Lucene search

[email protected]NVD:CVE-2023-44487

HistoryOct 10, 2023 - 2:15 p.m.

CVE-2023-44487

2023-10-1014:15:10

CWE-400

[email protected]

web.nvd.nist.gov

http/2 protocol

denial of service

server resource consumption

request cancellation

stream reset

exploitation

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

7.9 High

AI Score

Confidence

High

0.732 High

EPSS

Percentile

98.1%

JSON

The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.

Affected configurations

NVD

Node

ietfhttpMatch2.0

Node

nghttp2nghttp2Range<1.57.0

Node

nettynettyRange<4.1.100

Node

envoyproxyenvoyMatch1.24.10

envoyproxyenvoyMatch1.25.9

envoyproxyenvoyMatch1.26.4

envoyproxyenvoyMatch1.27.0

Node

eclipsejettyRange<9.4.53

eclipsejettyRange10.0.0–10.0.17

eclipsejettyRange11.0.0–11.0.17

eclipsejettyRange12.0.0–12.0.2

Node

caddyservercaddyRange<2.7.5

Node

golanggoRange<1.20.10

golanggoRange1.21.0–1.21.3

golanghttp2Range<0.17.0go

golangnetworkingRange<0.17.0go

Node

f5big-ip_access_policy_managerRange13.1.0–13.1.5

f5big-ip_access_policy_managerRange14.1.0–14.1.5

f5big-ip_access_policy_managerRange15.1.0–15.1.10

f5big-ip_access_policy_managerRange16.1.0–16.1.4

f5big-ip_access_policy_managerMatch17.1.0

f5big-ip_advanced_firewall_managerRange13.1.0–13.1.5

f5big-ip_advanced_firewall_managerRange14.1.0–14.1.5

f5big-ip_advanced_firewall_managerRange15.1.0–15.1.10

f5big-ip_advanced_firewall_managerRange16.1.0–16.1.4

f5big-ip_advanced_firewall_managerMatch17.1.0

f5big-ip_advanced_web_application_firewallRange13.1.0–13.1.5

f5big-ip_advanced_web_application_firewallRange14.1.0–14.1.5

f5big-ip_advanced_web_application_firewallRange15.1.0–15.1.10

f5big-ip_advanced_web_application_firewallRange16.1.0–16.1.4

f5big-ip_advanced_web_application_firewallMatch17.1.0

f5big-ip_analyticsRange13.1.0–13.1.5

f5big-ip_analyticsRange14.1.0–14.1.5

f5big-ip_analyticsRange15.1.0–15.1.10

f5big-ip_analyticsRange16.1.0–16.1.4

f5big-ip_analyticsMatch17.1.0

f5big-ip_application_acceleration_managerRange13.1.0–13.1.5

f5big-ip_application_acceleration_managerRange14.1.0–14.1.5

f5big-ip_application_acceleration_managerRange15.1.0–15.1.10

f5big-ip_application_acceleration_managerRange16.1.0–16.1.4

f5big-ip_application_acceleration_managerMatch17.1.0

f5big-ip_application_security_managerRange13.1.0–13.1.5

f5big-ip_application_security_managerRange14.1.0–14.1.5

f5big-ip_application_security_managerRange15.1.0–15.1.10

f5big-ip_application_security_managerRange16.1.0–16.1.4

f5big-ip_application_security_managerMatch17.1.0

f5big-ip_application_visibility_and_reportingRange13.1.0–13.1.5

f5big-ip_application_visibility_and_reportingRange14.1.0–14.1.5

f5big-ip_application_visibility_and_reportingRange15.1.0–15.1.10

f5big-ip_application_visibility_and_reportingRange16.1.0–16.1.4

f5big-ip_application_visibility_and_reportingMatch17.1.0

f5big-ip_carrier-grade_natRange13.1.0–13.1.5

f5big-ip_carrier-grade_natRange14.1.0–14.1.5

f5big-ip_carrier-grade_natRange15.1.0–15.1.10

f5big-ip_carrier-grade_natRange16.1.0–16.1.4

f5big-ip_carrier-grade_natMatch17.1.0

f5big-ip_ddos_hybrid_defenderRange13.1.0–13.1.5

