Let's see how we can help you!
Leave a message and our dedicated advisor will contact you.
Send us a message
0/10000
HTTP/2: A New Vulnerability Threatens the Entire Internet
Published: 00:00 10/04/2025
Podatności
Attention Administrators: Your Servers May Be at Risk!
If you thought this would be a quiet week, I have some bad news. Security researchers have just disclosed a new, potentially catastrophic vulnerability in the HTTP/2 protocol. It has been dubbed "CONTINUATION Flood" (designated CVE-2025-43177), and it looks like it could cause a lot of trouble.
How Does the "CONTINUATION Flood" Attack Work?
In a nutshell, the HTTP/2 protocol, which powers a significant portion of the modern internet, has a flaw. An attacker can send a series of specially crafted packets (CONTINUATION frames) to a server without a proper termination signal. The server, attempting to process this endless stream of data, consumes all available RAM and CPU power, leading to it freezing or becoming completely paralyzed.
The worst part is that a single connection and a single computer are enough to carry out such an attack. You don't need an army of botnets to take down even a powerful machine. This makes "CONTINUATION Flood" an extremely dangerous tool for conducting Denial of Service (DoS) attacks.
What Does the Attack Look Like Step-by-Step?
To better understand what's happening "under the hood," let's walk through a simplified attack scenario. Imagine a conversation between a client and a server:
- Establishing a Connection: The attacker connects to the victim's server using the HTTP/2 protocol. This is a standard, innocent start to any session.
- Sending Headers: The attacker begins to send a request, starting with a
HEADERSframe. Think of it as starting a letter by writing the recipient's address. However, a small technical detail is key here: theEND_HEADERSflag is not set in this frame. This signals to the server, "Hey, this isn't all the headers, I'll send the rest in subsequent packets!" - The Flood of Continuations: Instead of finishing the headers, the attacker starts sending a continuous stream of subsequent frames –
CONTINUATIONframes. None of them have theEND_HEADERSflag either. - Resource Exhaustion: The server obediently receives each
CONTINUATIONframe, assembles them in memory, and waits for the end signal that never arrives. This leads to a rapid exhaustion of memory (RAM) and pushes CPU usage to 100%, ultimately causing the server to crash and resulting in a denial of service for legitimate users.
The "genius" of this attack lies in using a legitimate feature of the protocol in a malicious way, making it difficult to detect with traditional security systems.
Who Is Vulnerable?
The issue affects many popular implementations of the HTTP/2 protocol. The list of vulnerable technologies includes, among others:
- Node.js
- Apache HTTP Server
- Envoy
- Tempesta FW
- And many other libraries and servers.
If you manage a web infrastructure, there's a high probability that this problem affects you too.
What to Do? How to Live?
Fortunately, software vendors have already responded. Updates and patches that fix this critical vulnerability are now available. The recommendation is simple and straightforward: update your server software immediately! Delaying could cost you service stability and a lot of stress.
It seems we're in for a busy period of patching and securing systems. Stay vigilant!
Source: BleepingComputer
Aleksander
About the Author
Aleksander Zębrowski
Chief Technology Officer at SecurHub.pl
PhD candidate in neuroscience. Psychologist and IT expert specializing in cybersecurity.
Related Articles
Podatności
Critical "SessionReaper" Vulnerability in Adobe Commerce and Magento
Adobe warns of a critical vulnerability, CVE-2025-54236 "SessionReaper," which allows for customer account takeover in Adobe Commerce and Magento platforms.
13.09.2025
2 min
Podatności
Top Critical Vulnerabilities of the Week: September 2025
A review of the most dangerous cybersecurity vulnerabilities reported in the second week of September 2025—priority flaws concern Windows, Microsoft Office, Android, and ICS.
12.09.2025
4 min
Podatności
Cl0p Steals Data Through Oracle Vulnerability – Is Your Company Next in Line?
The Cl0p ransomware group exploited a zero-day in Oracle E-Business Suite (CVE-2025-61882), stealing data from multiple companies in August. Oracle just released a patch, but experts warn: check your systems now, as attacks continue.
06.10.2025
4 min
Comments
Loading comments...