Closed
Description
Hi. Brought this up on IRC, but I think there should be some public record of it as well.
How well does Varnish handle the Rapid Reset attack?
Consensus seems to be that some new rate limiting should be added to Varnish.
Links:
- https://ubuntu.com/security/CVE-2023-44487
- https://blog.qualys.com/vulnerabilities-threat-research/2023/10/10/cve-2023-44487-http-2-rapid-reset-attack
Related fixes:
Metadata
Metadata
Assignees
Labels
No labels