As the threat landscape continues to grow, with new breaches being announced every day, Imperva continues to stay one step ahead of attackers. HTTP/2 exploits seem to be growing every quarter as more attackers use this vulnerability in new ways. We previously wrote about how Imperva protected its customers from the first HTTP/2 vulnerability, ‘Rapid Rest.’ “The HTTP/2 protocol allows clients to indicate that a previous stream should be canceled by sending a RST_STREAM frame. This feature is exploited in the HTTP/2 Rapid Reset attack, where the client opens a large number of streams at once and then cancels each request immediately. This allows each connection to have an indefinite number of requests in flight, creating an exploitable cost asymmetry between the server and the client.” **A new vulnerability has been identified. ** As mentioned in a previous blog HTTP/2 CONTINUATION Flood Vulnerability, “Recently, a class of vulnerabilities in HTTP/2 implementations was published, dubbed HTTP/2 CONTINUATION Flood. This attack leverages the CONTINUATION frame that is being sent without setting the END_HEADERS, which in return creates an infinite stream of headers that HTTP/2 server would need to parse and store in memory. Attackers can exploit this feature to cause Denial-of-Service attacks by sending a large amount of CONTINUATION frames that will ultimately exhaust the server’s resources (CPU/memory) to the point that it might crash. The attack leverages the inherent…Read More