CVE-2023-44487: HTTP/2 Rapid Reset DDoS

Q: What is the HTTP/2 Rapid Reset attack?

CVE-2023-44487 exploits HTTP/2 stream multiplexing to create massive DDoS attacks by rapidly opening and resetting streams. It enabled record-breaking 398M+ requests per second attacks.

HIGH

7.5HIGH

Published: 2023-10-10Affected: Multiple HTTP/2 implementationsCWE-400 ↗

What is the HTTP/2 Rapid Reset attack?

A novel DDoS attack vector exploiting the HTTP/2 RST_STREAM frame. Attackers rapidly open and cancel streams, consuming server resources while minimizing bandwidth usage. Enabled attacks exceeding 398 million requests per second.

Impact & Exploitation

Used in the largest DDoS attacks in history (Google reported 398M rps). Affected every major HTTP/2 implementation including Nginx, Apache, and cloud load balancers.

How Precogs AI Detects HTTP/2 Rapid Reset DDoS

Precogs AI Binary DAST detects HTTP/2 rapid reset susceptibility in compiled web servers and load balancers during runtime security testing.

Scan for CVE-2023-44487

Precogs Research

This vulnerability intelligence report was analyzed and enriched by the Precogs AI Security Team. Our researchers continuously monitor emerging threats across AI code, LLM pipelines, and binary architectures to ensure accurate real-time remediation guidance.

CVE-2023-44487: HTTP/2 Rapid Reset DDoS

What is the HTTP/2 Rapid Reset attack?

Impact & Exploitation

How Precogs AI Detects HTTP/2 Rapid Reset DDoS

Precogs Research

Base Score

Tags

Quick Links

Is your system affected?

What is the HTTP/2 Rapid Reset attack?

Impact & Exploitation

How Precogs AI Detects HTTP/2 Rapid Reset DDoS

Related Resources

🔍 Related CWE Entries

📋 OWASP Top 10

🔗 External References

Precogs Research

Base Score

Tags

Quick Links

Is your system affected?