Rapid Reset

Vulnerability Profile Updated 2 months ago
Download STIX
Preview STIX
The Rapid Reset vulnerability, officially designated as CVE-2023-44487, is a flaw in software design or implementation that allows for a unique form of Distributed Denial of Service (DDoS) attack. An attacker can exploit this vulnerability by sending a sequence of compressed HEADERS frames followed by RST_STREAM frames, thereby causing a denial of service. This method of attack has been termed "Rapid Reset." The vulnerability affects web servers with HTTP/2 capabilities, and its exploitation has led to some of the largest DDoS attacks on record, launched from relatively small botnets. These attacks have been particularly prevalent amid the Israeli conflict, with hacktivist groups on both sides launching several barrages of DDoS attacks. The Rapid Reset vulnerability came to light in October 2023 when Google and other entities disclosed its existence and potential for exploitation. In response to the revelation of this vulnerability, numerous vendors, including Microsoft, have released patches to safeguard against HTTP/2 rapid reset attacks. Despite the vulnerability, experts recommend continuing to use the HTTP/2 protocol due to its advantages over HTTP/1, suggesting disabling HTTP/2 only as a temporary mitigation strategy against Rapid Reset DDoS attacks. Microsoft, aside from addressing the Rapid Reset issue, has also released three updates to its Visual Studio development platform. These updates are separate from the company's efforts to combat the Rapid Reset vulnerability. Microsoft's response to the DDoS attacks has included strengthening layer 7 protections in their web service implementations and patching services to better protect customers from the impact of these attacks. The Health Information Sharing and Analysis Center (H-ISAC) and other ISACs have shared alerts about the vulnerability with their members, emphasizing the significant threat it poses.
What's your take? (Question 1 of 5)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.
IDVotesProfile Description
CVE-2023-44487
4
CVE-2023-44487 is a high-severity vulnerability discovered in web servers supporting HTTP/2, which allows threat actors to exploit the 'stream multiplexing' feature. This flaw enables attackers to send repeated requests and cancel them immediately, leading to a 'Rapid Reset' attack causing Denial of
Http/2 Rapid Reset
3
The HTTP/2 Rapid Reset is a software vulnerability (CVE-2023-44487) that has been exploited to launch record-breaking Distributed Denial-of-Service (DDoS) attacks. Disclosed by Cloudflare in a blog post, this flaw enables attackers to open a large number of streams at once and then immediately cance
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Google
Ddos
Exploit
Aws
Zero Day
Proxy
Microsoft
Denial of Se...
Vulnerability
Denial of Se...
Cloudflare
Ransomware
Botnet
Zero Day
Nginx
Log4j
Azure
Skype
Associated Malware
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
WannaCryUnspecified
1
WannaCry is a type of malware, specifically ransomware, that caused significant global disruption in 2017. It exploited Windows SMBv1 Remote Code Execution Vulnerabilities (CVE-2017-0144, CVE-2017-0145, CVE-2017-0143), which allowed it to spread rapidly and infect over 200,000 machines across more t
NotPetyaUnspecified
1
NotPetya is a notorious malware that was unleashed in 2017, primarily targeting Ukraine but eventually impacting systems worldwide. This malicious software, which initially appeared to be ransomware, was later revealed to be data destructive malware, causing widespread disruption rather than seeking
Associated Threat Actors
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Vulnerabilities
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
CVE-2023-41763Unspecified
1
CVE-2023-41763 is a significant software vulnerability, identified as an elevation of privilege flaw, found within Microsoft's Skype for Business. This zero-day vulnerability allows malicious actors to gain unauthorized access and control over affected systems, posing a severe risk to the integrity,
CVE-2023-36563Unspecified
1
CVE-2023-36563 is a critical information disclosure vulnerability discovered in Microsoft WordPad. The flaw, categorized as a zero-day bug, was one of the twelve vulnerabilities rated as 'Critical' among 104 issues addressed by Microsoft. The vulnerability was exploited actively in the wild, affecti
Source Document References
Information about the Rapid Reset Vulnerability was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
SourceCreatedAtTitle
CERT-EU
4 months ago
Multiple vulnerabilities in Fortigate NGFW on Siemens RUGGEDCOM APE1808 devices
CERT-EU
4 months ago
Multiple vulnerabilities in IBM Engineering Requirements Management DOORS/DWA
CERT-EU
6 months ago
Multiple vulnerabilities in Oracle Communications Cloud Native Core Network Slice Selection Function
BankInfoSecurity
9 months ago
Could Middle Eastern Cyberwarfare Spill Into Health Sector?
CERT-EU
7 months ago
A year in review: 10 of the biggest security incidents of 2023
CERT-EU
7 months ago
Multiple vulnerabilities in IBM Cloud Pak for Business Automation
InfoSecurity-magazine
7 months ago
Geopolitics to Blame For DoS Surge in Europe, Says ENISA
CERT-EU
9 months ago
Multiple vulnerabilities in Red Hat Advanced Cluster Security for Kubernetes 4.0
BankInfoSecurity
9 months ago
Zero-Day Attacks Exploit 'Rapid Reset' Weakness in HTTP/2
CERT-EU
9 months ago
Cloudflare helps discover new online threat that led to largest attack in internet history
CERT-EU
9 months ago
HTTP/2 Zero-Day Vulnerability Results in Record-Breaking DDoS Attacks – GIXtools
CERT-EU
9 months ago
CVE-2023-44487 HTTP/2 Rapid Reset Attack | Qualys Security Blog
CERT-EU
9 months ago
Microsoft WordPad can be exploited to take over systems
CERT-EU
9 months ago
Rapid Reset among Microsoft’s 105 patches for October
CERT-EU
9 months ago
HTTP2 zero-day enabled record-setting DDoS attacks
Securityaffairs
9 months ago
New 'HTTP/2 Rapid Reset' technique behind record-breaking DDoS attacks
CERT-EU
9 months ago
SUSE update for go1.21
CERT-EU
9 months ago
Weekly Vulnerability Recap – October 16, 2023 – Apple & Linux Vulnerabilities
CERT-EU
9 months ago
Red Hat Enterprise Linux 9.0 Extended Update Support update for dotnet6.0
CERT-EU
9 months ago
Google, Cloudflare, And Amazon Prevent Record-Breaking DDoS Attack