A new HTTP/2 DoS vulnerability, CVE-2025-8671, allows attackers to cause server overloads by bypassing existing mitigations, mainly affecting unpatched implementations. Many vendors have responded with fixes, but some systems remain vulnerable. #HTTP2Vulnerability #MadeYouReset
Keypoints
- A new DoS vulnerability, CVE-2025-8671, exploits a flaw in certain HTTP/2 server implementations.
- The vulnerability bypasses protections from the βRapid Resetβ flaw by allowing unbounded concurrent server work.
- Discovered by Tel Aviv University researchers, the flaw can be exploited using crafted invalid control frames.
- Major vendors like Cloudflare and Akamai have confirmed their systems are not vulnerable.
- Many affected vendors, including Apache Tomcat and IBM WebSphere, have issued fixes or mitigations.
Read More: https://thecyberexpress.com/new-http-2-dos-vulnerability/