CVE-2023-44487

Warnung

Medienbericht

Exploit

EPSS 94.44%
Veröffentlicht 10.10.2023 14:15:10
Zuletzt bearbeitet 11.06.2025 17:29:54
Quelle cve@mitre.org
Teams Watchlist Login
Unerledigt Login

The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.

Betroffene Produkte Warnungen 1 Metriken 3 CWE 1 Referenzen 169

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Ietf ≫ Http Version2.0

Nghttp2 ≫ Nghttp2 Version < 1.57.0

Netty ≫ Netty Version < 4.1.100

Envoyproxy ≫ Envoy Version1.24.10

Envoyproxy ≫ Envoy Version1.25.9

Envoyproxy ≫ Envoy Version1.26.4

Envoyproxy ≫ Envoy Version1.27.0

Eclipse ≫ Jetty Version < 9.4.53

Eclipse ≫ Jetty Version >= 10.0.0 < 10.0.17

Eclipse ≫ Jetty Version >= 11.0.0 < 11.0.17

Eclipse ≫ Jetty Version >= 12.0.0 < 12.0.2

Caddyserver ≫ Caddy Version < 2.7.5

Golang ≫ Go Version < 1.20.10

Golang ≫ Go Version >= 1.21.0 < 1.21.3

Golang ≫ Http2 SwPlatformgo Version < 0.17.0

Golang ≫ Networking SwPlatformgo Version < 0.17.0

F5 ≫ Big-ip Access Policy Manager Version >= 13.1.0 <= 13.1.5

F5 ≫ Big-ip Access Policy Manager Version >= 14.1.0 <= 14.1.5

F5 ≫ Big-ip Access Policy Manager Version >= 15.1.0 <= 15.1.10

F5 ≫ Big-ip Access Policy Manager Version >= 16.1.0 <= 16.1.4

F5 ≫ Big-ip Access Policy Manager Version17.1.0

F5 ≫ Big-ip Advanced Firewall Manager Version >= 13.1.0 <= 13.1.5

F5 ≫ Big-ip Advanced Firewall Manager Version >= 14.1.0 <= 14.1.5

F5 ≫ Big-ip Advanced Firewall Manager Version >= 15.1.0 <= 15.1.10

F5 ≫ Big-ip Advanced Firewall Manager Version >= 16.1.0 <= 16.1.4

F5 ≫ Big-ip Advanced Firewall Manager Version17.1.0

F5 ≫ Big-ip Advanced Web Application Firewall Version >= 13.1.0 <= 13.1.5

F5 ≫ Big-ip Advanced Web Application Firewall Version >= 14.1.0 <= 14.1.5

F5 ≫ Big-ip Advanced Web Application Firewall Version >= 15.1.0 <= 15.1.10

F5 ≫ Big-ip Advanced Web Application Firewall Version >= 16.1.0 <= 16.1.4

F5 ≫ Big-ip Advanced Web Application Firewall Version17.1.0

F5 ≫ Big-ip Analytics Version >= 13.1.0 <= 13.1.5

F5 ≫ Big-ip Analytics Version >= 14.1.0 <= 14.1.5

F5 ≫ Big-ip Analytics Version >= 15.1.0 <= 15.1.10

F5 ≫ Big-ip Analytics Version >= 16.1.0 <= 16.1.4

F5 ≫ Big-ip Analytics Version17.1.0

F5 ≫ Big-ip Application Acceleration Manager Version >= 13.1.0 <= 13.1.5

F5 ≫ Big-ip Application Acceleration Manager Version >= 14.1.0 <= 14.1.5

F5 ≫ Big-ip Application Acceleration Manager Version >= 15.1.0 <= 15.1.10

F5 ≫ Big-ip Application Acceleration Manager Version >= 16.1.0 <= 16.1.4

F5 ≫ Big-ip Application Acceleration Manager Version17.1.0

F5 ≫ Big-ip Application Security Manager Version >= 13.1.0 <= 13.1.5

F5 ≫ Big-ip Application Security Manager Version >= 14.1.0 <= 14.1.5

F5 ≫ Big-ip Application Security Manager Version >= 15.1.0 <= 15.1.10

F5 ≫ Big-ip Application Security Manager Version >= 16.1.0 <= 16.1.4

F5 ≫ Big-ip Application Security Manager Version17.1.0

F5 ≫ Big-ip Application Visibility And Reporting Version >= 13.1.0 <= 13.1.5

F5 ≫ Big-ip Application Visibility And Reporting Version >= 14.1.0 <= 14.1.5

F5 ≫ Big-ip Application Visibility And Reporting Version >= 15.1.0 <= 15.1.10

F5 ≫ Big-ip Application Visibility And Reporting Version >= 16.1.0 <= 16.1.4

F5 ≫ Big-ip Application Visibility And Reporting Version17.1.0

F5 ≫ Big-ip Carrier-grade Nat Version >= 13.1.0 <= 13.1.5

F5 ≫ Big-ip Carrier-grade Nat Version >= 14.1.0 <= 14.1.5

F5 ≫ Big-ip Carrier-grade Nat Version >= 15.1.0 <= 15.1.10

F5 ≫ Big-ip Carrier-grade Nat Version >= 16.1.0 <= 16.1.4

F5 ≫ Big-ip Carrier-grade Nat Version17.1.0

F5 ≫ Big-ip Ddos Hybrid Defender Version >= 13.1.0 <= 13.1.5

F5 ≫ Big-ip Ddos Hybrid Defender Version >= 14.1.0 <= 14.1.5

F5 ≫ Big-ip Ddos Hybrid Defender Version >= 15.1.0 <= 15.1.10

F5 ≫ Big-ip Ddos Hybrid Defender Version >= 16.1.0 <= 16.1.4

F5 ≫ Big-ip Ddos Hybrid Defender Version17.1.0

F5 ≫ Big-ip Domain Name System Version >= 13.1.0 <= 13.1.5

F5 ≫ Big-ip Domain Name System Version >= 14.1.0 <= 14.1.5

F5 ≫ Big-ip Domain Name System Version >= 15.1.0 <= 15.1.10

F5 ≫ Big-ip Domain Name System Version >= 16.1.0 <= 16.1.4

F5 ≫ Big-ip Domain Name System Version17.1.0

F5 ≫ Big-ip Fraud Protection Service Version >= 13.1.0 <= 13.1.5

F5 ≫ Big-ip Fraud Protection Service Version >= 14.1.0 <= 14.1.5

F5 ≫ Big-ip Fraud Protection Service Version >= 15.1.0 <= 15.1.10

F5 ≫ Big-ip Fraud Protection Service Version >= 16.1.0 <= 16.1.4

F5 ≫ Big-ip Fraud Protection Service Version17.1.0

F5 ≫ Big-ip Global Traffic Manager Version >= 13.1.0 <= 13.1.5

F5 ≫ Big-ip Global Traffic Manager Version >= 14.1.0 <= 14.1.5

F5 ≫ Big-ip Global Traffic Manager Version >= 15.1.0 <= 15.1.10

F5 ≫ Big-ip Global Traffic Manager Version >= 16.1.0 <= 16.1.4

F5 ≫ Big-ip Global Traffic Manager Version17.1.0

F5 ≫ Big-ip Link Controller Version >= 13.1.0 <= 13.1.5

F5 ≫ Big-ip Link Controller Version >= 14.1.0 <= 14.1.5

