cR0w@cR0w@infosec.exchange
Check your HTTP/2 shit. Similar to the Rapid Reset vuln, this is another DoS in HTTP/2 they're calling Made You Reset.
https://www.imperva.com/blog/madeyoureset-turning-http-2-server-against-itself/
Patches in NGINX, Envoy, Apache, and HAProxy added thresholds for stream resets and behavioral analytics to flag clients abusing the protocol.Tomcat also has an advisory for it:
https://lists.apache.org/thread/9ydfg0xr0tchmglcprhxgwhj0hfwxlyf
The MadeYouReset vulnerability was found to affect several widely used HTTP/2 server implementations, including Netty, Jetty, Apache Tomcat, IBM WebSphere, and BIG-IP.https://deepness-lab.org/publications/madeyoureset/
cR0w@cR0w@infosec.exchange
Here's the Netty advisory for this:
https://github.com/netty/netty/security/advisories/GHSA-prj3-ccx8-p6x4