HTTP/2 Rapid Reset Attack Impacting NGINX Products

edited October 2023 in Technical

https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/

Double check your nginx config.


Mod Edit for context follows.

This blog post centers on a vulnerability that was recently discovered related to the HTTP/2 protocol. Under certain conditions, this vulnerability can be exploited to execute a denial-of-service attack on NGINX Open Source, NGINX Plus, and related products that implement the server-side portion of the HTTP/2 specification. To protect your systems from this attack, we’re recommending an immediate update to your NGINX configuration. ....

Thanked by (1)FrankZ

Comments

  • well, why don't you put an example which config is vulnerable and how's the advice on how to update it?

    Fuck this 24/7 internet spew of trivia and celebrity bullshit.

  • ialexpwialexpw OGServices Provider

    Seems that most default settings are OK, it's only if you've changed settings related keepalive requests or max streams.

    Relevant snippet;

    Thanked by (2)ATInDaHause xleet
Sign In or Register to comment.