F5 ≫ Big-ip Link Controller Version >= 15.1.0 <= 15.1.10

F5 ≫ Big-ip Link Controller Version >= 16.1.0 <= 16.1.4

F5 ≫ Big-ip Link Controller Version17.1.0

F5 ≫ Big-ip Local Traffic Manager Version >= 13.1.0 <= 13.1.5

F5 ≫ Big-ip Local Traffic Manager Version >= 14.1.0 <= 14.1.5

F5 ≫ Big-ip Local Traffic Manager Version >= 15.1.0 <= 15.1.10

F5 ≫ Big-ip Local Traffic Manager Version >= 16.1.0 <= 16.1.4

F5 ≫ Big-ip Local Traffic Manager Version17.1.0

F5 ≫ Big-ip Next Version20.0.1

F5 ≫ Big-ip Next Service Proxy For Kubernetes Version >= 1.5.0 <= 1.8.2

F5 ≫ Big-ip Policy Enforcement Manager Version >= 13.1.0 <= 13.1.5

F5 ≫ Big-ip Policy Enforcement Manager Version >= 14.1.0 <= 14.1.5

F5 ≫ Big-ip Policy Enforcement Manager Version >= 15.1.0 <= 15.1.10

F5 ≫ Big-ip Policy Enforcement Manager Version >= 16.1.0 <= 16.1.4

F5 ≫ Big-ip Policy Enforcement Manager Version17.1.0

F5 ≫ Big-ip Ssl Orchestrator Version >= 13.1.0 <= 13.1.5

F5 ≫ Big-ip Ssl Orchestrator Version >= 14.1.0 <= 14.1.5

F5 ≫ Big-ip Ssl Orchestrator Version >= 15.1.0 <= 15.1.10

F5 ≫ Big-ip Ssl Orchestrator Version >= 16.1.0 <= 16.1.4

F5 ≫ Big-ip Ssl Orchestrator Version17.1.0

F5 ≫ Big-ip Webaccelerator Version >= 13.1.0 <= 13.1.5

F5 ≫ Big-ip Webaccelerator Version >= 14.1.0 <= 14.1.5

F5 ≫ Big-ip Webaccelerator Version >= 15.1.0 <= 15.1.10

F5 ≫ Big-ip Webaccelerator Version >= 16.1.0 <= 16.1.4

F5 ≫ Big-ip Webaccelerator Version17.1.0

F5 ≫ Big-ip Websafe Version >= 13.1.0 <= 13.1.5

F5 ≫ Big-ip Websafe Version >= 14.1.0 <= 14.1.5

F5 ≫ Big-ip Websafe Version >= 15.1.0 <= 15.1.10

F5 ≫ Big-ip Websafe Version >= 16.1.0 <= 16.1.4

F5 ≫ Big-ip Websafe Version17.1.0

F5 ≫ Nginx Version >= 1.9.5 <= 1.25.2

F5 ≫ Nginx Ingress Controller Version >= 2.0.0 <= 2.4.2

F5 ≫ Nginx Ingress Controller Version >= 3.0.0 <= 3.3.0

F5 ≫ Nginx Plus Version >= r25 < r29

F5 ≫ Nginx Plus Versionr29 Update-

F5 ≫ Nginx Plus Versionr30 Update-

Apache ≫ Tomcat Version >= 8.5.0 <= 8.5.93

Apache ≫ Tomcat Version >= 9.0.0 <= 9.0.80

Apache ≫ Tomcat Version >= 10.1.0 <= 10.1.13

Apache ≫ Tomcat Version11.0.0 Updatemilestone1

Apache ≫ Tomcat Version11.0.0 Updatemilestone10

Apache ≫ Tomcat Version11.0.0 Updatemilestone11

Apache ≫ Tomcat Version11.0.0 Updatemilestone2

Apache ≫ Tomcat Version11.0.0 Updatemilestone3

Apache ≫ Tomcat Version11.0.0 Updatemilestone4

Apache ≫ Tomcat Version11.0.0 Updatemilestone5

Apache ≫ Tomcat Version11.0.0 Updatemilestone6

Apache ≫ Tomcat Version11.0.0 Updatemilestone7

Apache ≫ Tomcat Version11.0.0 Updatemilestone8

Apache ≫ Tomcat Version11.0.0 Updatemilestone9

Grpc ≫ Grpc SwPlatformgo Version < 1.56.3

Grpc ≫ Grpc SwPlatform- Version <= 1.59.2

Grpc ≫ Grpc SwPlatformgo Version >= 1.58.0 < 1.58.3

Grpc ≫ Grpc Version1.57.0 Update- SwPlatformgo

Microsoft ≫ .Net Version >= 6.0.0 < 6.0.23

Microsoft ≫ .Net Version >= 7.0.0 < 7.0.12

Microsoft ≫ Asp.Net Core Version >= 6.0.0 < 6.0.23

Microsoft ≫ Asp.Net Core Version >= 7.0.0 < 7.0.12

Microsoft ≫ Azure Kubernetes Service Version < 2023-10-08

Microsoft ≫ Visual Studio 2022 Version >= 17.0 < 17.2.20

Microsoft ≫ Visual Studio 2022 Version >= 17.4 < 17.4.12

Microsoft ≫ Visual Studio 2022 Version >= 17.6 < 17.6.8

Microsoft ≫ Visual Studio 2022 Version >= 17.7 < 17.7.5

Microsoft ≫ Windows 10 1607 HwPlatformx64 Version < 10.0.14393.6351

Microsoft ≫ Windows 10 1607 HwPlatformx86 Version < 10.0.14393.6351

Microsoft ≫ Windows 10 1809 Version < 10.0.17763.4974

Microsoft ≫ Windows 10 21h2 Version < 10.0.19044.3570

Microsoft ≫ Windows 10 22h2 Version < 10.0.19045.3570

Microsoft ≫ Windows 11 21h2 Version < 10.0.22000.2538

Microsoft ≫ Windows 11 22h2 Version < 10.0.22621.2428

Microsoft ≫ Windows Server 2016 Version-

Microsoft ≫ Windows Server 2019 Version-

Microsoft ≫ Windows Server 2022 Version-

Nodejs ≫ Node.Js Version >= 18.0.0 < 18.18.2

Nodejs ≫ Node.Js Version >= 20.0.0 < 20.8.1

Microsoft ≫ Cbl-mariner Version < 2023-10-11

Dena ≫ H2o Version < 2023-10-10

Facebook ≫ Proxygen Version < 2023.10.16.00

Apache ≫ Apisix Version < 3.6.1

Apache ≫ Traffic Server Version >= 8.0.0 < 8.1.9

Apache ≫ Traffic Server Version >= 9.0.0 < 9.2.3

Amazon ≫ Opensearch Data Prepper Version < 2.5.0

Debian ≫ Debian Linux Version10.0

Debian ≫ Debian Linux Version11.0

Debian ≫ Debian Linux Version12.0

Kazu-yamamoto ≫ Http2 Version < 4.2.2

Istio ≫ Istio Version < 1.17.6

Istio ≫ Istio Version >= 1.18.0 < 1.18.3

Istio ≫ Istio Version >= 1.19.0 < 1.19.1

Varnish Cache Project ≫ Varnish Cache Version < 2023-10-10

Traefik ≫ Traefik Version < 2.10.5

Traefik ≫ Traefik Version3.0.0 Updatebeta1

Traefik ≫ Traefik Version3.0.0 Updatebeta2

Traefik ≫ Traefik Version3.0.0 Updatebeta3

Projectcontour ≫ Contour SwPlatformkubernetes Version < 2023-10-11

Linkerd ≫ Linkerd SwEditionstable SwPlatformkubernetes Version >= 2.12.0 <= 2.12.5

