It was discovered that the .NET Kestrel web server did not properly handle
HTTP/2 requests. A remote attacker could possibly use this issue to cause a
denial of service.

References

ubuntu.com/security/CVE-2023-44487

ubuntu.com/security/notices/USN-6427-1

rocky 6

almalinux 5

fedora 10

redhat 27

cbl_mariner 21

osv 18

debian 3

openvas 33

amazon 2

redos 2

nessus 45

ibm 8

oraclelinux 4

atlassian 1

veracode 1

github 3

githubexploit 4

ubuntu 2

f5 1

hivepro 1

cloudfoundry 1

freebsd 1

impervablog 1

rocky

varnish security update

2023-10-24 18:36:42

varnish security update

2023-10-24 18:35:47

nodejs security update

2023-10-24 18:36:46

almalinux

Moderate: nginx:1.20 security update

2023-10-16 00:00:00

Important: dotnet6.0 security update

2023-10-16 00:00:00

Important: nghttp2 security update

2023-10-18 00:00:00

fedora

[SECURITY] Fedora 39 Update: proxygen-2023.10.16.00-1.fc39

2023-11-03 19:01:54

[SECURITY] Fedora 38 Update: fbthrift-2023.10.16.00-1.fc38

2023-10-24 01:23:49

[SECURITY] Fedora 38 Update: wangle-2023.10.16.00-1.fc38

2023-10-24 01:23:49

redhat

(RHSA-2023:5712) Moderate: nginx:1.20 security update

2023-10-16 08:06:13

(RHSA-2023:7334) Important: rh-varnish6-varnish security update

2023-11-16 14:38:00

(RHSA-2023:6105) Important: Red Hat JBoss Core Services Apache HTTP Server 2.4.57 SP1 security update

2023-10-26 13:19:00

cbl_mariner

CVE-2023-44487 affecting package moby-containerd-cc for versions less than 1.7.1-5

2024-02-09 19:07:07

CVE-2023-44487 affecting package vitess for versions less than 16.0.2-5

2024-02-09 19:07:07

CVE-2023-44487 affecting package terraform for versions less than 1.3.2-11

2024-02-09 19:07:07

osv

BIT-nginx-ingress-controller-2023-44487

2023-11-06 08:56:48

dotnet8 vulnerability

2023-10-19 15:57:27

github.com/nghttp2/nghttp2 has HTTP/2 Rapid Reset

2023-10-10 18:23:21

debian

[SECURITY] [DLA 3638-1] h2o security update

2023-10-31 14:09:23

[SECURITY] [DLA 3617-2] tomcat9 regression update

2023-10-16 22:23:23

[SECURITY] [DSA 5522-3] tomcat9 regression update

2023-10-16 21:36:38

openvas

Huawei EulerOS: Security Advisory for nghttp2 (EulerOS-SA-2024-1092)

2024-01-09 00:00:00

Huawei EulerOS: Security Advisory for nghttp2 (EulerOS-SA-2024-1365)

2024-03-14 00:00:00

openSUSE: Security Advisory for netty, netty (SUSE-SU-2023:4163-1)

2024-03-04 00:00:00

amazon

Important: nghttp2

2023-10-16 13:45:00

Important: nginx

2023-10-16 13:45:00

redos

ROS-20231107-01

2023-11-07 00:00:00

ROS-20240402-07

2024-04-02 00:00:00

nessus

Fortinet Fortigate (FG-IR-23-397)

2024-02-08 00:00:00

Oracle Linux 9 : varnish (ELSA-2023-5924)

2023-10-24 00:00:00

AlmaLinux 9 : .NET 7.0 (ALSA-2023:5749)

2023-10-17 00:00:00

ibm

Security Bulletin: IBM WebSphere Application Server Liberty, which is bundled with IBM Cloud Pak for Applications, is vulnerable to denial of service due to HTTP/2 Rapid Reset vulnerability (CVE-2023-44487)

2023-11-15 20:45:34

Security Bulletin: IBM Storage Ceph is vulnerable to Uncontrolled Resource Consumption in Grafana (CVE-2023-44487)

2024-01-26 22:15:52

Security Bulletin: IBM Cloud Kubernetes Service is affected by Kubernetes Ingress Controller security vulnerabilities (CVE-2023-44487)

2023-10-26 14:34:53

oraclelinux

.NET 7.0 security update

2023-10-18 00:00:00

dotnet6.0 security update

2023-10-18 00:00:00

dotnet6.0 security update

2023-10-18 00:00:00

atlassian

DoS (Denial of Service) io.netty:netty-codec-http2 in Confluence Data Center and Server

2023-11-03 00:45:12

veracode

Denial Of Service (DoS)

2023-10-12 14:37:40

github

HTTP/2 Stream Cancellation Attack

2023-10-10 21:28:24

io.netty:netty-codec-http2 vulnerable to HTTP/2 Rapid Reset Attack

2023-10-10 22:22:54

github.com/kumahq/kuma affected by CVE-2023-44487

2023-10-17 12:41:55

githubexploit

Exploit for Uncontrolled Resource Consumption in Ietf Http

2023-12-11 23:12:03

Exploit for Uncontrolled Resource Consumption in Ietf Http

2023-10-25 09:11:46

Exploit for Uncontrolled Resource Consumption in Ietf Http

2023-10-16 11:07:50

ubuntu

.NET vulnerability

2023-10-10 00:00:00

nghttp2 vulnerability

2023-11-22 00:00:00

K000137106 : HTTP/2 vulnerability CVE-2023-44487

2023-10-10 00:00:00

hivepro

HTTP2 Zero-Day Exploited for the Most Explosive DDoS Attacks

2023-10-12 08:09:28

cloudfoundry

USN-6505-1: nghttp2 vulnerability | Cloud Foundry

2024-03-18 00:00:00

freebsd

varnish -- HTTP/2 Rapid Reset Attack

2023-11-13 00:00:00

impervablog

Protecting Against HTTP/2 Rapid Reset: CVE-2023-44487

2023-10-10 12:24:39

Solutions

Vulnerabilities intelligence
Perimeter control tool
Linux scanner
Windows scanner
Developers SDK
Security Intelligence feeds

Database

Vulnerabilities
Exploits
Security News
BugBounty
Wild Exploited
Top Vulnerabilities
CVE Feed

Resources

Statics & Sources
Plugins
API docs
FAQ
Blog
Glossary

Company

About
Contacts
Pricing
EULA
Privacy Policy
Submission Policy
OpenSource

@2024 Vulners Inc

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

7.4 High

AI Score

Confidence

Low

0.732 High

EPSS

Percentile

98.1%

JSON

Related for OSV:USN-6427-1