f5big-ip_ddos_hybrid_defenderRange14.1.0–14.1.5

f5big-ip_ddos_hybrid_defenderRange15.1.0–15.1.10

f5big-ip_ddos_hybrid_defenderRange16.1.0–16.1.4

f5big-ip_ddos_hybrid_defenderMatch17.1.0

f5big-ip_domain_name_systemRange13.1.0–13.1.5

f5big-ip_domain_name_systemRange14.1.0–14.1.5

f5big-ip_domain_name_systemRange15.1.0–15.1.10

f5big-ip_domain_name_systemRange16.1.0–16.1.4

f5big-ip_domain_name_systemMatch17.1.0

f5big-ip_fraud_protection_serviceRange13.1.0–13.1.5

f5big-ip_fraud_protection_serviceRange14.1.0–14.1.5

f5big-ip_fraud_protection_serviceRange15.1.0–15.1.10

f5big-ip_fraud_protection_serviceRange16.1.0–16.1.4

f5big-ip_fraud_protection_serviceMatch17.1.0

f5big-ip_global_traffic_managerRange13.1.0–13.1.5

f5big-ip_global_traffic_managerRange14.1.0–14.1.5

f5big-ip_global_traffic_managerRange15.1.0–15.1.10

f5big-ip_global_traffic_managerRange16.1.0–16.1.4

f5big-ip_global_traffic_managerMatch17.1.0

f5big-ip_link_controllerRange13.1.0–13.1.5

f5big-ip_link_controllerRange14.1.0–14.1.5

f5big-ip_link_controllerRange15.1.0–15.1.10

f5big-ip_link_controllerRange16.1.0–16.1.4

f5big-ip_link_controllerMatch17.1.0

f5big-ip_local_traffic_managerRange13.1.0–13.1.5

f5big-ip_local_traffic_managerRange14.1.0–14.1.5

f5big-ip_local_traffic_managerRange15.1.0–15.1.10

f5big-ip_local_traffic_managerRange16.1.0–16.1.4

f5big-ip_local_traffic_managerMatch17.1.0

f5big-ip_nextMatch20.0.1

f5big-ip_next_service_proxy_for_kubernetesRange1.5.0–1.8.2

f5big-ip_policy_enforcement_managerRange13.1.0–13.1.5

f5big-ip_policy_enforcement_managerRange14.1.0–14.1.5

f5big-ip_policy_enforcement_managerRange15.1.0–15.1.10

f5big-ip_policy_enforcement_managerRange16.1.0–16.1.4

f5big-ip_policy_enforcement_managerMatch17.1.0

f5big-ip_ssl_orchestratorRange13.1.0–13.1.5

f5big-ip_ssl_orchestratorRange14.1.0–14.1.5

f5big-ip_ssl_orchestratorRange15.1.0–15.1.10

f5big-ip_ssl_orchestratorRange16.1.0–16.1.4

f5big-ip_ssl_orchestratorMatch17.1.0

f5big-ip_webacceleratorRange13.1.0–13.1.5

f5big-ip_webacceleratorRange14.1.0–14.1.5

f5big-ip_webacceleratorRange15.1.0–15.1.10

f5big-ip_webacceleratorRange16.1.0–16.1.4

f5big-ip_webacceleratorMatch17.1.0

f5big-ip_websafeRange13.1.0–13.1.5

f5big-ip_websafeRange14.1.0–14.1.5

f5big-ip_websafeRange15.1.0–15.1.10

f5big-ip_websafeRange16.1.0–16.1.4

f5big-ip_websafeMatch17.1.0

f5nginxRange1.9.5–1.25.2

f5nginx_ingress_controllerRange2.0.0–2.4.2

f5nginx_ingress_controllerRange3.0.0–3.3.0

f5nginx_plusRanger25–r29

f5nginx_plusMatchr29-

f5nginx_plusMatchr30-

Node

apachetomcatRange8.5.0–8.5.93

apachetomcatRange9.0.0–9.0.80

apachetomcatRange10.1.0–10.1.13

apachetomcatMatch11.0.0milestone1

apachetomcatMatch11.0.0milestone10

apachetomcatMatch11.0.0milestone11

apachetomcatMatch11.0.0milestone2

apachetomcatMatch11.0.0milestone3

apachetomcatMatch11.0.0milestone4

apachetomcatMatch11.0.0milestone5

apachetomcatMatch11.0.0milestone6

apachetomcatMatch11.0.0milestone7

apachetomcatMatch11.0.0milestone8

apachetomcatMatch11.0.0milestone9

Node

appleswiftnio_http\/2Range<1.28.0swift

Node

grpcgrpcRange<1.56.3go

grpcgrpcRange≤1.59.2-

grpcgrpcRange1.58.0–1.58.3go

