Fixed In: v1.3.1 (EthanMedia Edge)
Fixed as of 2023-10-16
https://www.cve.org/CVERecord?id=CVE-2023-44487
Disclaimer: For our customers' protection, EthanMedia doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the EthanMedia security releases page.
The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.
EthanMedia is aware of CVE-2023-44487, also known as "HTTP/2 Rapid Reset Attack," related to HTTP/2 capable web servers where rapid stream generation and cancellation can result in additional load which could lead to a Denial of Service.
EthanMedia’s infrastructure is designed with various protections to address Layer 7 request floods, however, we have implemented additional mitigations to address this issue. EthanMedia also recommends customers who operate their own HTTP/2 capable web servers verify with their web server vendor to determine if they are affected and, if so, install the latest patches from their respective vendors to address this issue.
Any Questions or concerns please email [email protected]