topic HTTP/2 CONTINUATION Flood - Apache Servers are vulnerable in General Topics

HTTP/2 CONTINUATION Flood - Apache Servers are vulnerable

Blason_R — Tue, 09 Apr 2024 12:28:09 GMT

Hi team,

The "CONTINUATION Flood" vulnerability has been recently disclosed on a webserver that supports HTTP/2.0. After conducting a swift verification, it appears that all the Apache server versions used by Check Point are affected by this vulnerability. However, upon verifying the multiportals on R81.10 at least, it was found that it does not support HTTP/2.0, ensuring our safety in this regard.

Since I do not have R81.20 can any one confirm? Or someone from CheckPoint staff can confirm?

This is from R81.10

/web/cpshared/web/Apache/2.2.0/bin/httpd2 -v
Server version: CPWS/2.4.55 (Unix)
Server built: Apr 4 2023 13:08:25

https://nowotarski.info/http2-continuation-flood/

https://www.bleepingcomputer.com/news/security/new-http-2-dos-attack-can-crash-web-servers-with-a-single-connection/

Re: HTTP/2 CONTINUATION Flood - Apache Servers are vulnerable

G_W_Albrecht — Tue, 09 Apr 2024 12:32:53 GMT

# ver
Product version Check Point Gaia R81.20
OS build 627
OS kernel version 3.10.0-1160.15.2cpx86_64
OS edition 64-bit

[Expert]# /web/cpshared/web/Apache/2.2.0/bin/httpd2 -v
Server version: CPWS/2.4.55 (Unix)
Server built: Mar 5 2024 22:51:39

Re: HTTP/2 CONTINUATION Flood - Apache Servers are vulnerable

Blason_R — Tue, 09 Apr 2024 12:34:38 GMT

Ok so R81.20 is from the affected versions as well.

Does it support Http/2.0? This can be found from Chrome -> Developer Tools

Re: HTTP/2 CONTINUATION Flood - Apache Servers are vulnerable

G_W_Albrecht — Tue, 09 Apr 2024 12:39:01 GMT

https://support.checkpoint.com/results/sk/sk180257

Re: HTTP/2 CONTINUATION Flood - Apache Servers are vulnerable

Blason_R — Tue, 09 Apr 2024 12:59:13 GMT

That is great so we are safe here.