New HTTP/2 Bomb Vulnerability Allows Remote DoS on NGINX, Apache, IIS, Envoy & Cloudflare

Cybersecurity researchers have discovered a remote denial-of-service exploit that affects major web servers, including NGINX, Apache HTTPD, Microsoft IIS, Envoy, and Cloudflare Pingora.

The vulnerability has been codenamed HTTP/2 Bomb by Calif.

„The vulnerable behavior exists in each server’s default HTTP/2 configuration,“ the company said, adding it was discovered by OpenAI Codex by chaining

Quelle: Zum Originalbeitrag