Linkerd ≫ Linkerd Version2.13.0 SwEditionstable SwPlatformkubernetes

Linkerd ≫ Linkerd Version2.13.1 SwEditionstable SwPlatformkubernetes

Linkerd ≫ Linkerd Version2.14.0 SwEditionstable SwPlatformkubernetes

Linkerd ≫ Linkerd Version2.14.1 SwEditionstable SwPlatformkubernetes

Linecorp ≫ Armeria Version < 1.26.0

Redhat ≫ 3scale Api Management Platform Version2.0

Redhat ≫ Advanced Cluster Management For Kubernetes Version2.0

Redhat ≫ Advanced Cluster Security Version3.0

Redhat ≫ Advanced Cluster Security Version4.0

Redhat ≫ Ansible Automation Platform Version2.0

Redhat ≫ Build Of Optaplanner Version8.0

Redhat ≫ Build Of Quarkus Version-

Redhat ≫ Ceph Storage Version5.0

Redhat ≫ Cert-manager Operator For Red Hat Openshift Version-

Redhat ≫ Certification For Red Hat Enterprise Linux Version8.0

Redhat ≫ Certification For Red Hat Enterprise Linux Version9.0

Redhat ≫ Cost Management Version-

Redhat ≫ Cryostat Version2.0

Redhat ≫ Decision Manager Version7.0

Redhat ≫ Fence Agents Remediation Operator Version-

Redhat ≫ Integration Camel For Spring Boot Version-

Redhat ≫ Integration Camel K Version-

Redhat ≫ Integration Service Registry Version-

Redhat ≫ Jboss A-mq Version7

Redhat ≫ Jboss A-mq Streams Version-

Redhat ≫ Jboss Core Services Version-

Redhat ≫ Jboss Data Grid Version7.0.0

Redhat ≫ Jboss Enterprise Application Platform Version6.0.0

Redhat ≫ Jboss Enterprise Application Platform Version7.0.0

Redhat ≫ Jboss Fuse Version6.0.0

Redhat ≫ Jboss Fuse Version7.0.0

Redhat ≫ Logging Subsystem For Red Hat Openshift Version-

Redhat ≫ Machine Deletion Remediation Operator Version-

Redhat ≫ Migration Toolkit For Applications Version6.0

Redhat ≫ Migration Toolkit For Containers Version-

Redhat ≫ Migration Toolkit For Virtualization Version-

Redhat ≫ Network Observability Operator Version-

Redhat ≫ Node Healthcheck Operator Version-

Redhat ≫ Node Maintenance Operator Version-

Redhat ≫ Openshift Version- SwPlatformaws

Redhat ≫ Openshift Api For Data Protection Version-

Redhat ≫ Openshift Container Platform Version4.0

Redhat ≫ Openshift Container Platform Assisted Installer Version-

Redhat ≫ Openshift Data Science Version-

Redhat ≫ Openshift Dev Spaces Version-

Redhat ≫ Openshift Developer Tools And Services Version-

Redhat ≫ Openshift Distributed Tracing Version-

Redhat ≫ Openshift Gitops Version-

Redhat ≫ Openshift Pipelines Version-

Redhat ≫ Openshift Sandboxed Containers Version-

Redhat ≫ Openshift Secondary Scheduler Operator Version-

Redhat ≫ Openshift Serverless Version-

Redhat ≫ Openshift Service Mesh Version2.0

Redhat ≫ Openshift Virtualization Version4

Redhat ≫ Openstack Platform Version16.1

Redhat ≫ Openstack Platform Version16.2

Redhat ≫ Openstack Platform Version17.1

Redhat ≫ Process Automation Version7.0

Redhat ≫ Quay Version3.0.0

Redhat ≫ Run Once Duration Override Operator Version-

Redhat ≫ Satellite Version6.0

Redhat ≫ Self Node Remediation Operator Version-

Redhat ≫ Service Interconnect Version1.0

Redhat ≫ Single Sign-on Version7.0

Redhat ≫ Support For Spring Boot Version-

Redhat ≫ Web Terminal Version-

Redhat ≫ Enterprise Linux Version6.0

Redhat ≫ Enterprise Linux Version8.0

Redhat ≫ Enterprise Linux Version9.0

Redhat ≫ Service Telemetry Framework Version1.5

Redhat ≫ Enterprise Linux Version8.0

Fedoraproject ≫ Fedora Version37

Fedoraproject ≫ Fedora Version38

Netapp ≫ Astra Control Center Version-

Netapp ≫ Oncommand Insight Version-

Akka ≫ Http Server Version < 10.5.3

Konghq ≫ Kong Gateway SwEditionenterprise Version < 3.4.2

