The Hacker News

New HTTP/2 Bomb Vulnerability Allows Remote DoS on NGINX, Apache, IIS, Envoy & Cloudflare

HTTP/2 Bomb exploits HPACK and flow control; a single client can hold 32GB memory in 20 seconds, causing server outages.
Computer Weekly

Apache web server users urged to patch immediately

Users of the open source Apache HTTP Server who have updated to recently released version 2.4.49 are being urged to update to 2.4.50 immediately to apply fixes for a newly disclosed zero-day that is ...

OpenAI Codex helps identify HTTP/2 vulnerability affecting major web servers

The DoS attack can strike down a web server in just a few seconds ...
Bleeping Computer

Apache emergency update fixes incomplete patch for exploited bug

Apache Software Foundation has released HTTP Web Server 2.4.51 after researchers discovered that a previous security update didn't correctly fix an actively exploited vulnerability. Apache HTTP Server ...
SecurityWeek

‘HTTP/2 Bomb’ Exploit Knocks Web Servers Offline in Seconds

The HTTP/2 Bomb exploit chains two known denial-of-service (DoS) attack techniques to knock major web servers offline.
Hosted on MSN

The First Thing I Set Up on a New Computer Is a Web Server, Here’s Why

Most computers come with their own web server and, if they don’t, it’s easy to install one. Setting it up can take a bit of work, but it’s well worth it in my opinion. In fact, I don’t consider my ...