https://cybercrime.club/tags/iis/Infrastructure security news for people who build infrastructure.Hugo -- gohugo.ioen-usWed, 03 Jun 2026 23:09:53 -0400https://cybercrime.club/posts/http2-bomb-hpack-flow-control-dos-nginx-apache-iis-envoy-cloudflare/Wed, 03 Jun 2026 23:09:53 -0400https://cybercrime.club/posts/http2-bomb-hpack-flow-control-dos-nginx-apache-iis-envoy-cloudflare/A new HPACK-plus-flow-control DoS lets a home broadband connection hold 32GB of server memory in ~20 seconds. Affects the default HTTP/2 config of every major web server and proxy. NGINX and Apache have fixes; IIS, Envoy and Cloudflare Pingora do not yet.vulnerabilities