AIThe Register1 day ago

OpenAI's Codex agent uncovers HTTP/2 Bomb DoS exploit

3 min read

OpenAI's Codex agent helped uncover an HTTP/2 exploit called HTTP/2 Bomb that can crash web servers in seconds. The attack chains HPACK compression bomb and Slowloris-style hold techniques on default HTTP/2 setups of nginx, Apache, Microsoft IIS, Envoy, and Cloudflare Pingora. As of Thursday, Microsoft IIS and Cloudflare Pingora lack patches though Cloudflare says no patch is needed. Upwards of 880,000 websites using vulnerable servers may be affected.

Level

Hype check

Tap to vote and see what everyone thinks.

#openai #http2 #dos

Read full story

More to chew on!

Security3 days ago

'HTTP/2 Bomb' Exploit Knocks Web Servers Offline in Seconds

AI3 days ago

HTTP/2 Bomb Vulnerability Found in NGINX, Apache, IIS, Envoy, Cloudflare