Mitigate Http/2 continuations with Imperva WAF

As the threat landscape continues to grow, with new breaches being announced every day, Imperva continues to stay one step ahead of attackers. HTTP/2 exploits seem to be growing every quarter as more attackers use this vulnerability in new ways.

We previously wrote about how Imperva protected its customers from the first HTTP/2 vulnerability, ‘Rapid Rest.’ “The HTTP/2 protocol allows clients to indicate that a previous stream should be canceled by sending a RST_STREAM frame. This feature is exploited in the HTTP/2 Rapid Reset attack, where the client opens a large number of streams at once and then cancels each request immediately. This allows each connection to have an indefinite number of requests in flight, creating an exploitable cost asymmetry between the server and the client.”

A new vulnerability has been identified.

As mentioned in a previous blog HTTP/2 CONTINUATION Flood Vulnerability, “Recently, a class of vulnerabilities in HTTP/2 implementations was published, dubbed HTTP/2 CONTINUATION Flood. This attack leverages the CONTINUATION frame that is being sent without setting the END_HEADERS, which in return creates an infinite stream of headers that HTTP/2 server would need to parse and store in memory. Attackers can exploit this feature to cause Denial-of-Service attacks by sending a large amount of CONTINUATION frames that will ultimately exhaust the server’s resources (CPU/memory) to the point that it might crash. The attack leverages the inherent functionality of the HTTP/2 protocol, making it particularly challenging to detect and mitigate without affecting normal traffic.”

Imperva WAF Does It Again

Imperva WAF is a critical component of a comprehensive Web Application and API Protection (WAAP) stack that secures from edge to database, so the traffic you receive is only the traffic you want. We provide the best website protection in the industry – PCI-compliant, automated security that integrates analytics to go beyond OWASP Top 10 coverage and reduces the risks created by third-party code.

Imperva WAF excels not only in its proactive defense against known threats but also in its real-time detection capabilities, which continuously alert our Threat Research teams to emerging threats. Our 24/7 Security Operations Center (SOC) and Threat Research diligently monitors not just your website, but the entirety of the internet, ensuring that any suspicious activity is swiftly identified and addressed. Moreover, our advanced algorithms enable us to detect and mitigate zero-day attacks before they even become public knowledge, providing unparalleled protection for our clients.

As you can see above, just like the HTTP/2 ‘Rapid Reset’ DDoS attack, Imperva WAF protects against the new CONTINUATION Flood attack. You will receive industry-leading analytics and the visibility into the attack you have come to expect from Imperva. With Imperva’s Threat Research team, Attack Analytics, and Cloud WAF, your business’s web presence will be protected from known and unknown threats.

Try Cloud WAF Today

If you are not a customer, trial Imperva Cloud WAF today!

Additional Resources:

If you’re a customer in need of support, please contact us through the Imperva Support Portal.

If you need protection from HTTP/2-based attacks, contact us.

The post Mitigate Http/2 continuations with Imperva WAF appeared first on Blog.