Skip to main content

Decoding HTTP/2 Rapid Reset Zero-Day (CVE-2023-44487) Exploited

Health-ISAC is distributing this bulletin for your situational awareness.

 

width=

On October 10, 2023, DDoS Protection firm CloudFlare, in conjunction with Google and Amazon AWS released a statement regarding the discovery of a zero-day vulnerability which could generate massive hyper-volumetric Distributed Denial of Service (DDoS) attacks. The largest attack ever recorded at CloudFlare before the exploit of HTTP/2 Rapid Reset Zero-Day was 71 million requests per second (rps). The attack using the CVE-2023-44487 resulted in an attack which peaked at over 201 million rps.

This zero-day was brought to the attention of Cloudflare in late August 2023 when it was being developed by an unknown threat actor. Later, Cloudflare observed this zero-day exploit being used in conjunction with DDoS botnets to create DDoS attacks with unprecedented volumes.

NOTE: On October 10, 2023, at 12pm ET, Health-ISAC’s Threat Operations Center held a Spotlight webinar to discuss what Cloudflare has seen: the vulnerability, impacts seen, and recommendations to address the issue.

[pdf-embedder url=”https://h-isac.org/tmp24/wp-content/uploads/2023/10/10-10-Spotlight-webinar-TLP-WHITE-c0fe0cdd-Decoding-HTTP_2-Rapid-Reset-Zero-Day-CVE-2023-44487-Exploited.pdf” title=”10-10 Spotlight webinar TLP WHITE – c0fe0cdd – Decoding HTTP_2 Rapid Reset Zero-Day (CVE-2023-44487) Exploited”]

This site is registered on Toolset.com as a development site.