HTTP/2 Rapid Reset - Zero-Day Vulnerability

HTTP/2 Zero-Day Vulnerabilit

So far I can see we use for keepalive_requests 10 000 instead of 1000

1 Like

For all that want to change keepalive_requests from 10000 to 1000 to mitigate the vulnerability:

sed -i -E 's/(.*keepalive_requests\s{1,})10000;/\11000;/' /etc/nginx/nginx.conf /usr/local/hestia/nginx/conf/nginx.conf
systemctl restart nginx
systemctl restart hestia

Here is a gist that centralizes the most relevant public sources of information related to the HTTP/2 Rapid Reset vulnerability.

1 Like

Thanks for not having to create the sed :slight_smile: