En utilisant AWS re:Post, vous acceptez les AWS re:Post Conditions d’utilisation
AWS re:Postre:Post

HTTP/2 vulnerability: CONTINUATION Flood

0

Is there any announcement from AWS for the new http/2 vulnerability discovered and if/how affects AWS http/2 related services?

Vulnerability discovery announcement: https://nowotarski.info/http2-continuation-flood/

Sorry in advance if there is something posted which I haven't found!

Sujets
Sécurité, identité et conformitéRéseaux et diffusion de contenu
Balises
Sécurité, identité et conformitéAmazon CloudFrontApplication Load Balancer
Langue
English
fotag
demandé il y a un mois292 vues
1 réponse
1
Réponse acceptée

AWS is aware of a recent publication from CERT/CC [1] related to HTTP/2 CONTINUATION frames, which can be used in a denial of service (DoS) attack. CloudFront, Application Load Balancer, and API Gateway are not affected by this issue.

Customers running their own web servers should use AWS Shield Advanced [2] and engage the Shield Response Team [3] to deploy mitigations in the event of a DoS attack.

Security-related questions or concerns can be brought to our attention via aws-security@amazon.com.

[1] https://www.kb.cert.org/vuls/id/421644

[2] https://docs.aws.amazon.com/waf/latest/developerguide/aws-shield-use-case.html

[3] https://docs.aws.amazon.com/waf/latest/developerguide/ddos-srt-contacting.html

AWS
Yaniv Rozenboim
répondu il y a un mois
profile picture
EXPERT
Oleksii Bebych
vérifié il y a un mois
  • fotag
    il y a un mois

    Thanks for your answer! My main concern was about CloudFront, Application Load Balancer, and API Gateway :)

Vous n'êtes pas connecté. Se connecter pour publier une réponse.

Une bonne réponse répond clairement à la question, contient des commentaires constructifs et encourage le développement professionnel de la personne qui pose la question.

Instructions pour répondre aux questions

Contenus pertinents