Published on August 15, 2019

This Tuesday, Jonathan Looney, a researcher at Netflix, disclosed seven different ways to break common HTTP/2 protocol implementations, while an eighth issue was disclosed by Piotr Sikora of Google. These issues could be used to exhaust the resources of affected HTTP/2 implementations.

Shortly after the HTTP/2 issues were disclosed, a Rumble user reached out asking if we could help identify HTTP/2 endpoints on their network. We are happy to announce that as of version 0.8.14, the Rumble Agent and Rumble Scanner now probe for HTTP/2 automatically, recording the protocol and the HTTP/2 specific responses (status, headers, body). For users of the Rumble Network Discovery web console, HTTP/2 enabled nodes can be identified by using Inventory search term protocol:http2. Users of the command-line Rumble Scanner can view the assets.html report and search for nodes with the http2 protocol flagged.

HTTP/2 Inventory Search

As an alternative to Rumble, the Nmap Security Scanner can also identify HTTP/2 implementations via the tls-nextprotoneg NSE. The CVEs for the eight HTTP/2 issues are CVE-2019-9511, CVE-2019-9512, CVE-2019-9513, CVE-2019-9514, CVE-2019-9515, CVE-2019-9516, CVE-2019-9517, and CVE-2019-9518. The CERT/CC Wiki provides a matrix of affected vendors, including both software packages and service providers.

As always, if you have questions, feedback, or suggestions please reach out!

Similar Content

Authenticated SNMP v3 Support
Published on November 19, 2019
After announcing v1.1.5 with the new Switch Topology report, quite a few folks wrote in to ask if this feature was available in SNMPv3 environments. As of this evening, the answer is yes. To leverage SNMP v3 credentials in a Rumble scan, set the following options in the Advanced Options section of the Scan Configuration screen. Depending on your environment, these settings may require some tweaking. The standard security levels of NoAuthNoPriv, AuthNoPriv, and AuthPriv map to these options as follows:
Hunting for Network Bridges with Rumble
Published on August 5, 2019
Thanks to the wonderful user feedback from Beta 5, a handful of bug fixes and improvements have been deployed along with a new feature: Network Bridge Detection! The bridge report shows external networks in red, internal networks in green, and multihomed assets that bridge these networks in orange. Zooming in will show asset and subnet details, while clicking a node will take you to the asset page for bridge nodes and to a CIDR-based inventory search for network nodes.
Rumble Network Discovery Beta 5
Published on July 30, 2019
Rumble Two Ways with Beta 5 The last few months have been incredible thanks to our wonderful beta community and their vocal feedback. Quite a few folks asked for a version of Rumble they could use independent of the cloud and Beta 5 delivers it. The Rumble Scanner has undergone a makeover and now handles fingerprinting, asset correlation, and rudimentary reporting, making it far more adaptable for restrictive environments and security consulting.