Security Experts Discover New DoS Attack in HTTP/2 Protocol

With just a single connection, this vulnerability can easily crash servers.

Recent revelations in cybersecurity unveil a new menace lurking in the depths of the internet infrastructure.

Dubbed "CONTINUATION Flood," these vulnerabilities within the HTTP/2 protocol pose a security threat, potentially leading to devastating denial-of-service (DoS) attacks capable of crashing web servers with just a single TCP connection in certain implementations.

Understanding HTTP/2 Protocol and Its Vulnerabilities

HTTP/2, introduced as an upgrade to the HTTP protocol in 2015, aimed to revolutionize web performance by introducing features like binary framing for efficient data transmission, multiplexing for handling multiple requests and responses over a single connection, and header compression to reduce overhead. However, these enhancements have inadvertently opened the door to exploitation.

The Discovery of CONTINUATION Flood Vulnerabilities

According to Bleeping Computer, this alarming discovery of these vulnerabilities stems from the diligent efforts of researcher Barket Nowotarski.

Nowotarski identified flaws related to the use of HTTP/2 CONTINUATION frames, revealing that many implementations of the protocol lack proper limitations or checks.

"Out of Memory are probably the most boring yet severe cases. There is nothing special about it: no strange logic, no interesting race condition and so on," Nowotarski explains.

Mechanism of Attack

HTTP/2 messages consist of header and trailer sections serialized into blocks, which can be fragmented across multiple frames for transmission. The CONTINUATION frames play a crucial role in stitching these streams together.

However, the absence of adequate frame checks in numerous implementations enables threat actors to inundate servers with an excessive influx of frames, leading to catastrophic outcomes such as out-of-memory crashes or CPU resource depletion during frame processing.

Susceptibility of DoS Attacks

A range of CVE IDs corresponding to vulnerable HTTP/2 implementations highlights the severity of the issue.

From Node.js and Envoy to Apache Httpd and Apache Traffic Server, various platforms and libraries exhibit susceptibility to different forms of denial-of-service attacks, including memory leaks, CPU exhaustion, and excessive resource consumption.

The following vulnerabilities are as follow: CVE-2024-27983, CVE-2024-27919, CVE-2024-2758, CVE-2024-2653, CVE-2023-45288, CVE-2024-28182, CVE-2024-27316, CVE-2024-31309, and CVE-2024-30255.

Urgency of Action and Mitigation

The gravity of the situation necessitates immediate action from affected vendors and server administrators.

Upgrading servers and libraries to address the identified vulnerabilities is imperative to thwart potential exploitation by malicious actors. Moreover, enhancing server-side analytics capabilities to detect and mitigate suspicious traffic patterns is essential for improving defense mechanisms against future threats.

The cybersecurity industry is growing, and so are the tactics employed by cyber adversaries. As we always advise the users, they should always be careful in these kinds of tactics to mitigate the security risks in the future.

ⓒ 2024 TECHTIMES.com All rights reserved. Do not reproduce without permission.
Join the Discussion
Real Time Analytics