HTTP/2 vulnerability: CONTINUATION Flood


Is there any announcement from AWS for the new http/2 vulnerability discovered and if/how affects AWS http/2 related services?

Vulnerability discovery announcement:

Sorry in advance if there is something posted which I haven't found!

1 Answer
Accepted Answer

AWS is aware of a recent publication from CERT/CC [1] related to HTTP/2 CONTINUATION frames, which can be used in a denial of service (DoS) attack. CloudFront, Application Load Balancer, and API Gateway are not affected by this issue.

Customers running their own web servers should use AWS Shield Advanced [2] and engage the Shield Response Team [3] to deploy mitigations in the event of a DoS attack.

Security-related questions or concerns can be brought to our attention via




profile pictureAWS
answered 2 months ago
profile picture
reviewed 2 months ago
  • Thanks for your answer! My main concern was about CloudFront, Application Load Balancer, and API Gateway :)

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions