Lucene search

K
amazonAmazonALAS-2023-1870
HistoryOct 16, 2023 - 1:45 p.m.

Important: nginx

2023-10-1613:45:00
alas.aws.amazon.com
22
nginx
http/2
denial of service
fix
update
cve-2023-44487
red hat
mitre

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS

0.708

Percentile

98.1%

Issue Overview:

The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023. (CVE-2023-44487)

Affected Packages:

nginx

Issue Correction:
Run yum update nginx to update your system.

New Packages:

i686:  
    nginx-mod-stream-1.18.0-1.45.amzn1.i686  
    nginx-1.18.0-1.45.amzn1.i686  
    nginx-mod-http-geoip-1.18.0-1.45.amzn1.i686  
    nginx-mod-http-perl-1.18.0-1.45.amzn1.i686  
    nginx-mod-mail-1.18.0-1.45.amzn1.i686  
    nginx-mod-http-xslt-filter-1.18.0-1.45.amzn1.i686  
    nginx-mod-http-image-filter-1.18.0-1.45.amzn1.i686  
    nginx-all-modules-1.18.0-1.45.amzn1.i686  
    nginx-debuginfo-1.18.0-1.45.amzn1.i686  
  
src:  
    nginx-1.18.0-1.45.amzn1.src  
  
x86_64:  
    nginx-all-modules-1.18.0-1.45.amzn1.x86_64  
    nginx-1.18.0-1.45.amzn1.x86_64  
    nginx-mod-stream-1.18.0-1.45.amzn1.x86_64  
    nginx-mod-http-perl-1.18.0-1.45.amzn1.x86_64  
    nginx-mod-http-geoip-1.18.0-1.45.amzn1.x86_64  
    nginx-mod-mail-1.18.0-1.45.amzn1.x86_64  
    nginx-mod-http-xslt-filter-1.18.0-1.45.amzn1.x86_64  
    nginx-debuginfo-1.18.0-1.45.amzn1.x86_64  
    nginx-mod-http-image-filter-1.18.0-1.45.amzn1.x86_64  

Additional References

Red Hat: CVE-2023-44487

Mitre: CVE-2023-44487

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS

0.708

Percentile

98.1%