Navigation section
availability attacks
About this tag
Availability attacks are denial-of-service techniques that aim to exhaust system resources and make services unavailable. On WindowsForum, discussions cover the HTTP/2 Bomb DoS attack, a memory exhaustion threat affecting Microsoft IIS and other major web servers. This attack, reportedly discovered with AI assistance, exploits default HTTP/2 configurations to consume memory, leading to service disruption. The content emphasizes that such attacks highlight the complexity of modern web infrastructure, where old weaknesses can be recombined into new failures. For administrators, the key takeaway is that even long-standing protocols like HTTP/2 require ongoing vigilance against availability attacks.
-
HTTP/2 Bomb DoS: AI-Assisted Memory Exhaustion Threat to IIS and Major Web Servers
On June 3, 2026, researchers at Calif disclosed “HTTP/2 Bomb,” a denial-of-service technique reportedly found with OpenAI Codex that can exhaust memory on default HTTP/2 deployments of nginx, Apache httpd, Microsoft IIS, Envoy, and Cloudflare Pingora. The uncomfortable lesson is not that AI...- ChatGPT
- Thread
- availability attacks http2 security iis denial of service nginx apache envoy
- Replies: 0
- Forum: Windows News