Lucene search
RedHatRHSA-2023:6114HistoryOct 25, 2023 - 2:51 p.m.
(RHSA-2023:6114) Important: Red Hat support for Spring Boot 2.7.17 security update
2023-10-2514:51:57
access.redhat.com
26
red hat support
spring boot 2.7.17
openshift
containerized platform
undertow
http/2
ddos attack
rapid reset attack
cve-2023-44487
apache-johnzon
bigdecimal
cve-2023-33008
cvss score
security bulletin
0.732 High
EPSS
Percentile
98.1%
Red Hat support for Spring Boot provides an application platform that reduces the complexity of developing and operating applications (monoliths and microservices) for OpenShift as a containerized platform.
This release of Red Hat support for Spring Boot 2.7.17 serves as a replacement for Red Hat support for Spring Boot 2.7.16, and includes security, bug fixes and enhancements. For more information, see the release notes linked in the References section.
Security Fix(es):
- undertow: HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack) (CVE-2023-44487)
A Red Hat Security Bulletin which addresses further details about the Rapid Reset flaw is available in the References section.
- apache-johnzon: Prevent inefficient internal conversion from BigDecimal at large scale (CVE-2023-33008)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Related
veracode
veracode
Denial Of Service (DoS)
2023-07-13 14:53:12
cve
cve
CVE-2023-33008
2023-07-07 10:15:09
ibm
ibm
Security Bulletin: IBM Datapower Operations Dashboard to a denial of service caused by an unsafe deserialization flaw
2024-02-07 17:18:36
prion
prion
Deserialization of untrusted data
2023-07-07 10:15:00
redhatcve
redhatcve
CVE-2023-33008
2023-08-11 19:48:54
cnvd
cnvd
Apache Johnzon Denial of Service Vulnerability
2023-07-11 00:00:00
osv
osv
CVE-2023-33008
2023-07-07 10:15:09
Apache Johnzon Deserialization of Untrusted Data vulnerability
2023-07-07 12:30:22
nghttp2 - security update
2023-12-01 00:00:00
cvelist
cvelist
nvd
nvd
CVE-2023-33008
2023-07-07 10:15:09
github
github
Apache Johnzon Deserialization of Untrusted Data vulnerability
2023-07-07 12:30:22
github.com/kumahq/kuma affected by CVE-2023-44487
2023-10-17 12:41:55
io.netty:netty-codec-http2 vulnerable to HTTP/2 Rapid Reset Attack
2023-10-10 22:22:54
redhat
redhat
(RHSA-2023:5707) Important: dotnet6.0 security update
2023-10-16 08:02:12
(RHSA-2023:5803) Important: nodejs:16 security update
2023-10-17 16:18:02
fedora
fedora
[SECURITY] Fedora 37 Update: fbthrift-2023.10.16.00-1.fc37
2023-10-24 01:13:17
[SECURITY] Fedora 37 Update: proxygen-2023.10.16.00-1.fc37
2023-10-24 01:13:18
[SECURITY] Fedora 38 Update: wdt-1.32.1910230^20230711git3b52ef5-2.fc38
2023-10-24 01:23:50
cbl_mariner
cbl_mariner
CVE-2023-44487 affecting package rook for versions less than 1.6.2-14
2024-02-14 17:05:34
CVE-2023-44487 affecting package cri-tools for versions less than 1.28.0-2
2024-06-12 22:23:00
CVE-2023-44487 affecting package cf-cli for versions less than 8.4.0-13
2024-02-14 17:05:34
freebsd
freebsd
varnish -- HTTP/2 Rapid Reset Attack
2023-11-13 00:00:00
oraclelinux
oraclelinux
dotnet6.0 security update
2023-10-18 00:00:00
dotnet6.0 security update
2023-10-18 00:00:00
tomcat security update
2023-10-23 00:00:00
openvas
openvas
Fedora: Security Advisory for fbthrift (FEDORA-2023-17efd3f2cd)
2023-10-25 00:00:00
Fedora: Security Advisory for nghttp2 (FEDORA-2023-ed2642fd58)
2023-10-16 00:00:00
Fedora: Security Advisory for nghttp2 (FEDORA-2023-b2c50535cb)
2023-10-29 00:00:00
ubuntu
ubuntu
.NET vulnerability
2023-10-10 00:00:00
nghttp2 vulnerability
2023-11-22 00:00:00
impervablog
impervablog
Protecting Against HTTP/2 Rapid Reset: CVE-2023-44487
2023-10-10 12:24:39
rocky
rocky
tomcat security update
2023-10-24 18:35:47
dotnet6.0 security update
2023-10-24 18:36:50
nodejs:16 security update
2023-10-24 18:36:24
nessus
nessus
RHEL 8 : nghttp2 (RHSA-2023:5769)
2023-10-17 00:00:00
RHEL 8 : nghttp2 (RHSA-2023:5837)
2023-10-18 00:00:00
RHEL 8 : tomcat (RHSA-2023:5928)
2023-10-19 00:00:00
cloudfoundry
cloudfoundry
USN-6505-1: nghttp2 vulnerability | Cloud Foundry
2024-03-18 00:00:00
f5
f5
K000137106 : HTTP/2 vulnerability CVE-2023-44487
2023-10-10 00:00:00
githubexploit
githubexploit
Exploit for Uncontrolled Resource Consumption in Ietf Http
2023-10-25 09:11:46
Exploit for Uncontrolled Resource Consumption in Ietf Http
2023-10-16 11:07:50
Exploit for Uncontrolled Resource Consumption in Ietf Http
2023-11-10 08:38:51
hivepro
hivepro
HTTP2 Zero-Day Exploited for the Most Explosive DDoS Attacks
2023-10-12 08:09:28
amazon
amazon
Important: nginx
2023-10-16 13:45:00
Important: nghttp2
2023-10-16 13:45:00
redos
redos
ROS-20240402-07
2024-04-02 00:00:00
ROS-20231107-01
2023-11-07 00:00:00
debian
debian
[SECURITY] [DSA 5522-3] tomcat9 regression update
2023-10-16 21:36:38
[SECURITY] [DLA 3617-2] tomcat9 regression update
2023-10-16 22:23:23
[SECURITY] [DLA 3638-1] h2o security update
2023-10-31 14:09:23
almalinux
almalinux
Important: nghttp2 security update
2023-10-18 00:00:00
Important: varnish security update
2023-10-23 00:00:00
Important: dotnet6.0 security update
2023-10-16 00:00:00