Jenkins ≫ Jenkins SwEditionlts Version <= 2.414.2

Jenkins ≫ Jenkins SwEdition- Version <= 2.427

Apache ≫ Solr Version < 9.4.0

Openresty ≫ Openresty Version < 1.21.4.3

Cisco ≫ Business Process Automation Version < 3.2.003.009

Cisco ≫ Connected Mobile Experiences Version < 11.1

Cisco ≫ Crosswork Data Gateway Version < 4.1.3

Cisco ≫ Crosswork Data Gateway Version >= 5.0.0 < 5.0.2

Cisco ≫ Crosswork Situation Manager Version-

Cisco ≫ Crosswork Zero Touch Provisioning Version < 6.0.0

Cisco ≫ Data Center Network Manager Version-

Cisco ≫ Enterprise Chat And Email Version-

Cisco ≫ Expressway Version < x14.3.3

Cisco ≫ Firepower Threat Defense Version < 7.4.2

Cisco ≫ Iot Field Network Director Version < 4.11.0

Cisco ≫ Prime Access Registrar Version < 9.3.3

Cisco ≫ Prime Cable Provisioning Version < 7.2.1

Cisco ≫ Prime Infrastructure Version < 3.10.4

Cisco ≫ Prime Network Registrar Version < 11.2

Cisco ≫ Secure Dynamic Attributes Connector Version < 2.2.0

Cisco ≫ Secure Malware Analytics Version < 2.19.2

Cisco ≫ Telepresence Video Communication Server Version < x14.3.3

Cisco ≫ Ultra Cloud Core - Policy Control Function Version < 2024.01.0

Cisco ≫ Ultra Cloud Core - Policy Control Function Version2024.01.0

Cisco ≫ Ultra Cloud Core - Serving Gateway Function Version < 2024.02.0

Cisco ≫ Ultra Cloud Core - Session Management Function Version < 2024.02.0

Cisco ≫ Unified Attendant Console Advanced Version-

Cisco ≫ Unified Contact Center Domain Manager Version-

Cisco ≫ Unified Contact Center Enterprise Version-

Cisco ≫ Unified Contact Center Enterprise - Live Data Server Version < 12.6.2

Cisco ≫ Unified Contact Center Management Portal Version-

Cisco ≫ Fog Director Version < 1.22

Cisco ≫ Ios Xe Version < 17.15.1

Cisco ≫ Ios Xr Version < 7.11.2

Cisco ≫ Secure Web Appliance Firmware Version < 15.1.0

Cisco ≫ Secure Web Appliance Version-

Cisco ≫ Nx-os Version < 10.2\(7\)

   Cisco ≫ Nexus 3016 Version-
   Cisco ≫ Nexus 3016q Version-
   Cisco ≫ Nexus 3048 Version-
   Cisco ≫ Nexus 3064 Version-
   Cisco ≫ Nexus 3064-32t Version-
   Cisco ≫ Nexus 3064-t Version-
   Cisco ≫ Nexus 3064-x Version-
   Cisco ≫ Nexus 3064t Version-
   Cisco ≫ Nexus 3064x Version-
   Cisco ≫ Nexus 3100 Version-
   Cisco ≫ Nexus 3100-v Version-
   Cisco ≫ Nexus 3100-z Version-
   Cisco ≫ Nexus 3100v Version-
   Cisco ≫ Nexus 31108pc-v Version-
   Cisco ≫ Nexus 31108pv-v Version-
   Cisco ≫ Nexus 31108tc-v Version-
   Cisco ≫ Nexus 31128pq Version-
   Cisco ≫ Nexus 3132c-z Version-
   Cisco ≫ Nexus 3132q Version-
   Cisco ≫ Nexus 3132q-v Version-
   Cisco ≫ Nexus 3132q-x Version-
   Cisco ≫ Nexus 3132q-xl Version-
   Cisco ≫ Nexus 3164q Version-
   Cisco ≫ Nexus 3172 Version-
   Cisco ≫ Nexus 3172pq Version-
   Cisco ≫ Nexus 3172pq-xl Version-
   Cisco ≫ Nexus 3172tq Version-
   Cisco ≫ Nexus 3172tq-32t Version-
   Cisco ≫ Nexus 3172tq-xl Version-
   Cisco ≫ Nexus 3200 Version-
   Cisco ≫ Nexus 3232 Version-
   Cisco ≫ Nexus 3232c Version-
   Cisco ≫ Nexus 3232c Version-
   Cisco ≫ Nexus 3264c-e Version-
   Cisco ≫ Nexus 3264q Version-
   Cisco ≫ Nexus 3400 Version-
   Cisco ≫ Nexus 3408-s Version-
   Cisco ≫ Nexus 34180yc Version-
   Cisco ≫ Nexus 34200yc-sm Version-
   Cisco ≫ Nexus 3432d-s Version-
   Cisco ≫ Nexus 3464c Version-
   Cisco ≫ Nexus 3500 Version-
   Cisco ≫ Nexus 3524 Version-
   Cisco ≫ Nexus 3524-x Version-
   Cisco ≫ Nexus 3524-xl Version-
   Cisco ≫ Nexus 3548 Version-
   Cisco ≫ Nexus 3548-x Version-
   Cisco ≫ Nexus 3548-xl Version-
   Cisco ≫ Nexus 3600 Version-
   Cisco ≫ Nexus 36180yc-r Version-
   Cisco ≫ Nexus 3636c-r Version-

