Skip to content
  • Categories
  • Recent
  • Popular
Collapse
Brand Logo
  1. Home
  2. Categories
  3. Technical subjects
  4. GoFAST - HTTP/2 Rapid Reset Attack (CVE-2023-44487)

GoFAST - HTTP/2 Rapid Reset Attack (CVE-2023-44487)

Scheduled Pinned Locked Moved Technical subjects
1 Posts 1 Posters 147 Views
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • B Offline
    B Offline
    bcrestani
    ADMIN SUPPORT-PROD
    wrote on last edited by
    #1

    On October 10, 2023, a vulnerability in the HTTP/2 protocol was discovered, allowing a Denial of Service attack. This vulnerability has been classified with a CVSS 3.x score of 7.5 (HIGH). (https://nvd.nist.gov/vuln/detail/CVE-2023-44487)

    This raises the question of the impact of this vulnerability on GoFAST. Initially, we use the HTTP/2 protocol for the platform's web services. However, we are not affected by this attack, as the values of the "keepalive_requests" and "http2_max_concurrent_streams" parameters are the default values in our web service configuration. You can read the nginx article on this subject here: https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/

    We will continue to monitor this vulnerability and, if necessary, add the "limit_conn" and "limit_req" parameters in the next version of GoFAST.

    1 Reply Last reply
    0
    Reply
    • Reply as topic
    Log in to reply
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes

    • Login
    • Don't have an account? Register
    • Search
    • First post
      Last post
    0
    • Categories
    • Recent
    • Popular
    • Search