grpcgrpcMatch1.57.0-go

Node

microsoft.netRange6.0.0–6.0.23

microsoft.netRange7.0.0–7.0.12

microsoftasp.net_coreRange6.0.0–6.0.23

microsoftasp.net_coreRange7.0.0–7.0.12

microsoftazure_kubernetes_serviceRange<2023-10-08

microsoftvisual_studio_2022Range17.0–17.2.20

microsoftvisual_studio_2022Range17.4–17.4.12

microsoftvisual_studio_2022Range17.6–17.6.8

microsoftvisual_studio_2022Range17.7–17.7.5

microsoftwindows_10_1607Range<10.0.14393.6351x64

microsoftwindows_10_1607Range<10.0.14393.6351x86

microsoftwindows_10_1809Range<10.0.17763.4974

microsoftwindows_10_21h2Range<10.0.19044.3570

microsoftwindows_10_22h2Range<10.0.19045.3570

microsoftwindows_11_21h2Range<10.0.22000.2538

microsoftwindows_11_22h2Range<10.0.22621.2428

microsoftwindows_server_2016Match-

microsoftwindows_server_2019Match-

microsoftwindows_server_2022Match-

Node

nodejsnode.jsRange18.0.0–18.18.2lts

nodejsnode.jsRange20.0.0–20.8.1

Node

microsoftcbl-marinerRange<2023-10-11

Node

denah2oRange<2023-10-10

Node

facebookproxygenRange<2023.10.16.00

Node

apacheapisixRange<3.6.1

apachetraffic_serverRange8.0.0–8.1.9

apachetraffic_serverRange9.0.0–9.2.3

Node

amazonopensearch_data_prepperRange<2.5.0

Node

debiandebian_linuxMatch10.0

debiandebian_linuxMatch11.0

debiandebian_linuxMatch12.0

Node

kazu-yamamotohttp2Range<4.2.2

Node

istioistioRange<1.17.6

istioistioRange1.18.0–1.18.3

istioistioRange1.19.0–1.19.1

Node

varnish_cache_projectvarnish_cacheRange<2023-10-10

Node

traefiktraefikRange<2.10.5

traefiktraefikMatch3.0.0beta1

traefiktraefikMatch3.0.0beta2

traefiktraefikMatch3.0.0beta3

Node

projectcontourcontourRange<2023-10-11kubernetes

Node

linkerdlinkerdRange2.12.0–2.12.5stablekubernetes

linkerdlinkerdMatch2.13.0stablekubernetes

linkerdlinkerdMatch2.13.1stablekubernetes

linkerdlinkerdMatch2.14.0stablekubernetes

linkerdlinkerdMatch2.14.1stablekubernetes

Node

linecorparmeriaRange<1.26.0

Node

redhat3scale_api_management_platformMatch2.0

redhatadvanced_cluster_management_for_kubernetesMatch2.0

redhatadvanced_cluster_securityMatch3.0

redhatadvanced_cluster_securityMatch4.0

redhatansible_automation_platformMatch2.0

redhatbuild_of_optaplannerMatch8.0

redhatbuild_of_quarkusMatch-

redhatceph_storageMatch5.0

redhatcert-manager_operator_for_red_hat_openshiftMatch-

redhatcertification_for_red_hat_enterprise_linuxMatch8.0

redhatcertification_for_red_hat_enterprise_linuxMatch9.0

redhatcost_managementMatch-

redhatcryostatMatch2.0

redhatdecision_managerMatch7.0

redhatfence_agents_remediation_operatorMatch-

redhatintegration_camel_for_spring_bootMatch-

redhatintegration_camel_kMatch-

redhatintegration_service_registryMatch-

redhatjboss_a-mqMatch7

redhatjboss_a-mq_streamsMatch-

redhatjboss_core_servicesMatch-

redhatjboss_data_gridMatch7.0.0

redhatjboss_enterprise_application_platformMatch6.0.0

redhatjboss_enterprise_application_platformMatch7.0.0

redhatjboss_fuseMatch6.0.0

redhatjboss_fuseMatch7.0.0

redhatlogging_subsystem_for_red_hat_openshiftMatch-

redhatmachine_deletion_remediation_operatorMatch-

redhatmigration_toolkit_for_applicationsMatch6.0

redhatmigration_toolkit_for_containersMatch-

