard's Application Protection is a robust and all-encompassing security solution that offers unparalleled defense against a wide range of attacks spanning L3-L4 and L7 layers. This comprehensive solution ensures comprehensive protection against even potential zero-day attacks, safeguarding your applications with utmost efficiency and effectiveness.
For further information, please read about Nexusguard’s Application Protection or reach out to us via our emergency contact form.