Detections
Analytics

HTTP/2 Cleartext Upgrade Support Detected

info Web App Scanning Plugin ID 114219

Language:

Synopsis

HTTP/2 Cleartext Upgrade Support Detected

Description

The HTTP/2 protocol is usually negotiated over the TLS application layer protocol negotiation extension (TLS-ALPN). A persistent HTTP/2 connection can also be made from a HTTP/1.1 request using the `Upgrade` header with the `h2c` value to specify a cleartext communication. The scanner detected that the target is supporting this H2C connection upgrade. If the target application is deployed on a reverse-proxy architecture, attackers could potentially abuse this feature to bypass reverse-proxy access controls or authentication enforcement.

See Also

https://http2.github.io/faq/

https://httpd.apache.org/docs/trunk/howto/http2.html

Plugin Details

Severity: Info

ID: 114219

Type: remote

Published: 2/27/2024

Updated: 2/27/2024

Scan Template: api, basic, full, pci, scan