Event JSON
{
"id": "2b7d1dbb3b96cd5e0bdb9a12c214deb07f058dd0d526fe25bc8a5256c9dc925b",
"pubkey": "32e1827635450ebb3c5a7d12c1f8e7b2b514439ac10a67eef3d9fd9c5c68e245",
"created_at": 1780480048,
"kind": 9802,
"tags": [
[
"r",
"https://blog.calif.io/p/codex-discovered-a-hidden-http2-bomb",
"source"
],
[
"client",
"Damus"
]
],
"content": "We’re publishing HTTP/2 Bomb, a remote denial-of-service exploit against most major web servers, including:\n\nnginx\nApache httpd\nMicrosoft IIS\nEnvoy\nCloudflare Pingora\nThe vulnerable behavior exists in each server's default HTTP/2 configuration.\n\nThe attack was discovered by Codex, which chained two techniques known to humans for a decade: a compression bomb and a Slowloris-style hold.",
"sig": "e283e6b28398c599b6ee79f959c0077ab1e2821a5c422e9718b468da51c666a23819007a49f3de59c4f14e8f2ebed7dc0c1656a744a81b4b5f2fa7f9c5643581"
}