Critical internet flaw in the HTTP/2 protocol allows attackers to crash servers by overwhelming them with fake request streams. Security experts warn that unpatched systems face a significant risk of large-scale denial-of-service attacks.
What Researchers Found
Security researchers discovered a vulnerability, now nicknamed “MadeYouReset,” that targets the way HTTP/2 handles connection streams. Attackers can send multiple requests, cancel them in specific ways, and exploit improper handling of resets. This trick bypasses built-in limits and causes servers to keep processing canceled requests in the background.
The attack requires minimal bandwidth from the attacker while forcing the server to use significant resources. This imbalance makes it ideal for denial-of-service scenarios.
Why It’s Dangerous
Under normal conditions, HTTP/2 restricts concurrent streams to prevent overload. With this flaw, those limits become meaningless. Attackers can send thousands of hidden requests, consuming memory and CPU until the server crashes.
The vulnerability affects popular HTTP/2 implementations, including those used by major websites and cloud providers. Both small and large servers are at risk, though less powerful systems may fail faster.
Affected Systems
Any server using an unpatched version of HTTP/2 that processes web traffic is potentially vulnerable. That includes configurations found in hosting platforms, application servers, and enterprise infrastructure. The flaw has been confirmed in several open-source projects.
How to Stay Protected
Vendors are releasing updates to fix the flaw. Administrators should:
- Apply security patches immediately.
- Monitor network traffic for unusual patterns.
- Use rate-limiting where possible to slow attack attempts.
- Test server stability after applying updates.
Conclusion
Critical internet flaw in HTTP/2 exposes servers to low-cost but devastating attacks. Without patches, attackers can bypass safeguards and crash systems in minutes. Administrators should update their systems now to prevent downtime and protect services from disruption.
0 responses to “Critical internet flaw can crash servers with ease”