Google mitigated the largest DDoS attack to date, peaking above 398 million requests per second (rps). The attack used a novel technique called HTTP/2 Rapid Reset based on stream multiplexing. Google coordinated with industry partners to understand the attack mechanics and collaborated on mitigations. The attack vulnerability has been designated as CVE-2023-44487 with a CVSS score of 7.5. Any enterprise or individual serving an HTTP-based workload may be at risk and should apply relevant patches or verify server vulnerability.
Table of contents
Industry coordination and response for CVE-2023-44487Who is susceptible and what to do about itNext stepsSort: