HTTP/2 Bomb: DoS Vulnerability in NGINX, Apache, and IIS Threatens Production Servers5. June 2026CybersecurityThe HTTP/2 Bomb combines metadata amplification with Slowloris tactics to enable massive DoS attacks without threshold limitations, as the protocol specification insufficiently controls memory. Share on: