Particle.news
Download on the App Store
5 ARTICLES
·
last wk.

HTTP/2 MadeYouReset Flaw Exposes Servers to DoS Attacks

CERT/CC has issued guidance calling for immediate patching ahead of pending vendor updates to address the stealthy HTTP/2 DoS flaw.

MadeYouReset DDoS attack
Image

Overview

  • CERT/CC published Vulnerability Note VU#767506 on August 13 detailing CVE-2025-8671, which was reported by Tel Aviv University researchers and Imperva.
  • MadeYouReset leverages a mismatch between HTTP/2 stream reset semantics and backend processing to trigger unbounded concurrent work on a single connection.
  • Apache Tomcat, F5, Fastly and Varnish have rolled out patches while dozens of other affected vendors are still investigating and preparing fixes.
  • There are no confirmed in-the-wild exploits yet, but experts warn the flaw bypasses Rapid Reset mitigations and can blend with normal traffic.
  • Operators are urged to apply vendor patches, enforce stricter protocol validation and implement connection-level rate controls as interim defenses.