2017 International Conference on Intelligent Computing and Control (I2C2) 2017
DOI: 10.1109/i2c2.2017.8321787
|View full text |Cite
|
Sign up to set email alerts
|

Man-in-the-middle attack in HTTP/2

Help me understand this report

Search citation statements

Order By: Relevance

Paper Sections

Select...
1
1
1

Citation Types

0
3
0

Year Published

2019
2019
2024
2024

Publication Types

Select...
5
2
1

Relationship

0
8

Authors

Journals

citations
Cited by 13 publications
(3 citation statements)
references
References 6 publications
0
3
0
Order By: Relevance
“…1. Ensure input matches its specification (CWE-20) usage, poses a risk of a man-in-the-middle attack (Patni et al 2017). To mitigate this, a system-level security requirement is necessary, which specifies the use of a secure application layer protocol (Rescorla & Schiffman 1999).…”
Section: Security Requirementsmentioning
confidence: 99%
“…1. Ensure input matches its specification (CWE-20) usage, poses a risk of a man-in-the-middle attack (Patni et al 2017). To mitigate this, a system-level security requirement is necessary, which specifies the use of a secure application layer protocol (Rescorla & Schiffman 1999).…”
Section: Security Requirementsmentioning
confidence: 99%
“…It should be noted here that previous work on web attacks [15,16,17,18,19,20,21] has shown that server implementations are exposed to issues such as URL parsing, which may lead to server-side request forgery (SSRF) or path traversal attacks, and cache poisoning, which can enable an opponent to steal information or mount a remote code execution (RCE) attack. Additionally, works such as [22,23], illustrated different empirical attacks based on TLS vulnerabilities that could lead to MitM attacks. While the aforementioned assaults concern server-side attacks over the HTTP, they are irrelevant of the HTTP protocol version used and they are considered to be out-of-scope of this paper; thus, such attacks are omitted from the analysis that follows.…”
Section: Categories Of Attacks Against Http/2mentioning
confidence: 99%
“…The study in [ 25 ] from 2019 presented a next-generation application DDoS called Multiplexed Asymmetric DDoS Attack, which causes the victim’s processor to overload by exploiting HTTP/2 multiplexing. HTTP/2 can also be exploited for a man-in-the-middle attack via DNS cache poisoning and a spoofed TLS (Transport Layer Security) certificate, as published in [ 26 ].…”
Section: Introductionmentioning
confidence: 99%