Threat actors could leverage the novel HTTP/2 Continuation Flood denial-of-service attack technique to facilitate DDoS attacks more severe than record-breaking intrusions enabled by the Rapid Reset approach last year, according to SecurityWeek.
All websites and APIs leveraging the HTTP/2 protocol could be disrupted by using the Continuation Flood method, which involves vulnerabilities in various implementations of the protocol, from a single machine, indicating a significantly greater threat than Rapid Reset, noted cybersecurity researcher Bartek Nowotarski, who discovered the attack technique. Identifying compromise has also been made challenging due to lacking request visibility in HTTP access logs.
"Had it been exploited in the wild, this would have been very hard to debug without proper HTTP/2 knowledge by the server administrators. This is due to the fact that none of malicious HTTP requests connected to this vulnerability is properly closed," said Nowotarski.
Meanwhile, various vendors have already been issuing fixes for instances affected by the Continuation Flood issue.