Security researchers Gal Bar Nahum, Anat Bremler-Barr, and Yaniv Harel have published details of a "common design flaw" in implementations of the HyperText Transfer Protocol 2 (HTTP/2) allowing those with ill intent to create "massive Denial of Service attacks".

And, being the underpinnings of the modern web, HTTP/2 is widely deployed enough to mean that they had to coordinate disclosure with more than a hundred affected vendors.

"During recent research into HTTP/2, I found a DoS vulnerability I named MadeYouReset," Nahum explained in a blog post introducing the issue. "It lets an attacker create effectively unbounded concurrent work on servers while bypassing HTTP/2's built‑in concurrency limit.

It builds on the flaw behind 2023's 'Rapid Reset,' with a neat twist that slips past the us

See Full Page