redhatmigration_toolkit_for_virtualizationMatch-

redhatnetwork_observability_operatorMatch-

redhatnode_healthcheck_operatorMatch-

redhatnode_maintenance_operatorMatch-

redhatopenshiftMatch-aws

redhatopenshift_api_for_data_protectionMatch-

redhatopenshift_container_platformMatch4.0

redhatopenshift_container_platform_assisted_installerMatch-

redhatopenshift_data_scienceMatch-

redhatopenshift_dev_spacesMatch-

redhatopenshift_developer_tools_and_servicesMatch-

redhatopenshift_distributed_tracingMatch-

redhatopenshift_gitopsMatch-

redhatopenshift_pipelinesMatch-

redhatopenshift_sandboxed_containersMatch-

redhatopenshift_secondary_scheduler_operatorMatch-

redhatopenshift_serverlessMatch-

redhatopenshift_service_meshMatch2.0

redhatopenshift_virtualizationMatch4

redhatopenstack_platformMatch16.1

redhatopenstack_platformMatch16.2

redhatopenstack_platformMatch17.1

redhatprocess_automationMatch7.0

redhatquayMatch3.0.0

redhatrun_once_duration_override_operatorMatch-

redhatsatelliteMatch6.0

redhatself_node_remediation_operatorMatch-

redhatservice_interconnectMatch1.0

redhatsingle_sign-onMatch7.0

redhatsupport_for_spring_bootMatch-

redhatweb_terminalMatch-

redhatenterprise_linuxMatch6.0

redhatenterprise_linuxMatch8.0

redhatenterprise_linuxMatch9.0

Node

redhatservice_telemetry_frameworkMatch1.5

AND

redhatenterprise_linuxMatch8.0

Node

fedoraprojectfedoraMatch37

fedoraprojectfedoraMatch38

Node

netappastra_control_centerMatch-

Node

akkahttp_serverRange<10.5.3

Node

konghqkong_gatewayRange<3.4.2enterprise

Node

jenkinsjenkinsRange≤2.414.2lts

jenkinsjenkinsRange≤2.427-

Node

apachesolrRange<9.4.0

Node

openrestyopenrestyRange<1.21.4.3

Node

ciscoconnected_mobile_experiencesRange<11.1

ciscocrosswork_data_gatewayRange<4.1.3

ciscocrosswork_data_gatewayMatch5.0

ciscocrosswork_zero_touch_provisioningRange<6.0.0

ciscodata_center_network_managerMatch-

ciscoenterprise_chat_and_emailMatch-

ciscoexpresswayRange<x14.3.3

ciscofirepower_threat_defenseRange<7.4.2

ciscoiot_field_network_directorRange<4.11.0

ciscoprime_access_registrarRange<9.3.3

ciscoprime_cable_provisioningRange<7.2.1

ciscoprime_infrastructureRange<3.10.4

ciscoprime_network_registrarRange<11.2

ciscosecure_dynamic_attributes_connectorRange<2.2.0

ciscosecure_malware_analyticsRange<2.19.2

ciscotelepresence_video_communication_serverRange<x14.3.3

ciscoultra_cloud_core_-_policy_control_functionRange<2024.01.0

ciscoultra_cloud_core_-_policy_control_functionMatch2024.01.0

ciscoultra_cloud_core_-_serving_gateway_functionRange<2024.02.0

ciscoultra_cloud_core_-_session_management_functionRange<2024.02.0

ciscounified_attendant_console_advancedMatch-

ciscounified_contact_center_domain_managerMatch-

ciscounified_contact_center_enterpriseMatch-

ciscounified_contact_center_enterprise_-_live_data_serverRange<12.6.2

ciscounified_contact_center_management_portalMatch-

ciscofog_directorRange<1.22

ciscoios_xeRange<17.15.1

ciscoios_xrRange<7.11.2

Node

ciscosecure_web_appliance_firmwareRange<15.1.0

AND

ciscosecure_web_applianceMatch-

Node

cisconx-osRange<10.2\(7\)

cisconx-osRange10.3\(1\)–10.3\(5\)

