AWS re:Post을(를) 사용하면 다음에 동의하게 됩니다. AWS re:Post 이용 약관
AWS re:Postre:Post

HTTP/2 vulnerability: CONTINUATION Flood

0

Is there any announcement from AWS for the new http/2 vulnerability discovered and if/how affects AWS http/2 related services?

Vulnerability discovery announcement: https://nowotarski.info/http2-continuation-flood/

Sorry in advance if there is something posted which I haven't found!

주제
보안, 신원 및 규정 준수네트워킹 및 콘텐츠 전송
태그
보안, 신원 및 규정 준수아마존 CloudFront애플리케이션 로드 밸런서
언어
English
fotag
질문됨 한 달 전288회 조회
1개 답변
1
수락된 답변

AWS is aware of a recent publication from CERT/CC [1] related to HTTP/2 CONTINUATION frames, which can be used in a denial of service (DoS) attack. CloudFront, Application Load Balancer, and API Gateway are not affected by this issue.

Customers running their own web servers should use AWS Shield Advanced [2] and engage the Shield Response Team [3] to deploy mitigations in the event of a DoS attack.

Security-related questions or concerns can be brought to our attention via aws-security@amazon.com.

[1] https://www.kb.cert.org/vuls/id/421644

[2] https://docs.aws.amazon.com/waf/latest/developerguide/aws-shield-use-case.html

[3] https://docs.aws.amazon.com/waf/latest/developerguide/ddos-srt-contacting.html

AWS
Yaniv Rozenboim
답변함 한 달 전
profile picture
전문가
Oleksii Bebych
검토됨 한 달 전
  • fotag
    한 달 전

    Thanks for your answer! My main concern was about CloudFront, Application Load Balancer, and API Gateway :)

로그인하지 않았습니다. 로그인해야 답변을 게시할 수 있습니다.

좋은 답변은 질문에 명확하게 답하고 건설적인 피드백을 제공하며 질문자의 전문적인 성장을 장려합니다.

질문 답변하기에 대한 가이드라인

관련 콘텐츠