The AutoRABIT Response to the Rapid Reset Vulnerability
In October 2023, a denial-of-service (DoS) vulnerability in HTTP/2 protocol vulnerability was discovered. The vulnerability (CVE-2023-44487), known as Rapid Reset, has been exploited in the wild in August 2023 through October 2023.
You can find more details on the Rapid Reset vulnerability here.
Has AutoRABIT Been Impacted?
Our service provider (AWS) has implemented precautionary measures to mitigate this vulnerability. Additionally, we have completed a full audit of all our infrastructure to ensure further measures to mitigate any potential impacts are in place.
Actions Taken as part of our Defense Strategy
Audit of infrastructure environment to confirm the following is in place:
- Layer 7 traffic blocked
- Layer 7 DDoS protection with SSL decryption
- Confirm that all OS and patches are up to date (outside of regular maintenance cadence)Review/specific mitigation of any existing HTTP/2 and HTTP/3 servers
- AutoRABIT has existing DDoS protection in place
As precaution we advise all our clients to review their controls regarding this vulnerability in their environment as well.