AND

cisconexus_3016Match-

cisconexus_3016qMatch-

cisconexus_3048Match-

cisconexus_3064Match-

cisconexus_3064-32tMatch-

cisconexus_3064-tMatch-

cisconexus_3064-xMatch-

cisconexus_3064tMatch-

cisconexus_3064xMatch-

cisconexus_3100Match-

cisconexus_3100-vMatch-

cisconexus_3100-zMatch-

cisconexus_3100vMatch-

cisconexus_31108pc-vMatch-

cisconexus_31108pv-vMatch-

cisconexus_31108tc-vMatch-

cisconexus_31128pqMatch-

cisconexus_3132c-zMatch-

cisconexus_3132qMatch-

cisconexus_3132q-vMatch-

cisconexus_3132q-xMatch-

cisconexus_3132q-x\/3132q-xlMatch-

cisconexus_3132q-xlMatch-

cisconexus_3164qMatch-

cisconexus_3172Match-

cisconexus_3172pqMatch-

cisconexus_3172pq-xlMatch-

cisconexus_3172pq\/pq-xlMatch-

cisconexus_3172tqMatch-

cisconexus_3172tq-32tMatch-

cisconexus_3172tq-xlMatch-

cisconexus_3200Match-

cisconexus_3232Match-

cisconexus_3232cMatch-

cisconexus_3232c_Match-

cisconexus_3264c-eMatch-

cisconexus_3264qMatch-

cisconexus_3400Match-

cisconexus_3408-sMatch-

cisconexus_34180ycMatch-

cisconexus_34200yc-smMatch-

cisconexus_3432d-sMatch-

cisconexus_3464cMatch-

cisconexus_3500Match-

cisconexus_3524Match-

cisconexus_3524-xMatch-

cisconexus_3524-x\/xlMatch-

cisconexus_3524-xlMatch-

cisconexus_3548Match-

cisconexus_3548-xMatch-

cisconexus_3548-x\/xlMatch-

cisconexus_3548-xlMatch-

cisconexus_3600Match-

cisconexus_36180yc-rMatch-

cisconexus_3636c-rMatch-

Node

cisconx-osRange<10.2\(7\)

cisconx-osRange10.3\(1\)–10.3\(5\)

