On Tuesday, August 13th at 10 AM Pacific Time (1700UTC), Netflix publicly disclosed a series of vulnerabilities found by Jonathan Looney that impact many implementations of the HTTP2 protocol. A vulnerability found by Piotr Sikora of Google was also released at the same time. Akamai is grateful to the reporters for their work and pre-release coordination. \r\n All of the HTTP2 vulnerabilities referenced above are resource exhaustion vulnerabilities, which would impact the availability of the attacked systems and services, thus not compromising the confidentiality or integrity of the data contained within. Vectors like these have been seen in the past when exploited on other protocols, like HTTP2's predecessor HTTP with the Slowloris and Zero Window connection stressing . \r\n Rather than us going into detail on each of the vulnerabilities, please see the write up provided by Netflix .…