Lucene search
RedHatRHSA-2023:5924HistoryOct 19, 2023 - 12:19 p.m.
(RHSA-2023:5924) Important: varnish security update
2023-10-1912:19:57
access.redhat.com
17
varnish cache
http accelerator
ddos vulnerability
cvss score
0.732 High
EPSS
Percentile
98.1%
Varnish Cache is a high-performance HTTP accelerator. It stores web pages in memory so web servers don’t have to create the same web page over and over again, giving the website a significant speed up.
Security Fix(es):
- HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack) (CVE-2023-44487)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| RedHat | 9 | s390x | varnish-devel | < 6.6.2-3.el9_2.1 | varnish-devel-6.6.2-3.el9_2.1.s390x.rpm |
| RedHat | 9 | i686 | varnish | < 6.6.2-3.el9_2.1 | varnish-6.6.2-3.el9_2.1.i686.rpm |
| RedHat | 9 | aarch64 | varnish | < 6.6.2-3.el9_2.1 | varnish-6.6.2-3.el9_2.1.aarch64.rpm |
| RedHat | 9 | x86_64 | varnish-devel | < 6.6.2-3.el9_2.1 | varnish-devel-6.6.2-3.el9_2.1.x86_64.rpm |
| RedHat | 9 | s390x | varnish-docs | < 6.6.2-3.el9_2.1 | varnish-docs-6.6.2-3.el9_2.1.s390x.rpm |
| RedHat | 9 | ppc64le | varnish-devel | < 6.6.2-3.el9_2.1 | varnish-devel-6.6.2-3.el9_2.1.ppc64le.rpm |
| RedHat | 9 | ppc64le | varnish-docs | < 6.6.2-3.el9_2.1 | varnish-docs-6.6.2-3.el9_2.1.ppc64le.rpm |
| RedHat | 9 | x86_64 | varnish | < 6.6.2-3.el9_2.1 | varnish-6.6.2-3.el9_2.1.x86_64.rpm |
| RedHat | 9 | s390x | varnish | < 6.6.2-3.el9_2.1 | varnish-6.6.2-3.el9_2.1.s390x.rpm |
| RedHat | 9 | x86_64 | varnish-docs | < 6.6.2-3.el9_2.1 | varnish-docs-6.6.2-3.el9_2.1.x86_64.rpm |
Related
redhat
redhat
(RHSA-2023:5716) Important: Red Hat Data Grid 8.4.5 security update
2023-10-16 14:21:45
(RHSA-2023:5769) Important: nghttp2 security update
2023-10-17 08:52:38
(RHSA-2023:5713) Moderate: nginx:1.22 security update
2023-10-16 08:06:40
cbl_mariner
cbl_mariner
CVE-2023-44487 affecting package moby-containerd-cc for versions less than 1.7.1-5
2024-02-09 19:07:07
CVE-2023-44487 affecting package vitess for versions less than 16.0.2-5
2024-02-09 19:07:07
CVE-2023-44487 affecting package terraform for versions less than 1.3.2-11
2024-02-09 19:07:07
openvas
openvas
openSUSE: Security Advisory for nodejs10 (SUSE-SU-2023:4295-1)
2024-03-04 00:00:00
Fedora: Security Advisory for mvfst (FEDORA-2023-17efd3f2cd)
2023-10-25 00:00:00
Fedora: Security Advisory for folly (FEDORA-2023-7934802344)
2023-11-05 00:00:00
rocky
rocky
varnish security update
2023-10-24 18:36:42
nodejs security update
2023-10-24 18:36:46
varnish security update
2023-10-24 18:35:47
almalinux
almalinux
Moderate: nginx:1.20 security update
2023-10-16 00:00:00
Important: varnish security update
2023-10-23 00:00:00
Important: nghttp2 security update
2023-10-18 00:00:00
oraclelinux
oraclelinux
.NET 7.0 security update
2023-10-18 00:00:00
nghttp2 security update
2023-10-19 00:00:00
nodejs:16 security update
2023-10-20 00:00:00
osv
osv
BIT-contour-2023-44487
2024-03-06 10:50:58
dotnet8 vulnerability
2023-10-19 15:57:27
github.com/nghttp2/nghttp2 has HTTP/2 Rapid Reset
2023-10-10 18:23:21
ibm
ibm
redos
redos
ROS-20231107-01
2023-11-07 00:00:00
nessus
nessus
RHCOS 4 : OpenShift Container Platform 4.13.23 (RHSA-2023:7325)
2024-01-24 00:00:00
Fortinet Fortigate (FG-IR-23-397)
2024-02-08 00:00:00
RHEL 9 : nodejs (RHSA-2023:5765)
2023-10-17 00:00:00
atlassian
atlassian
fedora
fedora
[SECURITY] Fedora 38 Update: fbthrift-2023.10.16.00-1.fc38
2023-10-24 01:23:49
[SECURITY] Fedora 39 Update: proxygen-2023.10.16.00-1.fc39
2023-11-03 19:01:54
[SECURITY] Fedora 38 Update: wangle-2023.10.16.00-1.fc38
2023-10-24 01:23:49
github
github
HTTP/2 Stream Cancellation Attack
2023-10-10 21:28:24
github.com/nghttp2/nghttp2 has HTTP/2 Rapid Reset
2023-10-10 18:23:21
debian
debian
[SECURITY] [DLA 3617-2] tomcat9 regression update
2023-10-16 22:23:23
[SECURITY] [DLA 3638-1] h2o security update
2023-10-31 14:09:23
amazon
amazon
Important: nghttp2
2023-10-16 13:45:00
veracode
veracode
Denial Of Service (DoS)
2023-10-12 14:37:40
githubexploit
githubexploit
Exploit for Uncontrolled Resource Consumption in Ietf Http
2023-12-11 23:12:03
hivepro
hivepro
Attacks, Vulnerabilities and Actors 9 October to 15 October 2023
2023-10-17 09:10:10
talosblog
talosblog
debiancve
debiancve
CVE-2023-44487
2023-10-10 14:15:10
cisco
cisco
HTTP/2 Rapid Reset Attack Affecting Cisco Products: October 2023
2023-10-16 16:00:00
alpinelinux
alpinelinux
CVE-2023-44487
2023-10-10 14:15:10
impervablog
impervablog
HTTP/2 Rapid Reset Mitigation With Imperva WAF
2024-01-03 14:21:45
cisa_kev
cisa_kev
HTTP/2 Rapid Reset Attack Vulnerability
2023-10-10 00:00:00
nvd
nvd
CVE-2023-44487
2023-10-10 14:15:10
cnvd
cnvd
F5 BIG-IP Denial of Service Vulnerability (CNVD-2023-75597)
2023-10-11 00:00:00