A client might overload the server by issue frequent RST frames. This can cause a massive amount of load on the remote system and so cause a DDOS attack.
Impact
This is a DDOS attack, any http2 server is affected and so you should update as soon as possible.
Patches
This is patched in version 4.1.100.Final.
Workarounds
A user can limit the amount of RST frames that are accepted per connection over a timeframe manually using either an own Http2FrameListener implementation or an ChannelInboundHandler implementation (depending which http2 API is used).
References
A client might overload the server by issue frequent RST frames. This can cause a massive amount of load on the remote system and so cause a DDOS attack.
Impact
This is a DDOS attack, any http2 server is affected and so you should update as soon as possible.
Patches
This is patched in version 4.1.100.Final.
Workarounds
A user can limit the amount of RST frames that are accepted per connection over a timeframe manually using either an own
Http2FrameListenerimplementation or anChannelInboundHandlerimplementation (depending which http2 API is used).References