Synology Security Synology-SA-23:14 HTTP/2 Rapid Reset Attack

Currently reading
Synology Security Synology-SA-23:14 HTTP/2 Rapid Reset Attack

More information on this vulnerability can be found in one of the links in the security alert.

The Problem with HTTP/2 Stream Resets​

After establishing a connection with a server, the HTTP/2 protocol allows clients to initiate concurrent streams for data exchange. Unlike previous iterations of the protocol, if an end user decides to navigate away from the page or halt data exchange for any other reason, HTTP/2 provides a method for canceling the stream. It does this by issuing an RST_STREAM frame to the server, saving it from executing work needlessly.

The vulnerability is exploited by initiating and rapidly canceling a large number of HTTP/2 streams over an established connection, thereby circumventing the server’s concurrent stream maximum. This happens because incoming streams are reset faster than subsequent streams arrive, allowing the client to overload the server without ever reaching its configured threshold.

From other reading, this sounds to be a pure denial of service rather than data exfiltration.
 

Create an account or login to comment

You must be a member in order to leave a comment

Create account

Create an account on our community. It's easy!

Log in

Already have an account? Log in here.

Similar threads

one more things to invest few hours to better future (security) :cool: in balance of data value
Replies
2
Views
1,791
CVE-2019-0211 allows local users to conduct privilege escalation attacks via a susceptible version of...
Replies
0
Views
1,362
Synology Security Synology-SA-24:06 XZ Utils
Apparently, we have been saved due Synology's out-dated software 🙃
Replies
1
Views
436
I'd like to try the new SS on my Experimental 720+ with HikVision and Ali Express ONVIF SS Cameras, but in...
Replies
1
Views
382
A vulnerability allows local users to execute arbitrary commands via a susceptible version of Synology...
Replies
0
Views
357
Synology Security Synology-SA-24:03 SRM
Multiple vulnerabilities allow remote attackers or remote authenticated users to inject arbitrary web...
Replies
0
Views
428
Synology Security Synology-SA-24:02 DSM
A vulnerability allows remote authenticated users to conduct phishing attacks via a susceptible version of...
Replies
0
Views
675

Welcome to SynoForum.com!

SynoForum.com is an unofficial Synology forum for NAS owners and enthusiasts.

Registration is free, easy and fast!

Back
Top