Hypertext Transfer Protocol version 2 (HTTP/2) Rapid Reset Vulnerability - 20231011001

Overview

The WA SOC has observed a rapid reset vulnerability that leverages stream multiplexing feature of the Hypertext Transfer Protocol version 2 (HTTP/2) a conection-oriented application layer protocol. The vulnerability affects web servers by causing additional load through rapid stream generation and cancellation, which allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly.

What is the vulnerability?

CVE-2023-44487 - CVSS v3 Base Score: N.A

What is vulnerable?

The vulnerability affects the following web servers;

• Amazon Web Services
• Cloudflare
• Google
• NGINX
• Microsoft

What has been observed?

The vulnerability has been exploited in the wild in August through October 2023. There is no evidence of exploitation affecting Western Australian Government networks at the time of publishing.

Recommendation

The WA SOC recommends administrators apply the solutions as per vendor instructions to all affected systems within an expected timeframe of 48 hours (refer Patch Management). Additionally, ensure all internet facing services are behind an appropriate Web Application Firewall:

• AWS
• Cloudflare
• Google
• NGINX
• Microsoft

Additional References

• CISA
• Bleeping Computer News