Intrusion PreventionHTTP2.Continuation.Frame.Flood.DoS
Description
This indicates an attack attempt to exploit a DoS vulnerability in a HTTP2 Server.
The vulnerability is due to an error in the vulnerable application when handling maliciously crafted HTTP2 Continuation frames. Successful exploitation could potentially allow denial of service to be performed.
Affected Products
Node.js prior to 18.20
Node.js prior to 20.12
Node.js prior to 21.7.1
Envoy 1.29.x prior to 1.29.3
Envoy 1.28.x prior to 1.28.2
Envoy 1.27.x prior to 1.27.4
Envoy 1.26.x prior to 1.26.8
Tempesta prior to 0.7.1
AMPHP prior to 4.1.0-rc1
Go net/http prior to go1.21.9
Go net/http go1.22.0-0 prior to go1.22.2
Go golang.org/x/net/http2 prior to before v0.23.0
nghttp2 prior to 1.61.0
Apache HTTP Server prior to 2.4.58
Apache Traffic Server 8.0.0 prior to 8.1.9
Apache Traffic Server 9.0.0 prior to 9.2.3
Impact
Denial of Service: Remote attackers can crash vulnerable systems.
Recommended Actions
Apply the most recent upgrade or patch from the vendor.
Telemetry
Coverage
| IPS (Regular DB) | |
| IPS (Extended DB) |
Version Updates
| Date | Version | Detail |
|---|---|---|
| 2024-05-01 | 27.778 | Sig Added |
| 2024-04-29 | 27.776 | Default_action:pass:drop |
| 2024-04-17 | 27.770 |
| ID | 55562 |
| Created | Apr 16, 2024 |
| Updated | May 01, 2024 |
| Risk |
|
| CVE ID | CVE-2024-2758 CVE-2023-45288 CVE-2024-27983 CVE-2024-24549 CVE-2024-2653 CVE-2024-30255 CVE-2024-31309 CVE-2024-28182 CVE-2024-27919 CVE-2024-27316 |
| Exploit Prediction Score | 0.04% |
| Default Action | drop |
| Active | |
| Affected OS | All |
| Affected App | Apache, Other |