HTTP/2 Rapid Reset Attack - CVE-2023-44487

Date: Oct 10, 2023
Time: 12:30 pm NZST

Several sources have publicly released notifications relating to a critical vulnerability in the HTTP/2 protocol which supports mechanisms that, when abused, facilitate denial of service attacks against against selected web assets.

We can confirm that the RedShield service has protections in place for solutions that implement HTTP/2 based technology. Notably, AWS has implemented specific mitigations should traffic be detected as abusing this vulnerability.

We continuously monitor a range of sources for notifications of this type and will continue to take proactive steps to address such findings in any situation where our infrastructure could potentially be impacted.





Was this article helpful?
0 out of 0 found this helpful
Have more questions? Submit a request