Lucene search
RedHatRHSA-2023:5766HistoryOct 17, 2023 - 8:49 a.m.
(RHSA-2023:5766) Important: nghttp2 security update
2023-10-1708:49:06
access.redhat.com
37
nghttp2
security update
http/2
rapid reset attack
ddos
cve-2023-44487
red hat
cvss
web servers
0.732 High
EPSS
Percentile
98.1%
nghttp2 contains the Hypertext Transfer Protocol version 2 (HTTP/2) client, server, and proxy programs as well as a library implementing the HTTP/2 protocol in C.
Security Fix(es):
- HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack) (CVE-2023-44487)
A Red Hat Security Bulletin which addresses further details about this flaw is available in the References section.
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| RedHat | 8 | ppc64le | libnghttp2 | < 1.33.0-3.el8_1.2 | libnghttp2-1.33.0-3.el8_1.2.ppc64le.rpm |
| RedHat | 8 | ppc64le | libnghttp2-debuginfo | < 1.33.0-3.el8_1.2 | libnghttp2-debuginfo-1.33.0-3.el8_1.2.ppc64le.rpm |
| RedHat | 8 | x86_64 | libnghttp2-debuginfo | < 1.33.0-3.el8_1.2 | libnghttp2-debuginfo-1.33.0-3.el8_1.2.x86_64.rpm |
| RedHat | 8 | x86_64 | libnghttp2 | < 1.33.0-3.el8_1.2 | libnghttp2-1.33.0-3.el8_1.2.x86_64.rpm |
| RedHat | 8 | i686 | nghttp2-debugsource | < 1.33.0-3.el8_1.2 | nghttp2-debugsource-1.33.0-3.el8_1.2.i686.rpm |
| RedHat | 8 | i686 | libnghttp2-debuginfo | < 1.33.0-3.el8_1.2 | libnghttp2-debuginfo-1.33.0-3.el8_1.2.i686.rpm |
| RedHat | 8 | i686 | nghttp2-debuginfo | < 1.33.0-3.el8_1.2 | nghttp2-debuginfo-1.33.0-3.el8_1.2.i686.rpm |
| RedHat | 8 | i686 | libnghttp2 | < 1.33.0-3.el8_1.2 | libnghttp2-1.33.0-3.el8_1.2.i686.rpm |
| RedHat | 8 | ppc64le | nghttp2-debugsource | < 1.33.0-3.el8_1.2 | nghttp2-debugsource-1.33.0-3.el8_1.2.ppc64le.rpm |
| RedHat | 8 | ppc64le | nghttp2-debuginfo | < 1.33.0-3.el8_1.2 | nghttp2-debuginfo-1.33.0-3.el8_1.2.ppc64le.rpm |
Related
osv
osv
nghttp2 vulnerability
2023-11-22 14:45:49
dotnet6, dotnet7 vulnerability
2023-10-10 18:18:10
github.com/kumahq/kuma affected by CVE-2023-44487
2023-10-17 12:41:55
alpinelinux
alpinelinux
CVE-2023-44487
2023-10-10 14:15:10
nessus
nessus
EulerOS 2.0 SP5 : nginx (EulerOS-SA-2024-1154)
2024-02-08 00:00:00
RHEL 6 : http_2 (Unpatched Vulnerability)
2024-05-11 00:00:00
oraclelinux
oraclelinux
nodejs:16 security update
2023-10-20 00:00:00
nghttp2 security update
2023-11-16 00:00:00
nodejs security update
2023-10-20 00:00:00
fedora
fedora
[SECURITY] Fedora 37 Update: wdt-1.32.1910230^20230711git3b52ef5-2.fc37
2023-10-24 01:13:18
[SECURITY] Fedora 37 Update: mcrouter-0.41.0.20231016-1.fc37
2023-10-24 01:13:18
[SECURITY] Fedora 37 Update: folly-2023.10.16.00-1.fc37
2023-10-24 01:13:18
debiancve
debiancve
CVE-2023-44487
2023-10-10 14:15:10
hivepro
hivepro
Attacks, Vulnerabilities and Actors 9 October to 15 October 2023
2023-10-17 09:10:10
redhat
redhat
(RHSA-2023:5705) Important: rh-dotnet60-dotnet security, bug fix, and enhancement update
2023-10-16 08:00:49
(RHSA-2023:6120) Moderate: nginx:1.22 security update
2023-10-25 15:35:25
(RHSA-2023:5714) Moderate: nginx security update
2023-10-16 08:07:21
rocky
rocky
.NET 7.0 security update
2023-10-24 18:36:50
nghttp2 security update
2023-11-11 23:00:24
varnish security update
2023-10-24 18:36:42
cbl_mariner
cbl_mariner
CVE-2023-44487 affecting package telegraf for versions less than 1.27.3-3
2024-04-17 22:02:46
CVE-2023-44487 affecting package cri-o for versions less than 1.21.7-2
2024-04-30 01:31:53
CVE-2023-44487 affecting package skopeo for versions less than 1.12.0-4
2024-02-25 03:00:06
openvas
openvas
Fedora: Security Advisory for watchman (FEDORA-2023-2a9214af5f)
2023-10-25 00:00:00
Fedora: Security Advisory for wdt (FEDORA-2023-2a9214af5f)
2023-10-25 00:00:00
Fedora: Security Advisory for watchman (FEDORA-2023-17efd3f2cd)
2023-10-25 00:00:00
talosblog
talosblog
almalinux
almalinux
Important: tomcat security update
2023-10-19 00:00:00
Important: nodejs security update
2023-10-17 00:00:00
Important: dotnet7.0 security update
2023-10-16 00:00:00
cisa_kev
cisa_kev
HTTP/2 Rapid Reset Attack Vulnerability
2023-10-10 00:00:00
cnvd
cnvd
F5 BIG-IP Denial of Service Vulnerability (CNVD-2023-75597)
2023-10-11 00:00:00
atlassian
atlassian
debian
debian
[SECURITY] [DLA 3656-1] netty security update
2023-11-19 20:45:02
[SECURITY] [DLA 3638-1] h2o security update
2023-10-31 14:09:23
impervablog
impervablog
HTTP/2 Rapid Reset Mitigation With Imperva WAF
2024-01-03 14:21:45
ibm
ibm
nvd
nvd
CVE-2023-44487
2023-10-10 14:15:10
cgr
cgr
CVE-2023-44487 vulnerabilities
2024-05-19 03:07:16
github
github
github.com/nghttp2/nghttp2 has HTTP/2 Rapid Reset
2023-10-10 18:23:21
cisco
cisco
HTTP/2 Rapid Reset Attack Affecting Cisco Products: October 2023
2023-10-16 16:00:00
redos
redos
ROS-20240503-02
2024-05-03 00:00:00
ROS-20231107-01
2023-11-07 00:00:00
cve
cve
CVE-2023-44487
2023-10-10 14:15:10
githubexploit
githubexploit
Exploit for Uncontrolled Resource Consumption in Ietf Http
2023-10-10 14:20:42
Exploit for Uncontrolled Resource Consumption in Ietf Http
2023-10-11 01:59:47
wolfi
wolfi
CVE-2023-44487 vulnerabilities
2024-06-26 15:33:03
amazon
amazon
Important: nghttp2
2023-10-16 13:45:00