It was discovered that the .NET Kestrel web server did not properly handle
HTTP/2 requests. A remote attacker could possibly use this issue to cause a
denial of service.

References

ubuntu.com/security/CVE-2023-44487

ubuntu.com/security/notices/USN-6427-2

osv 20

alpinelinux 1

nessus 47

oraclelinux 7

fedora 19

debiancve 1

hivepro 1

redhat 16

rocky 5

cbl_mariner 25

openvas 22

talosblog 1

almalinux 4

cisa_kev 1

cnvd 1

githubexploit 2

atlassian 2

debian 1

impervablog 2

ibm 10

nvd 1

cve 1

cgr 1

github 1

cisco 1

wolfi 1

redos 1

ubuntu 2

freebsd 1

f5 1

amazon 1

osv

nghttp2 vulnerability

2023-11-22 14:45:49

dotnet6, dotnet7 vulnerability

2023-10-10 18:18:10

github.com/kumahq/kuma affected by CVE-2023-44487

2023-10-17 12:41:55

alpinelinux

CVE-2023-44487

2023-10-10 14:15:10

nessus

EulerOS 2.0 SP5 : nginx (EulerOS-SA-2024-1154)

2024-02-08 00:00:00

RHEL 6 : http_2 (Unpatched Vulnerability)

2024-05-11 00:00:00

Fedora 40 : cachelib / fb303 / fbthrift / fizz / folly / mcrouter / mvfst / etc (2023-acbee8f31a)

2024-04-29 00:00:00

oraclelinux

nodejs:16 security update

2023-10-20 00:00:00

nghttp2 security update

2023-11-16 00:00:00

nodejs security update

2023-10-20 00:00:00

fedora

[SECURITY] Fedora 37 Update: wdt-1.32.1910230^20230711git3b52ef5-2.fc37

2023-10-24 01:13:18

[SECURITY] Fedora 37 Update: mcrouter-0.41.0.20231016-1.fc37

2023-10-24 01:13:18

[SECURITY] Fedora 37 Update: folly-2023.10.16.00-1.fc37

2023-10-24 01:13:18

debiancve

CVE-2023-44487

2023-10-10 14:15:10

hivepro

Attacks, Vulnerabilities and Actors 9 October to 15 October 2023

2023-10-17 09:10:10

redhat

(RHSA-2023:5705) Important: rh-dotnet60-dotnet security, bug fix, and enhancement update

2023-10-16 08:00:49

(RHSA-2023:6120) Moderate: nginx:1.22 security update

2023-10-25 15:35:25

(RHSA-2023:6030) Important: Red Hat AMQ Streams 2.2.2 release and security update

2023-10-23 14:16:23

rocky

.NET 7.0 security update

2023-10-24 18:36:50

nghttp2 security update

2023-11-11 23:00:24

nodejs:16 security update

2023-10-24 18:36:24

cbl_mariner

CVE-2023-44487 affecting package telegraf for versions less than 1.27.3-3

2024-04-17 22:02:46

CVE-2023-44487 affecting package cri-o for versions less than 1.21.7-2

2024-04-30 01:31:53

CVE-2023-44487 affecting package skopeo for versions less than 1.12.0-4

2024-02-25 03:00:06

openvas

Fedora: Security Advisory for watchman (FEDORA-2023-2a9214af5f)

2023-10-25 00:00:00

Fedora: Security Advisory for wdt (FEDORA-2023-2a9214af5f)

2023-10-25 00:00:00

Fedora: Security Advisory for watchman (FEDORA-2023-17efd3f2cd)

2023-10-25 00:00:00

talosblog

Year in Malware 2023: Recapping the major cybersecurity stories of the past year

2023-12-19 13:00:18

almalinux

Important: tomcat security update

2023-10-19 00:00:00

Important: nodejs security update

2023-10-17 00:00:00

Important: dotnet7.0 security update

2023-10-16 00:00:00

cisa_kev

HTTP/2 Rapid Reset Attack Vulnerability

2023-10-10 00:00:00

cnvd

F5 BIG-IP Denial of Service Vulnerability (CNVD-2023-75597)

2023-10-11 00:00:00

githubexploit

Exploit for Uncontrolled Resource Consumption in Ietf Http

2023-10-11 01:59:47

Exploit for Uncontrolled Resource Consumption in Ietf Http

2023-10-10 14:20:42

atlassian

DoS (Denial of Service) org.apache.tomcat:tomcat-coyote Vulnerability in Crowd Data Center and Server

2023-11-22 06:44:58

DoS (Denial of Service) org.apache.tomcat:tomcat-coyote in Bamboo Data Center and Server

2023-11-10 01:44:55

debian

[SECURITY] [DLA 3656-1] netty security update

2023-11-19 20:45:02

impervablog

HTTP/2 Rapid Reset Mitigation With Imperva WAF

2024-01-03 14:21:45

Protecting Against HTTP/2 Rapid Reset: CVE-2023-44487

2023-10-10 12:24:39

ibm

Security Bulletin: IBM Event Endpoint Management is vulnerable to a denial of service in Netty (CVE-2023-44487)

2023-11-29 22:32:14

Security Bulletin: IBM Event Processing contains a vulnerability in Netty (CVE-2023-44487)

2023-11-29 22:33:01

Security Bulletin: IBM Watson Discovery Cartridge for IBM Cloud Pak for Data affected by vulnerability in Nginx

2023-11-29 14:48:55

nvd

CVE-2023-44487

2023-10-10 14:15:10

cve

CVE-2023-44487

2023-10-10 14:15:10

cgr

CVE-2023-44487 vulnerabilities

2024-05-19 03:07:16

github

github.com/nghttp2/nghttp2 has HTTP/2 Rapid Reset

2023-10-10 18:23:21

cisco

HTTP/2 Rapid Reset Attack Affecting Cisco Products: October 2023

2023-10-16 16:00:00

wolfi

CVE-2023-44487 vulnerabilities

2024-06-26 03:08:30

redos

ROS-20240503-02

2024-05-03 00:00:00

ubuntu

.NET vulnerability

2023-10-10 00:00:00

nghttp2 vulnerability

2023-11-22 00:00:00

freebsd

varnish -- HTTP/2 Rapid Reset Attack

2023-11-13 00:00:00

K000137106 : HTTP/2 vulnerability CVE-2023-44487

2023-10-10 00:00:00

amazon

Important: nginx

2023-10-16 13:45:00

Solutions

Vulnerabilities intelligence
Perimeter control tool
Linux scanner
Windows scanner
Developers SDK
Security Intelligence feeds

Database

Vulnerabilities
Exploits
Security News
BugBounty
Wild Exploited
Top Vulnerabilities
CVE Feed

Resources

Statics & Sources
Plugins
API docs
FAQ
Blog
Glossary

Company

About
Contacts
Pricing
EULA
Privacy Policy
Submission Policy
OpenSource

@2024 Vulners Inc

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

7.8 High

AI Score

Confidence

High

0.732 High

EPSS

Percentile

98.1%

JSON

Related for OSV:USN-6427-2