// CloudflareHIGH
An HTTP/2 vulnerability dubbed 'HTTP/2 Bomb' affects Cloudflare and other server platforms including NGINX, Apache, IIS, and Envoy. The flaw exploits HPACK header compression and HTTP/2 flow control mechanisms, allowing a single client to consume up to 32GB of server memory in approximately 20 seconds, causing denial-of-service conditions and server outages.
- New HTTP/2 Bomb Vulnerability Allows Remote DoS on NGINX, Apache(opens in a new tab)
- HTTP/2 Bomb Remote DoS Exploit Impacts nginx, Apache, IIS, Envoy(opens in a new tab)
- HTTP/2 Bomb — Remote DoS Exploit Hits nginx, Apache, IIS, Envoy,(opens in a new tab)
- 'HTTP/2 Bomb' Exploit Knocks Web Servers Offline in Seconds - Se(opens in a new tab)
- OpenAI Codex Uncovers HTTP/2 Bomb DoS Exploit Affecting nginx, A(opens in a new tab)
// Get alerts for Cloudflare