The exploit that was publicly announced by Cloudflare, Amazon Web Services (AWS) and Google is called HTTP/2 Rapid Reset. How The HTTP/2 Rapid Reset Vulnerability WorksThe HTTP/2 network protocol has a server setting that allows a set number of requests at any given time. How Bad Is HTTP/2 Rapid Reset? The HTTP/2 Rapid Reset exploit is extraordinarily bad because servers currently have no defense against it. Cloudflare noted that it had blocked a DDOS attack that was 300% larger than the largest ever DDOS attack in history.