Internet-wide Vulnerability Enables Giant DDoS Attacks

A new DDoS vulnerability, “MadeYouReset,” has been discovered in the HTTP/2 protocol, allowing attackers to overwhelm servers by exploiting a flaw in stream management. This technique, similar to the previously addressed “Rapid Reset,” enables attackers to bypass the 100 stream limit by repeatedly canceling streams. While many vendors have patched the issue, some remain vulnerable, sparking debates about responsibility for addressing the problem.