7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
0.527 Medium
EPSS
Percentile
97.2%
Today, Google disclosed a zero-day vulnerability in the HTTP/2 protocol. Imperva collaborated proactively with Google to gain advanced insights into this vulnerability.
After a comprehensive inspection of this vulnerability by Imperva’s Product Development and Threat Research teams, we can confirm that Imperva’s existing DDoS mitigation strategies effectively defend this specific attack vector. Our Cloud DDoS and Cloud WAF customers remain secure. Our WAF Gateway customers will soon be notified of a patch to handle this vulnerability.
Going forward, Imperva’s Threat Research team will monitor this vulnerability to prevent potential exploitation. We are committed to releasing patches, updates, and further details as necessary.
Our quick and continued response to threats like HTTP/2 Rapid Reset demonstrates why Imperva is a trusted advisor to our customers. It is also a reminder of the critical value our combination of market-leading products and services provides and our unique impact on the success of our customers’ businesses.
As a member of the security community, Imperva values its collaborations with companies such as Google and Fastly. Our world is more secure when our industry collaborates to tackle complex security challenges.
Additional Resources:
The post Protecting Against HTTP/2 Rapid Reset: CVE-2023-44487 appeared first on Blog.
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
0.527 Medium
EPSS
Percentile
97.2%