1 Answer
- Newest
- Most votes
- Most comments
1
AWS is aware of a recent publication from CERT/CC [1] related to HTTP/2 CONTINUATION frames, which can be used in a denial of service (DoS) attack. CloudFront, Application Load Balancer, and API Gateway are not affected by this issue.
Customers running their own web servers should use AWS Shield Advanced [2] and engage the Shield Response Team [3] to deploy mitigations in the event of a DoS attack.
Security-related questions or concerns can be brought to our attention via aws-security@amazon.com.
[1] https://www.kb.cert.org/vuls/id/421644
[2] https://docs.aws.amazon.com/waf/latest/developerguide/aws-shield-use-case.html
[3] https://docs.aws.amazon.com/waf/latest/developerguide/ddos-srt-contacting.html
answered 20 days ago
Relevant content
- asked 2 years ago
- Accepted Answerasked 2 years ago
- AWS OFFICIALUpdated 6 months ago
- AWS OFFICIALUpdated a year ago
- AWS OFFICIALUpdated a year ago
- AWS OFFICIALUpdated 2 years ago
Thanks for your answer! My main concern was about CloudFront, Application Load Balancer, and API Gateway :)