Synology Security Synology-SA-23:14 HTTP/2 Rapid Reset Attack

Currently reading
Synology Security Synology-SA-23:14 HTTP/2 Rapid Reset Attack

More information on this vulnerability can be found in one of the links in the security alert.

The Problem with HTTP/2 Stream Resets​

After establishing a connection with a server, the HTTP/2 protocol allows clients to initiate concurrent streams for data exchange. Unlike previous iterations of the protocol, if an end user decides to navigate away from the page or halt data exchange for any other reason, HTTP/2 provides a method for canceling the stream. It does this by issuing an RST_STREAM frame to the server, saving it from executing work needlessly.

The vulnerability is exploited by initiating and rapidly canceling a large number of HTTP/2 streams over an established connection, thereby circumventing the server’s concurrent stream maximum. This happens because incoming streams are reset faster than subsequent streams arrive, allowing the client to overload the server without ever reaching its configured threshold.

From other reading, this sounds to be a pure denial of service rather than data exfiltration.
 

Create an account or login to comment

You must be a member in order to leave a comment

Create account

Create an account on our community. It's easy!

Log in

Already have an account? Log in here.

Old thread notice: There have been no replies in this thread for quite some time. The last reply was on .
The content in this thread may no longer be relevant. It might be better to open a new thread instead.

Similar threads

one more things to invest few hours to better future (security) :cool: in balance of data value
Replies
2
Views
1,684
CVE-2019-0211 allows local users to conduct privilege escalation attacks via a susceptible version of...
Replies
0
Views
1,248
Synology Security Synology-SA-24:02 DSM
A vulnerability allows remote authenticated users to conduct phishing attacks via a susceptible version of...
Replies
0
Views
481
Synology Security Synology-SA-24:01 DSM
I also noted that the initial remediation for all versions of DSM was to install DSM 7.2-64561. However, I...
Replies
6
Views
693
The vulnerabilities allow man-in-the-middle attackers to execute arbitrary code or access intranet...
Replies
0
Views
855
The vulnerabilities allow remote attackers to execute arbitrary code and remote users to bypass security...
Replies
0
Views
883
Synology Security Synology-SA-23:13 SRM
A vulnerability allow remote attackers to bypass security constraint via a susceptible version of Synology...
Replies
0
Views
668

Welcome to SynoForum.com!

SynoForum.com is an unofficial Synology forum for NAS owners and enthusiasts.

Registration is free, easy and fast!

Trending threads

Back
Top