AND

cisconexus_9000vMatch-

cisconexus_9200Match-

cisconexus_9200ycMatch-

cisconexus_92160yc-xMatch-

cisconexus_92160yc_switchMatch-

cisconexus_9221cMatch-

cisconexus_92300ycMatch-

cisconexus_92300yc_switchMatch-

cisconexus_92304qcMatch-

cisconexus_92304qc_switchMatch-

cisconexus_9232eMatch-

cisconexus_92348gc-xMatch-

cisconexus_9236cMatch-

cisconexus_9236c_switchMatch-

cisconexus_9272qMatch-

cisconexus_9272q_switchMatch-

cisconexus_9300Match-

cisconexus_93108tc-exMatch-

cisconexus_93108tc-ex-24Match-

cisconexus_93108tc-ex_switchMatch-

cisconexus_93108tc-fxMatch-

cisconexus_93108tc-fx-24Match-

cisconexus_93108tc-fx3hMatch-

cisconexus_93108tc-fx3pMatch-

cisconexus_93120txMatch-

cisconexus_93120tx_switchMatch-

cisconexus_93128Match-

cisconexus_93128txMatch-

cisconexus_93128tx_switchMatch-

cisconexus_9316d-gxMatch-

cisconexus_93180lc-exMatch-

cisconexus_93180lc-ex_switchMatch-

cisconexus_93180tc-exMatch-

cisconexus_93180yc-exMatch-

cisconexus_93180yc-ex-24Match-

cisconexus_93180yc-ex_switchMatch-

cisconexus_93180yc-fxMatch-

cisconexus_93180yc-fx-24Match-

cisconexus_93180yc-fx3Match-

cisconexus_93180yc-fx3hMatch-

cisconexus_93180yc-fx3sMatch-

cisconexus_93216tc-fx2Match-

cisconexus_93240tc-fx2Match-

cisconexus_93240yc-fx2Match-

cisconexus_9332cMatch-

cisconexus_9332d-gx2bMatch-

cisconexus_9332d-h2rMatch-

cisconexus_9332pqMatch-

cisconexus_9332pq_switchMatch-

cisconexus_93360yc-fx2Match-

cisconexus_9336c-fx2Match-

cisconexus_9336c-fx2-eMatch-

cisconexus_9336pqMatch-

cisconexus_9336pq_aciMatch-

cisconexus_9336pq_aci_spineMatch-

cisconexus_9336pq_aci_spine_switchMatch-

cisconexus_9348d-gx2aMatch-

cisconexus_9348gc-fx3Match-

cisconexus_9348gc-fxpMatch-

cisconexus_93600cd-gxMatch-

cisconexus_9364cMatch-

cisconexus_9364c-gxMatch-

cisconexus_9364d-gx2aMatch-

cisconexus_9372pxMatch-

cisconexus_9372px-eMatch-

cisconexus_9372px-e_switchMatch-

cisconexus_9372px_switchMatch-

cisconexus_9372txMatch-

cisconexus_9372tx-eMatch-

cisconexus_9372tx-e_switchMatch-

cisconexus_9372tx_switchMatch-

cisconexus_9396pxMatch-

cisconexus_9396px_switchMatch-

cisconexus_9396txMatch-

cisconexus_9396tx_switchMatch-

cisconexus_9408Match-

cisconexus_9432pqMatch-

cisconexus_9500Match-

cisconexus_9500_16-slotMatch-

cisconexus_9500_4-slotMatch-

cisconexus_9500_8-slotMatch-

cisconexus_9500_supervisor_aMatch-

cisconexus_9500_supervisor_a\+Match-

cisconexus_9500_supervisor_bMatch-

cisconexus_9500_supervisor_b\+Match-

cisconexus_9500rMatch-

cisconexus_9504Match-

cisconexus_9504_switchMatch-

cisconexus_9508Match-

cisconexus_9508_switchMatch-

cisconexus_9516Match-

cisconexus_9516_switchMatch-

cisconexus_9536pqMatch-

cisconexus_9636pqMatch-

cisconexus_9716d-gxMatch-

cisconexus_9736pqMatch-

cisconexus_9800Match-

cisconexus_9804Match-

cisconexus_9808Match-

References

www.openwall.com/lists/oss-security/2023/10/13/4

www.openwall.com/lists/oss-security/2023/10/13/9

www.openwall.com/lists/oss-security/2023/10/18/4

www.openwall.com/lists/oss-security/2023/10/18/8

www.openwall.com/lists/oss-security/2023/10/19/6

www.openwall.com/lists/oss-security/2023/10/20/8

access.redhat.com/security/cve/cve-2023-44487

arstechnica.com/security/2023/10/how-ddosers-used-the-http-2-protocol-to-deliver-attacks-of-unprecedented-size/

aws.amazon.com/security/security-bulletins/AWS-2023-011/

blog.cloudflare.com/technical-breakdown-http2-rapid-reset-ddos-attack/

blog.cloudflare.com/zero-day-rapid-reset-http2-record-breaking-ddos-attack/

blog.litespeedtech.com/2023/10/11/rapid-reset-http-2-vulnerablilty/

blog.qualys.com/vulnerabilities-threat-research/2023/10/10/cve-2023-44487-http-2-rapid-reset-attack

blog.vespa.ai/cve-2023-44487/

bugzilla.proxmox.com/show_bug.cgi?id=4988

bugzilla.redhat.com/show_bug.cgi?id=2242803

bugzilla.suse.com/show_bug.cgi?id=1216123

cgit.freebsd.org/ports/commit/?id=c64c329c2c1752f46b73e3e6ce9f4329be6629f9

cloud.google.com/blog/products/identity-security/google-cloud-mitigated-largest-ddos-attack-peaking-above-398-million-rps/

cloud.google.com/blog/products/identity-security/how-it-works-the-novel-http2-rapid-reset-ddos-attack

community.traefik.io/t/is-traefik-vulnerable-to-cve-2023-44487/20125

discuss.hashicorp.com/t/hcsec-2023-32-vault-consul-and-boundary-affected-by-http-2-rapid-reset-denial-of-service-vulnerability-cve-2023-44487/59715

edg.io/lp/blog/resets-leaks-ddos-and-the-tale-of-a-hidden-cve

forums.swift.org/t/swift-nio-http2-security-update-cve-2023-44487-http-2-dos/67764

