TF 0259 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
Web App uses the latest HTTP version
| Property | Value |
|---|---|
| Language |  |
| Severity |  |
| Service | appservice |
| Provider | Azure |
Description
The web application is configured to use an outdated HTTP version by not enabling HTTP/2 support in the Azure App Service resource. This prevents the app from benefiting from improved security features and protocol enhancements available in newer HTTP versions.
Impact
Running on an older HTTP version exposes the application to known vulnerabilities and lacks protections present in HTTP/2, increasing the risk of attacks such as protocol downgrade, interception, or performance degradation, which can compromise data integrity and service reliability.
Resolution
Use the latest version of HTTP