SecurityWeek

‘HTTP/2 Bomb’ Exploit Knocks Web Servers Offline in Seconds

The HTTP/2 Bomb exploit chains two known denial-of-service (DoS) attack techniques to knock major web servers offline.
The Hacker News

New HTTP/2 Bomb Vulnerability Allows Remote DoS on NGINX, Apache, IIS, Envoy & Cloudflare

HTTP/2 Bomb exploits HPACK and flow control; a single client can hold 32GB memory in 20 seconds, causing server outages.
Opinion
HackadayOpinion

This Week In Security: Messing With AI, 7Zip And Notepad++ Vulnerabilities, HTTP2 Bomb, And More

With the rise of AI coding assistants continuing apparently unabated, some project maintainers have begun striking back. Ars Technica reports on projects putting hostile directions into the ...
InfoQ

LinkedIn Migrates Espresso to HTTP2 and Reduces Connections by 88% and Latency by 75%

A monthly overview of things you need to know as an architect or aspiring architect. Unlock the full InfoQ experience by logging in! Stay updated with your favorite authors and topics, engage with ...
Pro-Linux

Sicherheit: Denial of Service in mod_http2

Support und Foren rund um Linux, OpenSource und Freie Software. Angebote wie News, Berichte, Workshops, Tipps, Links und Kalender.
TWCN Tech News

ERR_HTTP2_Inadequate_Transport_Security error in Chrome

This post talks about how to fix ERR HTTP2 Inadequate Transport Security error in Google Chrome. Some users have encountered this error message while connecting to a ...
IT News For Australia Business

HTTP2 bug plagues web servers

A common misconfiguration in popular web servers that support HTTP2 exposes them to low-effort denial-of-service attacks, according to security researcher Bartek Nowotarski. What Nowotarski calls the ...