Cisco ≫ Nx-os Version >= 10.3\(1\) < 10.3\(5\)

Cisco ≫ Nx-os Version >= 10.4\(1\) < 10.4\(2\)

Cisco ≫ Nx-os Version < 10.2\(7\)

   Cisco ≫ Nexus 9000v Version-
   Cisco ≫ Nexus 9200 Version-
   Cisco ≫ Nexus 9200yc Version-
   Cisco ≫ Nexus 92160yc-x Version-
   Cisco ≫ Nexus 92160yc Switch Version-
   Cisco ≫ Nexus 9221c Version-
   Cisco ≫ Nexus 92300yc Version-
   Cisco ≫ Nexus 92300yc Switch Version-
   Cisco ≫ Nexus 92304qc Version-
   Cisco ≫ Nexus 92304qc Switch Version-
   Cisco ≫ Nexus 9232e Version-
   Cisco ≫ Nexus 92348gc-x Version-
   Cisco ≫ Nexus 9236c Version-
   Cisco ≫ Nexus 9236c Switch Version-
   Cisco ≫ Nexus 9272q Version-
   Cisco ≫ Nexus 9272q Switch Version-
   Cisco ≫ Nexus 9300 Version-
   Cisco ≫ Nexus 93108tc-ex Version-
   Cisco ≫ Nexus 93108tc-ex-24 Version-
   Cisco ≫ Nexus 93108tc-ex Switch Version-
   Cisco ≫ Nexus 93108tc-fx Version-
   Cisco ≫ Nexus 93108tc-fx-24 Version-
   Cisco ≫ Nexus 93108tc-fx3h Version-
   Cisco ≫ Nexus 93108tc-fx3p Version-
   Cisco ≫ Nexus 93120tx Version-
   Cisco ≫ Nexus 93120tx Switch Version-
   Cisco ≫ Nexus 93128 Version-
   Cisco ≫ Nexus 93128tx Version-
   Cisco ≫ Nexus 93128tx Switch Version-
   Cisco ≫ Nexus 9316d-gx Version-
   Cisco ≫ Nexus 93180lc-ex Version-
   Cisco ≫ Nexus 93180lc-ex Switch Version-
   Cisco ≫ Nexus 93180tc-ex Version-
   Cisco ≫ Nexus 93180yc-ex Version-
   Cisco ≫ Nexus 93180yc-ex-24 Version-
   Cisco ≫ Nexus 93180yc-ex Switch Version-
   Cisco ≫ Nexus 93180yc-fx Version-
   Cisco ≫ Nexus 93180yc-fx-24 Version-
   Cisco ≫ Nexus 93180yc-fx3 Version-
   Cisco ≫ Nexus 93180yc-fx3h Version-
   Cisco ≫ Nexus 93180yc-fx3s Version-
   Cisco ≫ Nexus 93216tc-fx2 Version-
   Cisco ≫ Nexus 93240tc-fx2 Version-
   Cisco ≫ Nexus 93240yc-fx2 Version-
   Cisco ≫ Nexus 9332c Version-
   Cisco ≫ Nexus 9332d-gx2b Version-
   Cisco ≫ Nexus 9332d-h2r Version-
   Cisco ≫ Nexus 9332pq Version-
   Cisco ≫ Nexus 9332pq Switch Version-
   Cisco ≫ Nexus 93360yc-fx2 Version-
   Cisco ≫ Nexus 9336c-fx2 Version-
   Cisco ≫ Nexus 9336c-fx2-e Version-
   Cisco ≫ Nexus 9336pq Version-
   Cisco ≫ Nexus 9336pq Aci Version-
   Cisco ≫ Nexus 9336pq Aci Spine Version-
   Cisco ≫ Nexus 9336pq Aci Spine Switch Version-
   Cisco ≫ Nexus 9348d-gx2a Version-
   Cisco ≫ Nexus 9348gc-fx3 Version-
   Cisco ≫ Nexus 9348gc-fxp Version-
   Cisco ≫ Nexus 93600cd-gx Version-
   Cisco ≫ Nexus 9364c Version-
   Cisco ≫ Nexus 9364c-gx Version-
   Cisco ≫ Nexus 9364d-gx2a Version-
   Cisco ≫ Nexus 9372px Version-
   Cisco ≫ Nexus 9372px-e Version-
   Cisco ≫ Nexus 9372px-e Switch Version-
   Cisco ≫ Nexus 9372px Switch Version-
   Cisco ≫ Nexus 9372tx Version-
   Cisco ≫ Nexus 9372tx-e Version-
   Cisco ≫ Nexus 9372tx-e Switch Version-
   Cisco ≫ Nexus 9372tx Switch Version-
   Cisco ≫ Nexus 9396px Version-
   Cisco ≫ Nexus 9396px Switch Version-
   Cisco ≫ Nexus 9396tx Version-
   Cisco ≫ Nexus 9396tx Switch Version-
   Cisco ≫ Nexus 9408 Version-
   Cisco ≫ Nexus 9432pq Version-
   Cisco ≫ Nexus 9500 Version-
   Cisco ≫ Nexus 9500 16-slot Version-
   Cisco ≫ Nexus 9500 4-slot Version-
   Cisco ≫ Nexus 9500 8-slot Version-
   Cisco ≫ Nexus 9500 Supervisor A Version-
   Cisco ≫ Nexus 9500 Supervisor B Version-
   Cisco ≫ Nexus 9500r Version-
   Cisco ≫ Nexus 9504 Version-
   Cisco ≫ Nexus 9504 Switch Version-
   Cisco ≫ Nexus 9508 Version-
   Cisco ≫ Nexus 9508 Switch Version-
   Cisco ≫ Nexus 9516 Version-
   Cisco ≫ Nexus 9516 Switch Version-
   Cisco ≫ Nexus 9536pq Version-
   Cisco ≫ Nexus 9636pq Version-
   Cisco ≫ Nexus 9716d-gx Version-
   Cisco ≫ Nexus 9736pq Version-
   Cisco ≫ Nexus 9800 Version-
   Cisco ≫ Nexus 9804 Version-
   Cisco ≫ Nexus 9808 Version-

Cisco ≫ Nx-os Version >= 10.3\(1\) < 10.3\(5\)

Cisco ≫ Nx-os Version >= 10.4\(1\) < 10.4\(2\)

10.10.2023: CISA Known Exploited Vulnerabilities (KEV) Catalog

HTTP/2 Rapid Reset Attack Vulnerability

Schwachstelle

HTTP/2 contains a rapid reset vulnerability that allows for a distributed denial-of-service attack (DDoS).

