In a joint disclosure by several well-known cloud computing, SaaS, and CDN operators, a new HTTP/2 application-layer DDoS attack vector (CVE-2023-44487) has been described which has been used in the wild to generate high-impact DDoS attacks specifically targeting HTTP/2-enabled servers, services, and applications on their respective service delivery platforms.
HTTP/2 ‘Rapid Reset’ Application-Layer DDoS Attacks Targeting Shared Cloud Computing, SaaS, and CDN Infrastructure Providers
