Skip to content

Addressing the HTTP/2 CONTINUATION Flood Vulnerability

Original Post: HTTP/2 CONTINUATION Flood Vulnerability

HTTP/2 is a web communication protocol that divides data transmission into smaller messages called frames. HEADER frames are used to transmit HTTP headers and can be marked with flags like END_HEADERS and END_STREAM. A recent vulnerability, known as HTTP/2 CONTINUATION Flood, leverages the CONTINUATION frame to create an infinite stream of headers that can lead to Denial-of-Service attacks. Imperva’s Cloud WAF includes security mechanisms to prevent such attacks and offers additional protection for HTTP/2 connections. Imperva Threat Research is monitoring for new developments related to this vulnerability.

Go here to read the Original Post

Leave a Reply

Your email address will not be published. Required fields are marked *