Beschreibung

Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Erforderliche Maßnahmen

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	94.44%	1

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
134c704f-9b21-4f2e-91b3-4a467353bcc0	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-400 Uncontrolled Resource Consumption

The product does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.

https://security.netapp.com/advisory/ntap-20240621-0006/

Third Party Advisory

Exploit

http://www.openwall.com/lists/oss-security/2023/10/18/8

Third Party Advisory

Mailing List

https://lists.debian.org/debian-lts-announce/2023/10/msg00023.html

Mailing List

https://security.netapp.com/advisory/ntap-20240621-0007/

Third Party Advisory

https://lists.debian.org/debian-lts-announce/2023/10/msg00045.html

Mailing List

https://security.gentoo.org/glsa/202311-09

Third Party Advisory

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3N4NJ7FR4X4FPZUGNTQAPSTVB2HB2Y4A/

Mailing List

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/E72T67UPDRXHIDLO3OROR25YAMN4GGW5/

Mailing List

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FNA62Q767CFAFHBCDKYNPBMZWB7TWYVU/

Mailing List

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HT7T2R4MQKLIF4ODV4BDLPARWFPCJ5CZ/

Mailing List

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LKYHSZQFDNR7RSA7LHVLLIAQMVYCUGBG/

Mailing List

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/X6QXN4ORIVF6XBW4WWFE7VNPVC74S45Y/

Mailing List

https://lists.debian.org/debian-lts-announce/2023/10/msg00020.html

Third Party Advisory

Mailing List

https://www.debian.org/security/2023/dsa-5522

Vendor Advisory

Mailing List

https://www.debian.org/security/2023/dsa-5521

Vendor Advisory

Mailing List

https://www.debian.org/security/2023/dsa-5558

Third Party Advisory

Mailing List

https://www.debian.org/security/2023/dsa-5549

Third Party Advisory

Mailing List

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CLB4TW7KALB3EEQWNWCN7OUIWWVWWCG2/

Mailing List

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KSEGD2IWKNUO3DWY4KQGUQM5BISRWHQE/

Mailing List

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XFOIBB4YFICHDM7IBOP7PWXW3FX4HLL2/

Mailing List

http://www.openwall.com/lists/oss-security/2023/10/13/4

Third Party Advisory

Mailing List

http://www.openwall.com/lists/oss-security/2023/10/13/9

Third Party Advisory

Mailing List

http://www.openwall.com/lists/oss-security/2023/10/18/4

Third Party Advisory

Mailing List

http://www.openwall.com/lists/oss-security/2023/10/19/6

Third Party Advisory

Mailing List

http://www.openwall.com/lists/oss-security/2023/10/20/8

Third Party Advisory

Mailing List

https://access.redhat.com/security/cve/cve-2023-44487

Vendor Advisory

https://arstechnica.com/security/2023/10/how-ddosers-used-the-http-2-protocol-to-deliver-attacks-of-unprecedented-size/

Third Party Advisory

Press/Media Coverage

https://aws.amazon.com/security/security-bulletins/AWS-2023-011/

Third Party Advisory

https://blog.cloudflare.com/technical-breakdown-http2-rapid-reset-ddos-attack/

Vendor Advisory

Technical Description

https://blog.cloudflare.com/zero-day-rapid-reset-http2-record-breaking-ddos-attack/

Third Party Advisory

Vendor Advisory

https://blog.litespeedtech.com/2023/10/11/rapid-reset-http-2-vulnerablilty/

Vendor Advisory

https://blog.qualys.com/vulnerabilities-threat-research/2023/10/10/cve-2023-44487-http-2-rapid-reset-attack

Third Party Advisory

Press/Media Coverage

https://blog.vespa.ai/cve-2023-44487/

Vendor Advisory

https://bugzilla.proxmox.com/show_bug.cgi?id=4988

Third Party Advisory

Issue Tracking

https://bugzilla.redhat.com/show_bug.cgi?id=2242803

Vendor Advisory

Issue Tracking

https://bugzilla.suse.com/show_bug.cgi?id=1216123

Vendor Advisory

Issue Tracking

https://cgit.freebsd.org/ports/commit/?id=c64c329c2c1752f46b73e3e6ce9f4329be6629f9

Patch

Vendor Advisory

Mailing List

https://cloud.google.com/blog/products/identity-security/google-cloud-mitigated-largest-ddos-attack-peaking-above-398-million-rps/

Vendor Advisory

Technical Description

https://cloud.google.com/blog/products/identity-security/how-it-works-the-novel-http2-rapid-reset-ddos-attack

Vendor Advisory

Technical Description

https://community.traefik.io/t/is-traefik-vulnerable-to-cve-2023-44487/20125

Vendor Advisory

https://discuss.hashicorp.com/t/hcsec-2023-32-vault-consul-and-boundary-affected-by-http-2-rapid-reset-denial-of-service-vulnerability-cve-2023-44487/59715

Third Party Advisory

https://edg.io/lp/blog/resets-leaks-ddos-and-the-tale-of-a-hidden-cve

Broken Link

https://forums.swift.org/t/swift-nio-http2-security-update-cve-2023-44487-http-2-dos/67764

