New attack exploits HTTP/2 stream cancellation flaw

Researchers discovered MadeYouReset, a new DDoS attack exploiting a design flaw in HTTP/2 stream cancellation. The vulnerability causes servers to process requests after streams are canceled, leading to unbounded concurrent requests on a single connection. Though not yet exploited in the wild, many major projects are affected, and patches are being released. The attack blends with normal traffic, making detection difficult, but mitigations exist to counter it.

Read more:

https://www.securityweek.com/madeyoureset-http2-vulnerability-enables-massive-ddos-attacks/