In an analysis of five separate manufacturers' web servers running on the new HTTP/2 protocol, cybersecurity firm Imperva found that all five were vulnerable to at least one of four high-profile denial-of-service vulnerabilities. The company announced its findings at Black Hat, where SCMagazine.com caught up with Imperva's director of security research Itsik Mantin.
According to Mantin, it's not uncommon for technology manufacturers to experience some bumps in the road while adopting brand new protocols, but such unfortunate developments must not deter their progress.
Imperva's researchers studied server implementations from Apache, Microsoft, NGINX, Jetty and nghttp2. For more details, watch the video.