Vendor Advisory

https://gist.github.com/adulau/7c2bfb8e9cdbe4b35a5e131c66a0c088

Patch

Issue Tracking

https://github.com/Azure/AKS/issues/3947

Issue Tracking

https://github.com/Kong/kong/discussions/11741

Issue Tracking

https://github.com/advisories/GHSA-qppj-fm5r-hxr3

Vendor Advisory

https://github.com/advisories/GHSA-vx74-f528-fxqg

Patch

Vendor Advisory

Mitigation

https://github.com/advisories/GHSA-xpw8-rcwv-8f8p

Patch

Vendor Advisory

https://github.com/akka/akka-http/issues/4323

Issue Tracking

https://github.com/alibaba/tengine/issues/1872

Issue Tracking

https://github.com/apache/apisix/issues/10320

Issue Tracking

https://github.com/apache/httpd-site/pull/10

Issue Tracking

https://github.com/apache/httpd/blob/afcdbeebbff4b0c50ea26cdd16e178c0d1f24152/modules/http2/h2_mplx.c#L1101-L1113

Product

https://github.com/apache/tomcat/tree/main/java/org/apache/coyote/http2

Third Party Advisory

Product

https://github.com/apache/trafficserver/pull/10564

Patch

Issue Tracking

https://github.com/arkrwn/PoC/tree/main/CVE-2023-44487

Vendor Advisory

https://github.com/bcdannyboy/CVE-2023-44487

Third Party Advisory

https://github.com/caddyserver/caddy/issues/5877

Vendor Advisory

Issue Tracking

https://github.com/caddyserver/caddy/releases/tag/v2.7.5

Third Party Advisory

Release Notes

https://github.com/dotnet/announcements/issues/277

Vendor Advisory

Issue Tracking

Mitigation

https://github.com/dotnet/core/blob/e4613450ea0da7fd2fc6b61dfb2c1c1dec1ce9ec/release-notes/6.0/6.0.23/6.0.23.md?plain=1#L73

Product

Release Notes

https://github.com/eclipse/jetty.project/issues/10679

Issue Tracking

https://github.com/envoyproxy/envoy/pull/30055

Patch

Issue Tracking

https://github.com/etcd-io/etcd/issues/16740

Patch

Issue Tracking

https://github.com/facebook/proxygen/pull/466

Patch

Issue Tracking

https://github.com/golang/go/issues/63417

Issue Tracking

https://github.com/grpc/grpc-go/pull/6703

Patch

Issue Tracking

https://github.com/h2o/h2o/pull/3291

Patch

Issue Tracking

https://github.com/h2o/h2o/security/advisories/GHSA-2m7v-gc89-fjqf

Vendor Advisory

https://github.com/haproxy/haproxy/issues/2312

Issue Tracking

https://github.com/icing/mod_h2/blob/0a864782af0a942aa2ad4ed960a6b32cd35bcf0a/mod_http2/README.md?plain=1#L239-L244

Product

https://github.com/junkurihara/rust-rpxy/issues/97

Issue Tracking

https://github.com/kazu-yamamoto/http2/commit/f61d41a502bd0f60eb24e1ce14edc7b6df6722a1

Patch

https://github.com/kazu-yamamoto/http2/issues/93

Issue Tracking

https://github.com/kubernetes/kubernetes/pull/121120

Patch

Issue Tracking

https://github.com/line/armeria/pull/5232

Patch

Issue Tracking

https://github.com/linkerd/website/pull/1695/commits/4b9c6836471bc8270ab48aae6fd2181bc73fd632

Patch

https://github.com/micrictor/http2-rst-stream

Third Party Advisory

Exploit

https://github.com/microsoft/CBL-Mariner/pull/6381

Patch

Issue Tracking

https://github.com/netty/netty/commit/58f75f665aa81a8cbcf6ffa74820042a285c5e61

Patch

https://github.com/nghttp2/nghttp2/pull/1961

Patch

Issue Tracking

https://github.com/nghttp2/nghttp2/releases/tag/v1.57.0

Release Notes

https://github.com/ninenines/cowboy/issues/1615

Issue Tracking

https://github.com/nodejs/node/pull/50121

Issue Tracking

https://github.com/openresty/openresty/issues/930

Issue Tracking

https://github.com/opensearch-project/data-prepper/issues/3474

Patch

Issue Tracking

https://github.com/oqtane/oqtane.framework/discussions/3367

Issue Tracking

https://github.com/projectcontour/contour/pull/5826

Patch

Issue Tracking

https://github.com/tempesta-tech/tempesta/issues/1986

Issue Tracking

https://github.com/varnishcache/varnish-cache/issues/3996

Issue Tracking

https://groups.google.com/g/golang-announce/c/iNNxDTCjZvo

Vendor Advisory

Mailing List

Release Notes

https://istio.io/latest/news/security/istio-security-2023-004/

Vendor Advisory

https://linkerd.io/2023/10/12/linkerd-cve-2023-44487/

Vendor Advisory

https://lists.apache.org/thread/5py8h42mxfsn8l1wy6o41xwhsjlsd87q

Mailing List

https://lists.debian.org/debian-lts-announce/2023/10/msg00024.html

Mailing List

https://lists.debian.org/debian-lts-announce/2023/10/msg00047.html

Mailing List

https://lists.debian.org/debian-lts-announce/2023/11/msg00001.html

Mailing List

https://lists.debian.org/debian-lts-announce/2023/11/msg00012.html

Mailing List

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2MBEPPC36UBVOZZNAXFHKLFGSLCMN5LI/

Mailing List

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3N4NJ7FR4X4FPZUGNTQAPSTVB2HB2Y4A/

Mailing List

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BFQD3KUEMFBHPAPBGLWQC34L4OWL5HAZ/

Mailing List

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CLB4TW7KALB3EEQWNWCN7OUIWWVWWCG2/

Mailing List

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/E72T67UPDRXHIDLO3OROR25YAMN4GGW5/

Mailing List

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FNA62Q767CFAFHBCDKYNPBMZWB7TWYVU/

Mailing List

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HT7T2R4MQKLIF4ODV4BDLPARWFPCJ5CZ/

Mailing List

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JIZSEFC3YKCGABA2BZW6ZJRMDZJMB7PJ/

Mailing List

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JMEXY22BFG5Q64HQCM5CK2Q7KDKVV4TY/

