Published on August 15, 2019

This Tuesday, Jonathan Looney, a researcher at Netflix, disclosed seven different ways to break common HTTP/2 protocol implementations, while an eighth issue was disclosed by Piotr Sikora of Google. These issues could be used to exhaust the resources of affected HTTP/2 implementations.

Shortly after the HTTP/2 issues were disclosed, a Rumble user reached out asking if we could help identify HTTP/2 endpoints on their network. We are happy to announce that as of version 0.8.14, the Rumble Agent and Rumble Scanner now probe for HTTP/2 automatically, recording the protocol and the HTTP/2 specific responses (status, headers, body). For users of the Rumble Network Discovery web console, HTTP/2 enabled nodes can be identified by using Inventory search term protocol:http2. Users of the command-line Rumble Scanner can view the assets.html report and search for nodes with the http2 protocol flagged.

HTTP/2 Inventory Search

As an alternative to Rumble, the Nmap Security Scanner can also identify HTTP/2 implementations via the tls-nextprotoneg NSE. The CVEs for the eight HTTP/2 issues are CVE-2019-9511, CVE-2019-9512, CVE-2019-9513, CVE-2019-9514, CVE-2019-9515, CVE-2019-9516, CVE-2019-9517, and CVE-2019-9518. The CERT/CC Wiki provides a matrix of affected vendors, including both software packages and service providers.

As always, if you have questions, feedback, or suggestions please reach out!

Similar Content

Rumble Scanner Updates & Data Transparency
Published on January 28, 2020
Data transparancy is one of the key drivers of Rumble development. We do our best to ensure that any data gathered, transmitted, or downloaded is easy to view, import, export, and reprocess. Data generated by the Rumble Agent can be downloaded and reprocessed by the Rumble Scanner. Raw data from the Rumble Scanner can be imported into the Rumble Console. This data is consistently formatted and almost always backwards compatible between versions.
Authenticated SNMP v3 Support
Published on November 19, 2019
After announcing v1.1.5 with the new Switch Topology report, quite a few folks wrote in to ask if this feature was available in SNMPv3 environments. As of this evening, the answer is yes. To leverage SNMP v3 credentials in a Rumble scan, set the following options in the Advanced Options section of the Scan Configuration screen. Depending on your environment, these settings may require some tweaking. The standard security levels of NoAuthNoPriv, AuthNoPriv, and AuthPriv map to these options as follows:
Hunting for Network Bridges with Rumble
Published on August 5, 2019
Thanks to the wonderful user feedback from Beta 5, a handful of bug fixes and improvements have been deployed along with a new feature: Network Bridge Detection! The bridge report shows external networks in red, internal networks in green, and multihomed assets that bridge these networks in orange. Zooming in will show asset and subnet details, while clicking a node will take you to the asset page for bridge nodes and to a CIDR-based inventory search for network nodes.