Windows servers running Internet Information Services (IIS) are vulnerable to denial-of-service (DoS) attacks carried out through malicious HTTP/2 requests. Attackers can trigger a DoS condition by sending specially crafted HTTP/2 requests, due to which the CPU usage will temporarily spike to 100%.
Denial of service.
Define limits on the number of HTTP/2 settings parameters allowed over a connection. These limits are not preset by vendor and must be defined by system administrator after reviewing the HTTP/2 protocol and their environment requirements.