Security Bulletin: IBM Cloud Pak for Data Scheduling is vulnerable to installation denial of service due to grpc ( CVE-2023-44487 )

Summary Grpc is used by IBM Cloud Pak for Data Scheduling as part of the image catalog used for installation. CVE-2023-44487. Vulnerability Details CVEID:CVE-2023-44487 DESCRIPTION: Multiple vendors are vulnerable to a denial of service, caused by a flaw in handling multiplexed streams in the...

Security Bulletin: A denial of service vulnerability in WebSphere Application Server Liberty affects IBM InfoSphere Information Server (CVE-2023-44487)

Summary A denial of service vulnerability in WebSphere Application Server Liberty that is used by IBM InfoSphere Information Server was addressed. Vulnerability Details CVEID:CVE-2023-44487 DESCRIPTION: Multiple vendors are vulnerable to a denial of service, caused by a flaw in handling multiplex...

RHEL 8 : nodejs:16 (RHSA-2024:1444)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:1444 advisory. Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language...

Security Bulletin: Due to the use of IBM WebSphere Liberty, IBM TXSeries for Multiplatforms is vulnerable to a flaw in handling multiplexed streams in the HTTP/2 protocol (CVE-2023-44487).

Summary IBM WebSphere Liberty is used by IBM TXSeries for Multiplatforms to provide a web based administration console CVE-2023-44487. Vulnerability Details CVEID:CVE-2023-44487 DESCRIPTION: Multiple vendors are vulnerable to a denial of service, caused by a flaw in handling multiplexed streams i...

BIT-SOLR-2023-44487

The HTTP/2 protocol allows a denial of service server resource consumption because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023...

BIT-NODE-2023-44487

The HTTP/2 protocol allows a denial of service server resource consumption because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023...

BIT-NGINX-2023-44487

The HTTP/2 protocol allows a denial of service server resource consumption because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023...

BIT-ENVOY-2023-44487

The HTTP/2 protocol allows a denial of service server resource consumption because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023...

Security Bulletin: There is a vulnerability in Asset Data Dictionary used by IBM Maximo Manage application in IBM Maximo Application Suite (CVE-2023-34462 and CVE-2023-44487)

Summary There is a vulnerability in Asset Data Dictionary used by IBM Maximo Manage application in IBM Maximo Application Suite Vulnerability Details CVEID:CVE-2023-34462 DESCRIPTION: Netty is vulnerable to a denial of service, caused by a flaw with allocating up to 16MB of heap for each channel...

Security Bulletin: There is a vulnerability in Asset Data Dictionary used by IBM Maximo Asset Management application (CVE-2023-44487, CVE-2022-41881, CVE-2022-41915, CVE-2021-42550, CVE-2023-34462, CVE-2023-6481 and CVE-2023-6378)

Summary There is a vulnerability in Asset Data Dictionary used by IBM Maximo Asset Management application CVE-2023-44487, CVE-2022-41881, CVE-2022-41915, CVE-2021-42550, CVE-2023-34462, CVE-2023-6481 and CVE-2023-6378 Vulnerability Details CVEID:CVE-2023-44487 DESCRIPTION: Multiple vendors are...

Security Bulletin: Netty-codec-http2 is vulnerable to CVE-2023-44487 used in IBM Maximo Application Suite - Monitor Component

Summary IBM Maximo Application Suite - Monitor Component uses netty-codec-http2 which is vulnerable to CVE-2023-44487. This bulletin identifies the steps to take to address the vulnerability. Vulnerability Details CVEID:CVE-2023-44487 DESCRIPTION: Multiple vendors are vulnerable to a denial of...

OESA-2024-1173 nodejs security update

Node.js is an open-source, cross-platform, JavaScript runtime environment, it executes JavaScript code outside of a browser. Security Fixes: The HTTP/2 protocol allows a denial of service server resource consumption because request cancellation can reset many streams quickly, as exploited in the...

Security Bulletin: Multiple vulnerabilities in IBM WebSphere Application Server Liberty may affect IBM Storage Scale (CVE-2023-46158, CVE-2023-44487)

Summary There are vulnerabilities in IBM WebSphere Application Server Liberty, used by IBM Storage Scale, which could provide weaker than expected security due to improper resource expiration handling. Vulnerability Details CVEID:CVE-2023-46158 DESCRIPTION: IBM WebSphere Application Server Libert...

Fortinet Fortigate CVE-2023-44487 - Rapid Reset HTTP/2 vulnerability (FG-IR-23-397)

The version of Fortigate installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the FG-IR-23-397 advisory. - The HTTP/2 protocol allows a denial of service server resource consumption because request cancellation can reset many...

CentOS 8 : nghttp2 (CESA-2023:5837)

The remote CentOS Linux 8 host has packages installed that are affected by a vulnerability as referenced in the CESA-2023:5837 advisory. - The HTTP/2 protocol allows a denial of service server resource consumption because request cancellation can reset many streams quickly, as exploited in the wi...

EulerOS 2.0 SP5 : nginx (EulerOS-SA-2024-1154)

According to the versions of the nginx packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - The HTTP/2 protocol allows a denial of service server resource consumption because request cancellation can reset many streams quickly, as...

Security Bulletin: IBM PowerVM Novalink is vulnerable because Multiple vendors are vulnerable to a denial of service, caused by a flaw in handling multiplexed streams in the HTTP/2 protocol. (CVE-2023-44487)

Summary IBM PowerVM Novalink is vulnerable because Multiple vendors are vulnerable to a denial of service, caused by a flaw in handling multiplexed streams in the HTTP/2 protocol. By sending numerous HTTP/2 requests and RSTSTREAM frames over multiple streams, a remote attacker could exploit this...

RHCOS 4 : OpenShift Container Platform 4.13.23 (RHSA-2023:7325)

The remote Red Hat Enterprise Linux CoreOS 4 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2023:7325 advisory. - HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack Rapid Reset Attack CVE-2023-44487 Note that Nessus has not test...

RHCOS 4 : OpenShift Container Platform 4.11.54 (RHSA-2023:7481)

The remote Red Hat Enterprise Linux CoreOS 4 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2023:7481 advisory. - HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack Rapid Reset Attack CVE-2023-44487 Note that Nessus has not test...

Security Bulletin: Due to the use of IBM WebSphere Liberty, IBM CICS TX Standard is vulnerable to a flaw in handling multiplexed streams in the HTTP/2 protocol (CVE-2023-44487).

Summary IBM WebSphere Liberty is used by IBM CICS TX Standard to provide a web based administration console CVE-2023-44487. Vulnerability Details CVEID:CVE-2023-44487 DESCRIPTION: Multiple vendors are vulnerable to a denial of service, caused by a flaw in handling multiplexed streams in the HTTP/...