Mailing List

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KSEGD2IWKNUO3DWY4KQGUQM5BISRWHQE/

Mailing List

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LKYHSZQFDNR7RSA7LHVLLIAQMVYCUGBG/

Mailing List

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LNMZJCDHGLJJLXO4OXWJMTVQRNWOC7UL/

Mailing List

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VHUHTSXLXGXS7JYKBXTA3VINUPHTNGVU/

Mailing List

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VSRDIV77HNKUSM7SJC5BKE5JSHLHU2NK/

Mailing List

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WE2I52RHNNU42PX6NZ2RBUHSFFJ2LVZX/

Mailing List

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WLPRQ5TWUQQXYWBJM7ECYDAIL2YVKIUH/

Mailing List

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X6QXN4ORIVF6XBW4WWFE7VNPVC74S45Y/

Mailing List

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XFOIBB4YFICHDM7IBOP7PWXW3FX4HLL2/

Mailing List

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZB43REMKRQR62NJEI7I5NQ4FSXNLBKRT/

Mailing List

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZKQSIKIAT5TJ3WSLU3RDBQ35YX4GY4V3/

Mailing List

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZLU6U2R2IC2K64NDPNMV55AUAO65MAF4/

Third Party Advisory

Mailing List

https://lists.w3.org/Archives/Public/ietf-http-wg/2023OctDec/0025.html

Third Party Advisory

Mailing List

https://mailman.nginx.org/pipermail/nginx-devel/2023-October/S36Q5HBXR7CAIMPLLPRSSSYR4PCMWILK.html

Patch

Third Party Advisory

Mailing List

https://martinthomson.github.io/h2-stream-limits/draft-thomson-httpbis-h2-stream-limits.html

Third Party Advisory

https://msrc.microsoft.com/blog/2023/10/microsoft-response-to-distributed-denial-of-service-ddos-attacks-against-http/2/

Patch

Vendor Advisory

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-44487

Patch

Vendor Advisory

Mitigation

https://my.f5.com/manage/s/article/K000137106

Vendor Advisory

https://netty.io/news/2023/10/10/4-1-100-Final.html

Vendor Advisory

Release Notes

https://news.ycombinator.com/item?id=37830987

Issue Tracking

https://news.ycombinator.com/item?id=37830998

Issue Tracking

Press/Media Coverage

https://news.ycombinator.com/item?id=37831062

Issue Tracking

https://news.ycombinator.com/item?id=37837043

Issue Tracking

https://openssf.org/blog/2023/10/10/http-2-rapid-reset-vulnerability-highlights-need-for-rapid-response/

Third Party Advisory

https://seanmonstar.com/post/730794151136935936/hyper-http2-rapid-reset-unaffected

Third Party Advisory

https://security.netapp.com/advisory/ntap-20231016-0001/

Third Party Advisory

https://security.netapp.com/advisory/ntap-20240426-0007/

Third Party Advisory

https://security.paloaltonetworks.com/CVE-2023-44487

Vendor Advisory

https://tomcat.apache.org/security-10.html#Fixed_in_Apache_Tomcat_10.1.14

Release Notes

https://ubuntu.com/security/CVE-2023-44487

Vendor Advisory

https://www.bleepingcomputer.com/news/security/new-http-2-rapid-reset-zero-day-attack-breaks-ddos-records/

Third Party Advisory

https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487

Third Party Advisory

US Government Resource

https://www.darkreading.com/cloud/internet-wide-zero-day-bug-fuels-largest-ever-ddos-event

Third Party Advisory

Press/Media Coverage

https://www.debian.org/security/2023/dsa-5540

Third Party Advisory

Mailing List

https://www.debian.org/security/2023/dsa-5570

Third Party Advisory

https://www.haproxy.com/blog/haproxy-is-not-affected-by-the-http-2-rapid-reset-attack-cve-2023-44487

Third Party Advisory

Vendor Advisory

https://www.netlify.com/blog/netlify-successfully-mitigates-cve-2023-44487/

Vendor Advisory

https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/

Vendor Advisory

Mitigation

https://www.openwall.com/lists/oss-security/2023/10/10/6

Third Party Advisory

Mailing List

https://www.phoronix.com/news/HTTP2-Rapid-Reset-Attack

Press/Media Coverage

https://www.theregister.com/2023/10/10/http2_rapid_reset_zeroday/

Third Party Advisory

Press/Media Coverage

https://www.vicarius.io/vsociety/posts/rapid-reset-cve-2023-44487-dos-in-http2-understanding-the-root-cause

Third Party Advisory

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JIZSEFC3YKCGABA2BZW6ZJRMDZJMB7PJ/

Mailing List

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VHUHTSXLXGXS7JYKBXTA3VINUPHTNGVU/

Mailing List

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZKQSIKIAT5TJ3WSLU3RDBQ35YX4GY4V3/

Mailing List

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2MBEPPC36UBVOZZNAXFHKLFGSLCMN5LI/

Mailing List

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BFQD3KUEMFBHPAPBGLWQC34L4OWL5HAZ/

Mailing List

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WE2I52RHNNU42PX6NZ2RBUHSFFJ2LVZX/

Mailing List

http://www.openwall.com/lists/oss-security/2023/10/10/6

Third Party Advisory

Mailing List

http://www.openwall.com/lists/oss-security/2023/10/10/7

Third Party Advisory

Mailing List

https://github.com/grpc/grpc/releases/tag/v1.59.2

Mailing List

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JMEXY22BFG5Q64HQCM5CK2Q7KDKVV4TY/

Mailing List

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LNMZJCDHGLJJLXO4OXWJMTVQRNWOC7UL/

Mailing List

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VSRDIV77HNKUSM7SJC5BKE5JSHLHU2NK/

Mailing List

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WLPRQ5TWUQQXYWBJM7ECYDAIL2YVKIUH/

Mailing List

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZB43REMKRQR62NJEI7I5NQ4FSXNLBKRT/

Mailing List

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZLU6U2R2IC2K64NDPNMV55AUAO65MAF4/

Mailing List

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-http2-reset-d8Kf32vZ

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2023-44487

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-44487

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-44487

EUVD