#HTTP/2
4 stories taggedHTTP/2.

Citrix Patches Six NetScaler Flaws, Including HTTP/2 Bomb DoS and a CitrixBleed Echo
Citrix is pushing customers to patch NetScaler after disclosing six vulnerabilities — among them a denial-of-service vector exploiting HTTP/2 frame handling and a high-severity information disclosure bug drawing uncomfortable comparisons to last year's CitrixBleed.

HTTP/2 Bomb: A Decade-Old Compression Trick Finally Gets a CVE
A chained HPACK attack lets small packets force runaway memory allocation on nginx, Apache, IIS, Envoy, and Cloudflare's Pingora. Patches are partial. Exposure is wide.

HTTP/2 Default Configs Leave Web Servers Open to Compression-Bomb, Slowloris Combo Attack
A chained exploit targeting HTTP/2's default settings can take servers offline in seconds — no patch issued yet for the underlying configuration exposure.

HTTP/2 Bomb: Default Configs in NGINX, Apache, IIS, Envoy and Pingora Open Door to Remote DoS
A chained protocol abuse discovered by OpenAI Codex and disclosed by Calif knocks over five of the most widely deployed web servers in their out-of-the-box state.