Protecting Against HTTP/2 Rapid Reset: CVE-2023-44487

Today, Google disclosed a zero-day vulnerability in the HTTP/2 protocol. Imperva collaborated proactively with Google to gain advanced insights into this vulnerability.

After a comprehensive inspection of this vulnerability by Imperva’s Product Development and Threat Research teams, we can confirm that Imperva’s existing DDoS mitigation strategies effectively defend this specific attack vector. Our Cloud DDoS and Cloud WAF customers remain secure. Our WAF Gateway customers will soon be notified of a patch to handle this vulnerability.

Going forward, Imperva’s Threat Research team will monitor this vulnerability to prevent potential exploitation. We are committed to releasing patches, updates, and further details as necessary.

Our quick and continued response to threats like HTTP/2 Rapid Reset demonstrates why Imperva is a trusted advisor to our customers. It is also a reminder of the critical value our combination of market-leading products and services provides and our unique impact on the success of our customers’ businesses.

As a member of the security community, Imperva values its collaborations with companies such as Google and Fastly. Our world is more secure when our industry collaborates to tackle complex security challenges.

Additional Resources:

• If you need support, please access the Imperva Support Portal.
• If you need protection, contact us.

The post Protecting Against HTTP/2 Rapid Reset: CVE-2023-44487 appeared first on Blog.