The HTTP/2 Bomb security flaw is endangering web servers worldwide. As it-daily reports, a single client can bring down a server within seconds using a specially crafted HTTP/2 request. The widely used web servers NGINX, Apache HTTPD, and Microsoft IIS are affected.
The vulnerability exploits a weakness in the HTTP/2 protocol. The bomb request overloads the server’s memory, leading to a denial-of-service (DoS) attack. Attackers need no special privileges or large bandwidth.
Administrators should immediately install patches from vendors or take alternative protective measures. Details on the exact mechanism of the flaw have already been published.
Source: www.it-daily.net