gist.github.com/adulau/7c2bfb8e9cdbe4b35a5e131c66a0c088

github.com/advisories/GHSA-qppj-fm5r-hxr3

github.com/advisories/GHSA-vx74-f528-fxqg

github.com/advisories/GHSA-xpw8-rcwv-8f8p

github.com/akka/akka-http/issues/4323

github.com/alibaba/tengine/issues/1872

github.com/apache/apisix/issues/10320

github.com/apache/httpd-site/pull/10

github.com/apache/httpd/blob/afcdbeebbff4b0c50ea26cdd16e178c0d1f24152/modules/http2/h2_mplx.c#L1101-L1113

github.com/apache/tomcat/tree/main/java/org/apache/coyote/http2

github.com/apache/trafficserver/pull/10564

github.com/arkrwn/PoC/tree/main/CVE-2023-44487

github.com/Azure/AKS/issues/3947

github.com/bcdannyboy/CVE-2023-44487

github.com/caddyserver/caddy/issues/5877

github.com/caddyserver/caddy/releases/tag/v2.7.5

github.com/dotnet/announcements/issues/277

github.com/dotnet/core/blob/e4613450ea0da7fd2fc6b61dfb2c1c1dec1ce9ec/release-notes/6.0/6.0.23/6.0.23.md?plain=1#L73

github.com/eclipse/jetty.project/issues/10679

github.com/envoyproxy/envoy/pull/30055

github.com/etcd-io/etcd/issues/16740

github.com/facebook/proxygen/pull/466

github.com/golang/go/issues/63417

github.com/grpc/grpc-go/pull/6703

github.com/h2o/h2o/pull/3291

github.com/h2o/h2o/security/advisories/GHSA-2m7v-gc89-fjqf

github.com/haproxy/haproxy/issues/2312

github.com/icing/mod_h2/blob/0a864782af0a942aa2ad4ed960a6b32cd35bcf0a/mod_http2/README.md?plain=1#L239-L244

github.com/junkurihara/rust-rpxy/issues/97

github.com/kazu-yamamoto/http2/commit/f61d41a502bd0f60eb24e1ce14edc7b6df6722a1

github.com/kazu-yamamoto/http2/issues/93

github.com/Kong/kong/discussions/11741

github.com/kubernetes/kubernetes/pull/121120

github.com/line/armeria/pull/5232

github.com/linkerd/website/pull/1695/commits/4b9c6836471bc8270ab48aae6fd2181bc73fd632

github.com/micrictor/http2-rst-stream

github.com/microsoft/CBL-Mariner/pull/6381

github.com/netty/netty/commit/58f75f665aa81a8cbcf6ffa74820042a285c5e61

github.com/nghttp2/nghttp2/pull/1961

github.com/nghttp2/nghttp2/releases/tag/v1.57.0

github.com/ninenines/cowboy/issues/1615

github.com/nodejs/node/pull/50121

github.com/openresty/openresty/issues/930

github.com/opensearch-project/data-prepper/issues/3474

github.com/oqtane/oqtane.framework/discussions/3367

github.com/projectcontour/contour/pull/5826

github.com/tempesta-tech/tempesta/issues/1986

github.com/varnishcache/varnish-cache/issues/3996

groups.google.com/g/golang-announce/c/iNNxDTCjZvo

istio.io/latest/news/security/istio-security-2023-004/

linkerd.io/2023/10/12/linkerd-cve-2023-44487/

lists.apache.org/thread/5py8h42mxfsn8l1wy6o41xwhsjlsd87q

lists.debian.org/debian-lts-announce/2023/10/msg00020.html

lists.debian.org/debian-lts-announce/2023/10/msg00023.html

lists.debian.org/debian-lts-announce/2023/10/msg00024.html

lists.debian.org/debian-lts-announce/2023/10/msg00045.html

lists.debian.org/debian-lts-announce/2023/10/msg00047.html

lists.debian.org/debian-lts-announce/2023/11/msg00001.html

lists.debian.org/debian-lts-announce/2023/11/msg00012.html

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2MBEPPC36UBVOZZNAXFHKLFGSLCMN5LI/

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3N4NJ7FR4X4FPZUGNTQAPSTVB2HB2Y4A/

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BFQD3KUEMFBHPAPBGLWQC34L4OWL5HAZ/

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CLB4TW7KALB3EEQWNWCN7OUIWWVWWCG2/

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/E72T67UPDRXHIDLO3OROR25YAMN4GGW5/

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FNA62Q767CFAFHBCDKYNPBMZWB7TWYVU/

