HTTP/2 Quick Reset Vulnerability Exploit (CVE-2023-44487)

HTTP/2 Quick Reset Vulnerability Exploit (CVE-2023-44487)

In the wake of the active exploitation of the CVE-2023-44487 HTTP/2 Rapid Reset Attack, Qualys has taken proactive steps to help organisations mitigate this threat. This attack, which exploits the stream multiplexing feature of HTTP/2, can cause server overload and potential Denial of Service.

Qualys has released a series of QIDs (Qualys Identifiers) to support the detection and remediation of this vulnerability across various technologies. For instance, the status of HTTP2 on Citrix NetScaler technology, including Maximum Concurrent Streams, is now available for detection with Qualys Custom Assessment and Remediation (CAR). Similarly, the status of the 'HTTP/2' feature on Windows and IIS hosts, as well as the 'concurrent-streams-per-connection' setting for F5 BIG-IP technology, can also be evaluated using CAR.

Moreover, Qualys Policy Compliance Control IDs have been updated to support recommended mitigation(s) for this issue. This includes the status of settings like 'limit_req', 'limit_conn', and 'keepalive_requests' for various server blocks and locations.

The Qualys Threat Research Unit is actively releasing additional QIDs in response to this attack. They emphasise that organisations should utilise comprehensive HTTP-flood protection tools, enhance DDoS defenses, implement rate controls, and update systems with available patches to strengthen against this vulnerability.

In addition to these measures, Qualys can help identify vulnerable assets by using QIDs for evaluating vendor-suggested mitigation with Policy Compliance (PC). Customers can launch a Web Application Scanning (WAS) scan to detect the CVE-2023-44487 HTTP/2 Rapid Reset attack, with QID 150732 being reported if Apache tomcat servers are vulnerable.

It's crucial for organisations to prioritise immediate system updates to protect against this attack, as urgent patching is essential. Qualys's continuous efforts to release QIDs and support for various technologies demonstrate their commitment to helping organisations maintain secure web infrastructures.

Read also:

• Reporter of Silenced Torment or Individual Recording Suppressed Agony
• JPMorgan Chase Announces Plans for a Digital Bank Launch in Germany's Retail Sector
• Urgent Action: Users of Smartphones Advised to Instantly Erase Specific Messages, as per FBI Admonition
• American self-driving vehicle company secures $40 million contract for LiDAR technology with United States robotaxi firm