HTTP/2, Brute! Then fall, server. Admin! Ops! The server is dead

HTTP/2, Brute! Then fall, server. Admin! Ops! The server is dead

Beware the denials of service: Netflix warns of eight networking bugs


On Tuesday, Netflix, working in conjunction with Google and CERT/CC, published a security advisory covering a series of vulnerabilities that enable denial of service attacks against servers running HTTP/2 services.


HTTP/2, like earlier versions, governs the application layer of the internet stack; it runs atop the transport layer (TCP), the network layer (IP), and data link layer of the internet. The eight CVEs disclosed do not allow information disclosure or modification, but they could be employed to overload servers.


"Today, a number of vendors have announced patches to correct this suboptimal behavior," the media streaming biz said in its post. "While we haven’t detected these vulnerabilities in our open source packages, we ar ..

Support the originator by clicking the read the rest link below.