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HT7T2R4MQKLIF4ODV4BDLPARWFPCJ5CZ/

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JIZSEFC3YKCGABA2BZW6ZJRMDZJMB7PJ/

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JMEXY22BFG5Q64HQCM5CK2Q7KDKVV4TY/

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KSEGD2IWKNUO3DWY4KQGUQM5BISRWHQE/

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LKYHSZQFDNR7RSA7LHVLLIAQMVYCUGBG/

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LNMZJCDHGLJJLXO4OXWJMTVQRNWOC7UL/

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VHUHTSXLXGXS7JYKBXTA3VINUPHTNGVU/

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VSRDIV77HNKUSM7SJC5BKE5JSHLHU2NK/

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WE2I52RHNNU42PX6NZ2RBUHSFFJ2LVZX/

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WLPRQ5TWUQQXYWBJM7ECYDAIL2YVKIUH/

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X6QXN4ORIVF6XBW4WWFE7VNPVC74S45Y/

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XFOIBB4YFICHDM7IBOP7PWXW3FX4HLL2/

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZB43REMKRQR62NJEI7I5NQ4FSXNLBKRT/

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZKQSIKIAT5TJ3WSLU3RDBQ35YX4GY4V3/

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZLU6U2R2IC2K64NDPNMV55AUAO65MAF4/

lists.w3.org/Archives/Public/ietf-http-wg/2023OctDec/0025.html

mailman.nginx.org/pipermail/nginx-devel/2023-October/S36Q5HBXR7CAIMPLLPRSSSYR4PCMWILK.html

martinthomson.github.io/h2-stream-limits/draft-thomson-httpbis-h2-stream-limits.html

msrc.microsoft.com/blog/2023/10/microsoft-response-to-distributed-denial-of-service-ddos-attacks-against-http/2/

msrc.microsoft.com/update-guide/vulnerability/CVE-2023-44487

my.f5.com/manage/s/article/K000137106

netty.io/news/2023/10/10/4-1-100-Final.html

news.ycombinator.com/item?id=37830987

news.ycombinator.com/item?id=37830998

news.ycombinator.com/item?id=37831062

news.ycombinator.com/item?id=37837043

openssf.org/blog/2023/10/10/http-2-rapid-reset-vulnerability-highlights-need-for-rapid-response/

seanmonstar.com/post/730794151136935936/hyper-http2-rapid-reset-unaffected

security.gentoo.org/glsa/202311-09

security.netapp.com/advisory/ntap-20231016-0001/

security.netapp.com/advisory/ntap-20240426-0007/

security.netapp.com/advisory/ntap-20240621-0006/

security.netapp.com/advisory/ntap-20240621-0007/

security.paloaltonetworks.com/CVE-2023-44487

tomcat.apache.org/security-10.html#Fixed_in_Apache_Tomcat_10.1.14

ubuntu.com/security/CVE-2023-44487

www.bleepingcomputer.com/news/security/new-http-2-rapid-reset-zero-day-attack-breaks-ddos-records/

www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487

www.darkreading.com/cloud/internet-wide-zero-day-bug-fuels-largest-ever-ddos-event

www.debian.org/security/2023/dsa-5521

www.debian.org/security/2023/dsa-5522

www.debian.org/security/2023/dsa-5540

www.debian.org/security/2023/dsa-5549

www.debian.org/security/2023/dsa-5558

www.debian.org/security/2023/dsa-5570

www.haproxy.com/blog/haproxy-is-not-affected-by-the-http-2-rapid-reset-attack-cve-2023-44487

www.netlify.com/blog/netlify-successfully-mitigates-cve-2023-44487/

www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/

www.openwall.com/lists/oss-security/2023/10/10/6

www.phoronix.com/news/HTTP2-Rapid-Reset-Attack

www.theregister.com/2023/10/10/http2_rapid_reset_zeroday/

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

7.9 High

AI Score

Confidence

High

0.732 High

EPSS

Percentile

98.1%

JSON

Related for NVD:CVE-2023-44487

redhat27 rocky6 fedora10 almalinux5 cbl_mariner21 osv19 debian3 openvas33 amazon2 redos1 nessus45 githubexploit4 oraclelinux4 atlassian1 github3 ibm8 veracode1 freebsd1 ubuntu2 impervablog1 f51 hivepro1 cloudfoundry1