SECURITY REPORT: ZERO-DAY PATCH
1. VULNERABILITY DETECTION AND PROCESS
The Nywhash Security Team detected a zero-day vulnerability originating from our HTTP/2 protocol processing library on our Edge WAF (Web Application Firewall) layer on October 12, 2023. This vulnerability contained a logic error that could cause attackers to excessively consume server resources (DoS).
2. IMPACT ANALYSIS
In log reviews conducted, it was verified that this vulnerability was not used to access any customer data or for data leakage. The potential impact of the vulnerability remained limited only to service disruption.
3. PATCH IMPLEMENTATION
Within 45 minutes of detecting the vulnerability, a virtual patch was distributed to all Edge Nodes. As of October 14, 2023, the permanent software patch was integrated into the entire infrastructure.
4. ADDITIONAL MEASURES TAKEN
As per our transparency policy, we review all our defense layers again after such critical patches. Nywhash believes that security is not a static state, but a continuous process.