Description
Some HTTP/2 implementations are vulnerable to window size manipulation and stream prioritization manipulation, potentially leading to a denial of service. The attacker requests a large amount of data from a specified resource over multiple streams. They manipulate window size and stream priority to force the server to queue the data in 1-byte chunks. Depending on how efficiently this data is queued, this can consume excess CPU, memory, or both.
Remediation
References
Related Vulnerabilities
SharePoint CVE-2020-1335 Vulnerability (CVE-2020-1335)
WordPress Plugin WP-Cron Dashboard Cross-Site Scripting (1.1.5)
Joomla! Core 2.5.x Clickjacking Vulnerability (2.5.0 - 2.5.7)
PHP Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2015-8393)
WordPress Plugin VideoWhisper Video Presentation 'c_status.php' SQL Injection (1.1)