HTTP/2 Rapid Reset Attack Impacting NGINX Products

www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/

Double check your nginx config.


Mod Edit for context follows.

This blog post centers on a vulnerability that was recently discovered related to the HTTP/2 protocol. Under certain conditions, this vulnerability can be exploited to execute a denial-of-service attack on NGINX Open Source, NGINX Plus, and related products that implement the server-side portion of the HTTP/2 specification. To protect your systems from this attack, we’re recommending an immediate update to your NGINX configuration. ….

Read more here: Source link