Rapid Reset

Vulnerability updated 2 months ago (2024-11-29T14:40:15.390Z)
Download STIX
Preview STIX
The Rapid Reset vulnerability, officially designated as CVE-2023-44487, is a flaw in software design or implementation that allows for a unique form of Distributed Denial of Service (DDoS) attack. An attacker can exploit this vulnerability by sending a sequence of compressed HEADERS frames followed by RST_STREAM frames, thereby causing a denial of service. This method of attack has been termed "Rapid Reset." The vulnerability affects web servers with HTTP/2 capabilities, and its exploitation has led to some of the largest DDoS attacks on record, launched from relatively small botnets. These attacks have been particularly prevalent amid the Israeli conflict, with hacktivist groups on both sides launching several barrages of DDoS attacks. The Rapid Reset vulnerability came to light in October 2023 when Google and other entities disclosed its existence and potential for exploitation. In response to the revelation of this vulnerability, numerous vendors, including Microsoft, have released patches to safeguard against HTTP/2 rapid reset attacks. Despite the vulnerability, experts recommend continuing to use the HTTP/2 protocol due to its advantages over HTTP/1, suggesting disabling HTTP/2 only as a temporary mitigation strategy against Rapid Reset DDoS attacks. Microsoft, aside from addressing the Rapid Reset issue, has also released three updates to its Visual Studio development platform. These updates are separate from the company's efforts to combat the Rapid Reset vulnerability. Microsoft's response to the DDoS attacks has included strengthening layer 7 protections in their web service implementations and patching services to better protect customers from the impact of these attacks. The Health Information Sharing and Analysis Center (H-ISAC) and other ISACs have shared alerts about the vulnerability with their members, emphasizing the significant threat it poses.
Description last updated: 2024-03-13T17:19:00.293Z
What's your take? (Question 1 of 5)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at. Create a free account to see the source evidence for each alias, and help fix any errors.
Alias DescriptionVotes
CVE-2023-44487 is a possible alias for Rapid Reset. CVE-2023-44487 is a high-severity vulnerability discovered in web servers supporting HTTP/2, which allows threat actors to exploit the 'stream multiplexing' feature. This flaw enables attackers to send repeated requests and cancel them immediately, leading to a 'Rapid Reset' attack causing Denial of
4
Http/2 Rapid Reset is a possible alias for Rapid Reset. The HTTP/2 Rapid Reset is a software vulnerability (CVE-2023-44487) that was discovered during testing and later disclosed by Cloudflare. This flaw in the design or implementation of HTTP/2 protocol allows for a type of Distributed Denial-of-Service (DDoS) attack, specifically at layer 7. The vulner
3
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Ddos
Exploit
Google
Zero Day
Aws
Proxy
Denial of Se...
Vulnerability
Denial of Se...
Microsoft
Analyst Notes & Discussion
Be the first to leave your mark here! Log in to share your views and vote.
Source Document References
Information about the Rapid Reset Vulnerability was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
PreviewSource LinkCreatedAtTitle
CERT-EU
10 months ago
CERT-EU
a year ago
CERT-EU
a year ago
BankInfoSecurity
a year ago
CERT-EU
a year ago
CERT-EU
a year ago
InfoSecurity-magazine
a year ago
CERT-EU
a year ago
BankInfoSecurity
a year ago
CERT-EU
a year ago
CERT-EU
a year ago
CERT-EU
a year ago
CERT-EU
a year ago
CERT-EU
a year ago
CERT-EU
a year ago
Securityaffairs
a year ago
CERT-EU
a year ago
CERT-EU
a year ago
CERT-EU
a year ago
CERT-EU
a year ago