A critical flaw in server management software now lets hackers bypass key security measures – could this vulnerability leave your servers wide open to attack? Find out how a new discovery is shaking up cybersecurity.

https://thedefendopsdiaries.com/understanding-and-mitigating-cve-2024-54085-a-critical-bmc-vulnerability/

#cve202454085
#bmcsecurity
#servervulnerability
#authenticationbypass
#cybersecurity

HTTP/2 CONTINUATION Flood Vulnerability Analysis

Date: April 3, 2024
CVE: N/A
Vulnerability Type: CWE-400 (Resource Exhaustion)
CWE: [[CWE-400]]
Sources: nowotarski.info

Issue Summary

The CONTINUATION Flood vulnerability exploits a flaw in [[HTTP2 protocol]] implementations, causing server resource exhaustion. Identified by Bartek Nowotarski, it demonstrates a significant threat as it allows attackers to disrupt server availability with minimal resources. Unlike traditional attacks, this method is not visible in HTTP access logs, complicating detection and mitigation efforts.

Technical Key findings

Attackers initiate an infinite stream of CONTINUATION frames without the END_HEADERS flag, leading servers to allocate excessive resources for processing, resulting in CPU exhaustion or memory depletion. This vulnerability has been observed across various HTTP/2 implementations, including major servers like [[Apache]] and [[Node.js]]. The flaw's severity is amplified by its low detection rate, as affected requests do not appear in access logs.

Vulnerable products

Affected projects and products include [[Apache httpd]], [[Envoy]], and various HTTP/2 libraries, particularly in languages like [[Golang]], [[Ruby]], and [[Node.js]]. The vulnerability spans across implementations, affecting a broad range of servers utilizing HTTP/2.

Impact assessment

The CONTINUATION Flood vulnerability can severely impact server performance and availability. In extreme cases, it can crash servers or lead to a complete denial of service with minimal attacker effort. Its undetectability in standard logging mechanisms further complicates mitigation, potentially allowing attackers to exploit this vulnerability without immediate detection.

Patches or workaround

As of the reporting date, specific patches or workarounds were not mentioned. However, standard mitigation strategies for similar vulnerabilities include updating affected software, limiting frame sizes, and employing timeouts for incomplete header frame sequences.

Tags

#HTTP/2, #DoS, #ResourceExhaustion, #ServerVulnerability, #SecurityPatch

#ActuLibre GhostCat: New High-Risk Vulnerability Affects Servers Running Apache Tomcat -> http://feedproxy.google.com/~r/TheHackersNews/~3/6hrVzZ1lzyw/ghostcat-new-high-risk-vulnerability.html #remotecodeexecution #remotefileinclusion #servervulnerability #Localfileinclusion #serversecurity #Apacheexploit #ApacheTomcat #TomcatServer #hackingnews #Apache

GhostCat: New High-Risk Vulnerability Affects Servers Running Apache Tomcat https://thehackernews.com/2020/02/ghostcat-new-high-risk-vulnerability.html #remotecodeexecution #remotefileinclusion #servervulnerability #Localfileinclusion #serversecurity #Apacheexploit #ApacheTomcat #TomcatServer #hackingnews #Apache