Addressing the HTTP/2 Rapid Reset Attack Vulnerability

PUBLISHED ON October 10, 2023
LAST UPDATED December 21, 2023

A recent disclosure pinpointed a vulnerability in the HTTP/2 protocol (CVE-2023-44487), which under certain conditions, could lead to a denial-of-service attack targeting platforms implementing the server-side portion of the HTTP/2 specification. The vulnerability arises from the misuse of HTTP/2’s concurrent data stream initiation feature.

Upon learning about this vulnerability, our team at ThreatX conducted a comprehensive examination and confirmed that ThreatX customers are not susceptible to this particular attack. For additional information or further clarification, our Security Operations Center is available at

Read more about the vulnerability:

About the Author

Neil Weitzel

Neil is the Manager of the ThreatX Security Operations Center and is located in Boston, MA. He has 15 years of experience working in various roles, from user support to leading security programs. Neil has profound experience in security architecture and cybersecurity best practices, which helps him provide valuable insight to security teams. Before ThreatX, Neil worked with organizations such as Cognizant as an Application Security Architect, Cigital (now Synopsys) as their Practice Director of Vulnerability Assessments, and EIQ Networks (now Cygilant) as their Director of Security Research. Neil also served as a Cybersecurity Instructor and delivered numerous Security and Defensive Programming courses to various clients such as NASA and PayPal. He is an active member of the security community and has delivered lectures at DEF CON, OWASP and local security meetups. Neil also acts as an adjunct lecturer on Software Engineering at his alma mater, Indiana University.