Show thread๐•‚๐šž๐š‹๐š’๐š”โ„™๐š’๐šก๐šŽ๐š•1d ago

@flxtr anscheinend sind es die closed-source HTTP/2 server wider die, die noch nicht schnell gepatcht sind  https://tech.lgbt/@lerothas/116692832291204241

#http2 #break #http2Bomb #compression #web #http #nginx #Apache #httpd #Microsoft #IIS #Envoy #Cloudflare #Pingora #Apachehttpd #MicrosoftIIS #CloudflarePingora #webserver #server

Stefan 'lerothas' D. :v_gay2: (@[email protected])

Die Open Source Programme nginx und Apache httpd sind bereits gepatcht, die Closed Source Programme von u.a. MicroSlop sind noch angreifbar. Aber Open Source isr ja viel zu unsicher und eh nur Hobby Projekte. Nicht wahr? Nur ein Client nรถtig HTTP/2 Bomb legt Webserver in Sekunden lahm https://www.golem.de/news/nur-ein-client-noetig-http-2-bomb-legt-webserver-in-sekunden-lahm-2606-209396.html #nginx #apachehttpd #MicrosoftIIS #http2bomb #opensource

LGBTQIA+ and Tech
๐•‚๐šž๐š‹๐š’๐š”โ„™๐š’๐šก๐šŽ๐š•2d ago

Codex Discovered a Hidden HTTP/2 Bomb

14 years ago, I helped break HTTP header compression, then was asked to review the fix, which became part of HTTP/2. Life has come full circle: today we're releasing an attack I missed.

๐Ÿ’ฅ https://blog.calif.io/p/codex-discovered-a-hidden-http2-bomb

#http2 #break #http2Bomb #compression #web #http #nginx #Apache #httpd #Microsoft #IIS #Envoy #Cloudflare #Pingora #Apachehttpd #MicrosoftIIS #CloudflarePingora #webserver #server

Codex Discovered a Hidden HTTP/2 Bomb

14 years ago, I helped break HTTP header compression, then was asked to review the fix, which became part of HTTP/2. Life has come full circle: today we're releasing an attack I missed.

Calif