Loading...
logo logo
We've recently launched our latest blog page, keep up to date with the latest cyber security trends. View Now We've recently launched our latest blog page, keep up to date with the latest cyber security trends.

HTTP/2 CONTINUATION Flood Vulnerability: Protecting Against DoS Attacks

Vecurity Team

Mar 30, 2024 5 min read

Discover the newly identified CONTINUATION frame vulnerability in HTTP/2 protocol, codenamed HTTP/2 CONTINUATION Flood, and learn how it poses a significant risk for DoS attacks on servers. Find out the implications and the recommended mitigation strategies.

Introduction:

The digital security landscape has encountered a new challenge with the discovery of a vulnerability within the HTTP/2 protocol, specifically involving the CONTINUATION frame. This vulnerability, termed the "HTTP/2 CONTINUATION Flood," presents a novel method for potential attackers to initiate denial-of-service (DoS) attacks, threatening server stability and availability.

The Discovery of CONTINUATION Frame Exploit

Security researcher Bartek Nowotarski identified the CONTINUATION Flood vulnerability and reported it to the CERT Coordination Center on January 25, 2024. This issue stems from the mishandling of CONTINUATION frames, a component designed for efficient data transmission in the HTTP/2 protocol.

CERT/CC's Advisory and the Vulnerability's Mechanics

On April 3, 2024, CERT/CC issued an advisory highlighting that many HTTP/2 implementations fail to adequately limit or check the volume of CONTINUATION frames within a single stream, leading to potential server crashes or performance degradation due to out-of-memory conditions.

Understanding HTTP/2 and CONTINUATION Frames

HTTP/2 enhances the HTTP protocol by allowing header fields in requests and responses to be segmented into HEADER and CONTINUATION frames. The CONTINUATION frame, in particular, is used to extend a sequence of header block fragments, which, if misused, can lead to vulnerabilities.

The Threat: CONTINUATION Flood Explained

The CONTINUATION Flood vulnerability enables an attacker to create an unending stream of headers by sending HEADERS and CONTINUATION frames without the END_HEADERS flag. This relentless stream overwhelms the server's capacity to parse and store the information, leading to crashes or significant slowdowns.

Impact and Severity of the Vulnerability

Compared to previous threats like the Rapid Reset attack, the CONTINUATION Flood poses a more severe risk due to its ability to disrupt server availability with minimal effort from a single machine or TCP connection.

Affected Software and Mitigation Measures

Notable projects impacted by this vulnerability include Apache HTTP Server, Apache Tomcat, and Node.js, among others. Users of these projects are urged to update their software to the latest versions to mitigate the risks associated with this exploit.

Recommendations for Server Administrators

In the absence of immediate patches, server administrators may need to consider temporarily disabling HTTP/2 to safeguard against potential exploits, ensuring the continuity and security of their digital infrastructure.

Conclusion / TLDR:

The discovery of the CONTINUATION Flood vulnerability within the HTTP/2 protocol underscores the need for continuous vigilance and timely updates in the cybersecurity realm. By understanding the nature of this exploit and implementing recommended safeguards, organizations can protect themselves against potential DoS attacks.

Here at Vecurity, we can help with this problem, and you can learn more about our DDOS Protection here.

Subscribe to our newsletter

Stay ahead of the curve with our instant, informative security insights, straight to your mailbox.