1 Risposta
- Più recenti
- Maggior numero di voti
- Maggior numero di commenti
1
AWS is aware of a recent publication from CERT/CC [1] related to HTTP/2 CONTINUATION frames, which can be used in a denial of service (DoS) attack. CloudFront, Application Load Balancer, and API Gateway are not affected by this issue.
Customers running their own web servers should use AWS Shield Advanced [2] and engage the Shield Response Team [3] to deploy mitigations in the event of a DoS attack.
Security-related questions or concerns can be brought to our attention via aws-security@amazon.com.
[1] https://www.kb.cert.org/vuls/id/421644
[2] https://docs.aws.amazon.com/waf/latest/developerguide/aws-shield-use-case.html
[3] https://docs.aws.amazon.com/waf/latest/developerguide/ddos-srt-contacting.html
con risposta un mese fa
Contenuto pertinente
- AWS UFFICIALEAggiornata 2 anni fa
- AWS UFFICIALEAggiornata un anno fa
Thanks for your answer! My main concern was about CloudFront, Application Load Balancer, and API Gateway :)