A denial of service attack can be performed on Varnish Cache servers
that have the HTTP/2 protocol turned on. An attacker can create a large
volume of streams and immediately reset them without ever reaching the
maximum number of concurrent streams allowed for the session, causing
the Varnish server to consume unnecessary resources processing requests
for which the response will not be delivered.

OSVersionArchitecturePackageVersionFilename
FreeBSDanynoarchvarnish7< 7.4.2UNKNOWN
FreeBSDanynoarchvarnish6< 6.6.3UNKNOWN

OS	Version	Architecture	Package	Version	Filename
FreeBSD	any	noarch	varnish7	< 7.4.2	UNKNOWN
FreeBSD	any	noarch	varnish6	< 6.6.3	UNKNOWN

References

varnish-cache.org/security/VSV00013.html

nessus 44

cbl_mariner 26

osv 17

redhat 18

openvas 33

ibm 10

cisa_kev 1

fedora 15

almalinux 6

talosblog 1

impervablog 1

rocky 4

hivepro 1

alpinelinux 1

cnvd 1

debiancve 1

oraclelinux 5

cve 1

wolfi 1

cgr 1

atlassian 2

cisco 1

debian 3

github 1

redos 2

githubexploit 2

amazon 1

nessus

AlmaLinux 9 : dotnet6.0 (ALSA-2023:5708)

2023-10-17 00:00:00

Rocky Linux 9 : varnish (RLSA-2023:5924)

2023-10-24 00:00:00

Oracle Linux 8 : tomcat (ELSA-2023-5928)

2023-10-24 00:00:00

cbl_mariner

CVE-2023-44487 affecting package grpc for versions less than 1.42.0-7

2024-03-21 08:27:20

CVE-2023-44487 affecting package cri-o for versions less than 1.21.7-2

2024-04-30 01:31:53

CVE-2023-44487 affecting package skopeo for versions less than 1.12.0-4

2024-02-25 03:00:06

osv

Important: dotnet6.0 security update

2023-10-24 18:36:50

Important: tomcat security update

2023-10-19 00:00:00

Important: .NET 7.0 security update

2023-10-16 00:00:00

redhat

(RHSA-2023:5714) Moderate: nginx security update

2023-10-16 08:07:21

(RHSA-2023:5802) Important: Migration Toolkit for Runtimes security update

2023-10-17 16:07:11

(RHSA-2023:5989) Important: varnish security update

2023-10-23 08:39:49

openvas

.NET Core HTTP2 Rapid Reset Attack DoS Vulnerability - Windows

2023-10-11 00:00:00

H2O HTTP Server HTTP/2 Protocol DoS Vulnerability (GHSA-2m7v-gc89-fjqf)

2023-10-12 00:00:00

Fedora: Security Advisory for watchman (FEDORA-2023-2a9214af5f)

2023-10-25 00:00:00

ibm

Security Bulletin: IBM Storage Protect is vulnerable to multiple attacks due to http2-server and http2-common (CVE-2023-44487)

2023-12-15 16:30:18

Security Bulletin: IBM Event Endpoint Management is vulnerable to a denial of service in Netty (CVE-2023-44487)

2023-11-29 22:32:14

Security Bulletin: IBM Event Processing contains a vulnerability in Netty (CVE-2023-44487)

2023-11-29 22:33:01

cisa_kev

HTTP/2 Rapid Reset Attack Vulnerability

2023-10-10 00:00:00

fedora

[SECURITY] Fedora 37 Update: cachelib-17^20231016-1.fc37

2023-10-24 01:13:17

[SECURITY] Fedora 37 Update: fb303-2023.10.16.00-1.fc37

2023-10-24 01:13:17

[SECURITY] Fedora 37 Update: wangle-2023.10.16.00-1.fc37

2023-10-24 01:13:18

almalinux

Important: tomcat security update

2023-10-19 00:00:00

Important: nodejs security update

2023-10-17 00:00:00

Moderate: nginx:1.22 security update

2023-10-25 00:00:00

talosblog

Year in Malware 2023: Recapping the major cybersecurity stories of the past year

2023-12-19 13:00:18

impervablog

HTTP/2 Rapid Reset Mitigation With Imperva WAF

2024-01-03 14:21:45

rocky

.NET 7.0 security update

2023-10-24 18:36:50

nghttp2 security update

2023-11-11 23:00:24

varnish security update

2023-10-24 18:36:42

hivepro

Attacks, Vulnerabilities and Actors 9 October to 15 October 2023

2023-10-17 09:10:10

alpinelinux

CVE-2023-44487

2023-10-10 14:15:10

cnvd

F5 BIG-IP Denial of Service Vulnerability (CNVD-2023-75597)

2023-10-11 00:00:00

debiancve

CVE-2023-44487

2023-10-10 14:15:10

oraclelinux

nodejs security update

2023-10-20 00:00:00

nghttp2 security update

2023-11-16 00:00:00

nghttp2 security update

2023-10-19 00:00:00

cve

CVE-2023-44487

2023-10-10 14:15:10

wolfi

CVE-2023-44487 vulnerabilities

2024-05-29 15:13:11

cgr

CVE-2023-44487 vulnerabilities

2024-05-19 03:07:16

atlassian

DoS (Denial of Service) org.apache.tomcat:tomcat-coyote Vulnerability in Crowd Data Center and Server

2023-11-22 06:44:58

DoS (Denial of Service) org.apache.tomcat:tomcat-coyote in Bamboo Data Center and Server

2023-11-10 01:44:55

cisco

HTTP/2 Rapid Reset Attack Affecting Cisco Products: October 2023

2023-10-16 16:00:00

debian

[SECURITY] [DLA 3656-1] netty security update

2023-11-19 20:45:26

[SECURITY] [DLA 3617-2] tomcat9 regression update

2023-10-16 22:23:47

[SECURITY] [DLA 3638-1] h2o security update

2023-10-31 14:09:48

github

github.com/nghttp2/nghttp2 has HTTP/2 Rapid Reset

2023-10-10 18:23:21

redos

ROS-20240503-02

2024-05-03 00:00:00

ROS-20231107-01

2023-11-07 00:00:00

githubexploit

Exploit for Uncontrolled Resource Consumption in Ietf Http

2023-10-10 14:20:42

Exploit for Uncontrolled Resource Consumption in Ietf Http

2023-10-11 01:59:47

amazon

Important: nghttp2

2023-10-16 13:45:00

Solutions

Vulnerabilities intelligence
Perimeter control tool
Linux scanner
Windows scanner
Developers SDK
Security Intelligence feeds

Database

Vulnerabilities
Exploits
Security News
BugBounty
Wild Exploited
Top Vulnerabilities
CVE Feed

Resources

Statics & Sources
Plugins
API docs
FAQ
Blog
Glossary

Company

About
Contacts
Pricing
EULA
Privacy Policy
Submission Policy
OpenSource

@2024 Vulners Inc

7.4 High

AI Score

Confidence

Low

0.72 High

EPSS

Percentile

98.0%

JSON

Related for F25A34B1-910D-11EE-A1A2-641C67A117D8