Your Servers Are Under Attack: New HTTP/2 “CONTINUATION Flood” Puts Web Apps At Risk!
Hold onto your hats, folks, because a nasty new HTTP/2 vulnerability has emerged, threatening to knock your web servers offline with a flood of malicious requests. This isn’t your average DDoS; it’s a protocol-level exploit that’s surprisingly effective and widespread.[1]
Researchers recently unveiled the “CONTINUATION Flood” attack, a severe denial-of-service vulnerability impacting numerous HTTP/2 implementations. This flaw exploits how servers handle HTTP/2 CONTINUATION frames, allowing an attacker to send a stream of specially crafted, unacknowledged frames that consume server resources and lead to a crash

