Multiple HTTP/2 Implementation Vulnerabilities

Original release date: August 14, 2019

The CERT Coordination Center (CERT/CC) has released information on vulnerabilities affecting HTTP/2 implementations. An attacker could exploit these vulnerabilities to cause a denial-of-service (DoS) condition. Attacks can consume excessive system resources and lead to distributed DoS (DDoS) attacks.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review CERT/CC’s Vulnerability Note VU#605641 for more information and refer to vendors for updates.

This product is provided subject to this Notification and this Privacy & Use policy.