Se connecter

Recherches récentes

Aucune recherche récente

Options de recherche

Disponible uniquement lorsque vous êtes connecté.
framapiaf.org est l'un des nombreux serveurs Mastodon indépendants que vous pouvez utiliser pour participer au fédiverse.
Un service Mastodon fourni par l'association d’éducation populaire Framasoft.

Administré par :

Statistiques du serveur :

1,4K
comptes actifs

framapiaf.org: À proposÉtatAnnuaire des profilsPolitique de confidentialité

Mastodon: À proposTélécharger l’applicationRaccourcis clavierVoir le code sourcev4.3.7

#resourceexhaustion

0 message0 participant0 message aujourd’hui
🛡 H3lium@infosec.exchange/:~# :blinking_cursor:​<p><strong>HTTP/2 <code>CONTINUATION</code> Flood Vulnerability Analysis</strong></p><p><strong>Date</strong>: April 3, 2024<br><strong>CVE</strong>: N/A<br><strong>Vulnerability Type</strong>: CWE-400 (Resource Exhaustion)<br><strong>CWE</strong>: [[CWE-400]]<br><strong>Sources</strong>: <a href="https://nowotarski.info/http2-continuation-flood-technical-details" rel="nofollow noopener noreferrer" target="_blank">nowotarski.info</a></p><p><strong>Issue Summary</strong></p><p>The <code>CONTINUATION Flood</code> vulnerability exploits a flaw in [[HTTP2 protocol]] implementations, causing server resource exhaustion. Identified by Bartek Nowotarski, it demonstrates a significant threat as it allows attackers to disrupt server availability with minimal resources. Unlike traditional attacks, this method is not visible in HTTP access logs, complicating detection and mitigation efforts.</p><p><strong>Technical Key findings</strong></p><p>Attackers initiate an infinite stream of <code>CONTINUATION</code> frames without the <code>END_HEADERS</code> flag, leading servers to allocate excessive resources for processing, resulting in CPU exhaustion or memory depletion. This vulnerability has been observed across various HTTP/2 implementations, including major servers like [[Apache]] and [[Node.js]]. The flaw's severity is amplified by its low detection rate, as affected requests do not appear in access logs.</p><p><strong>Vulnerable products</strong></p><p>Affected projects and products include [[Apache httpd]], [[Envoy]], and various HTTP/2 libraries, particularly in languages like [[Golang]], [[Ruby]], and [[Node.js]]. The vulnerability spans across implementations, affecting a broad range of servers utilizing HTTP/2.</p><p><strong>Impact assessment</strong></p><p>The <code>CONTINUATION Flood</code> vulnerability can severely impact server performance and availability. In extreme cases, it can crash servers or lead to a complete denial of service with minimal attacker effort. Its undetectability in standard logging mechanisms further complicates mitigation, potentially allowing attackers to exploit this vulnerability without immediate detection.</p><p><strong>Patches or workaround</strong></p><p>As of the reporting date, specific patches or workarounds were not mentioned. However, standard mitigation strategies for similar vulnerabilities include updating affected software, limiting frame sizes, and employing timeouts for incomplete header frame sequences.</p><p><strong>Tags</strong></p><p><a href="https://infosec.exchange/tags/HTTP" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>HTTP</span></a>/2, <a href="https://infosec.exchange/tags/DoS" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>DoS</span></a>, <a href="https://infosec.exchange/tags/ResourceExhaustion" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ResourceExhaustion</span></a>, <a href="https://infosec.exchange/tags/ServerVulnerability" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ServerVulnerability</span></a>, <a href="https://infosec.exchange/tags/SecurityPatch" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>SecurityPatch</span></a></p>
Harry Sintonen<p>Several <a href="https://infosec.exchange/tags/DNSSEC" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>DNSSEC</span></a> related <a href="https://infosec.exchange/tags/vulnerabilities" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>vulnerabilities</span></a> disclosed resulting in <a href="https://infosec.exchange/tags/resourceexhaustion" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>resourceexhaustion</span></a> and potential <a href="https://infosec.exchange/tags/denialofservice" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>denialofservice</span></a> of DNS servers. If you're running DNS server(s) such as <a href="https://infosec.exchange/tags/Bind" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Bind</span></a>, <a href="https://infosec.exchange/tags/Unbound" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Unbound</span></a> or <a href="https://infosec.exchange/tags/PowerDNS" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>PowerDNS</span></a> update as soon as possible. Apparently also <a href="https://infosec.exchange/tags/dnsmasq" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>dnsmasq</span></a> is affected. <a href="https://www.theregister.com/2024/02/13/dnssec_vulnerability_internet/" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">theregister.com/2024/02/13/dns</span><span class="invisible">sec_vulnerability_internet/</span></a> <a href="https://infosec.exchange/tags/infosec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>infosec</span></a> <a href="https://infosec.exchange/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>cybersecurity</span></a></p>
ExplorerFlux en direct
À propos