CVE-2023-44487

7.5

HIGH

HTTP/2 Rapid Reset Attack Vulnerability - [Actively Exploited]

Description

The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.

INFO

Published Date :

Oct. 10, 2023, 2:15 p.m.

Last Modified :

Aug. 14, 2024, 7:57 p.m.

Source :

[email protected]

Remotely Exploitable :

Yes !

Impact Score :

3.6

Exploitability Score :

3.9

CISA Notification

CISA KEV (Known Exploited Vulnerabilities)

For the benefit of the cybersecurity community and network defenders—and to help every organization better manage vulnerabilities and keep pace with threat activity—CISA maintains the authoritative source of vulnerabilities that have been exploited in the wild.

Due Date: Oct 31, 2023

Alert Date: Oct 10, 2023 | 342 days ago

Description :

HTTP/2 contains a rapid reset vulnerability that allows for a distributed denial-of-service attack (DDoS).

Required Action :

Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Notes :

https://blog.cloudflare.com/technical-breakdown-http2-rapid-reset-ddos-attack/

Public PoC/Exploit Available at Github

CVE-2023-44487 has a 55 public PoC/Exploit available at Github. Go to the Public Exploits tab to see the list.

Affected Products

The following products are affected by CVE-2023-44487 vulnerability. Even if cvefeed.io is aware of the exact versions of the products that are affected, the information is not represented in the table below.

ID	Vendor	Product
1	Cisco	ios_xe
2	Cisco	expressway
3	Cisco	telepresence_video_communication_server
4	Cisco	nx-os
5	Cisco	enterprise_chat_and_email
6	Cisco	firepower_threat_defense
7	Cisco	ios_xr
8	Cisco	prime_access_registrar
9	Cisco	data_center_network_manager
10	Cisco	prime_infrastructure
11	Cisco	unified_contact_center_enterprise
12	Cisco	iot_field_network_director
13	Cisco	prime_network_registrar
14	Cisco	connected_mobile_experiences
15	Cisco	unified_contact_center_management_portal
16	Cisco	crosswork_data_gateway
17	Cisco	crosswork_zero_touch_provisioning
18	Cisco	nexus_3016q
19	Cisco	nexus_3048
20	Cisco	nexus_3064t
21	Cisco	nexus_3064x
22	Cisco	nexus_3548
23	Cisco	prime_cable_provisioning
24	Cisco	secure_dynamic_attributes_connector
25	Cisco	secure_malware_analytics
26	Cisco	ultra_cloud_core_-_policy_control_function
27	Cisco	ultra_cloud_core_-_serving_gateway_function
28	Cisco	ultra_cloud_core_-_session_management_function
29	Cisco	unified_attendant_console_advanced
30	Cisco	unified_contact_center_domain_manager
31	Cisco	unified_contact_center_enterprise_-_live_data_server
32	Cisco	fog_director
33	Cisco	secure_web_appliance_firmware
34	Cisco	secure_web_appliance
35	Cisco	nexus_3016
36	Cisco	nexus_3064
37	Cisco	nexus_3064-32t
38	Cisco	nexus_3064-t
39	Cisco	nexus_3064-x
40	Cisco	nexus_3100
41	Cisco	nexus_3100-v
42	Cisco	nexus_3100-z
43	Cisco	nexus_3100v
44	Cisco	nexus_31108pc-v
45	Cisco	nexus_31108pv-v
46	Cisco	nexus_31108tc-v
47	Cisco	nexus_31128pq
48	Cisco	nexus_3132c-z
49	Cisco	nexus_3132q
50	Cisco	nexus_3132q-v
51	Cisco	nexus_3132q-x
52	Cisco	nexus_3132q-x\/3132q-xl
53	Cisco	nexus_3132q-xl
54	Cisco	nexus_3164q
55	Cisco	nexus_3172
56	Cisco	nexus_3172pq
57	Cisco	nexus_3172pq-xl
58	Cisco	nexus_3172pq\/pq-xl
59	Cisco	nexus_3172tq
60	Cisco	nexus_3172tq-32t
61	Cisco	nexus_3172tq-xl
62	Cisco	nexus_3200
63	Cisco	nexus_3232
64	Cisco	nexus_3232c
65	Cisco	nexus_3232c_
66	Cisco	nexus_3264c-e
67	Cisco	nexus_3264q
68	Cisco	nexus_3400
69	Cisco	nexus_3408-s
70	Cisco	nexus_34180yc
71	Cisco	nexus_34200yc-sm
72	Cisco	nexus_3432d-s
73	Cisco	nexus_3464c
74	Cisco	nexus_3500
75	Cisco	nexus_3524
76	Cisco	nexus_3524-x
77	Cisco	nexus_3524-x\/xl
78	Cisco	nexus_3524-xl
79	Cisco	nexus_3548-x
80	Cisco	nexus_3548-x\/xl
81	Cisco	nexus_3548-xl
82	Cisco	nexus_3600
83	Cisco	nexus_36180yc-r
84	Cisco	nexus_3636c-r
85	Cisco	nexus_9000v
86	Cisco	nexus_9200
87	Cisco	nexus_9200yc
88	Cisco	nexus_92160yc-x
89	Cisco	nexus_92160yc_switch
90	Cisco	nexus_9221c
91	Cisco	nexus_92300yc
92	Cisco	nexus_92300yc_switch
93	Cisco	nexus_92304qc
94	Cisco	nexus_92304qc_switch
95	Cisco	nexus_9232e
96	Cisco	nexus_92348gc-x
97	Cisco	nexus_9236c
98	Cisco	nexus_9236c_switch
99	Cisco	nexus_9272q
100	Cisco	nexus_9272q_switch
101	Cisco	nexus_9300
102	Cisco	nexus_93108tc-ex
103	Cisco	nexus_93108tc-ex-24
104	Cisco	nexus_93108tc-ex_switch
105	Cisco	nexus_93108tc-fx
106	Cisco	nexus_93108tc-fx-24
107	Cisco	nexus_93108tc-fx3h
108	Cisco	nexus_93108tc-fx3p
109	Cisco	nexus_93120tx
110	Cisco	nexus_93120tx_switch
111	Cisco	nexus_93128
112	Cisco	nexus_93128tx
113	Cisco	nexus_93128tx_switch
114	Cisco	nexus_9316d-gx
115	Cisco	nexus_93180lc-ex
116	Cisco	nexus_93180lc-ex_switch
117	Cisco	nexus_93180tc-ex
118	Cisco	nexus_93180yc-ex
119	Cisco	nexus_93180yc-ex-24
120	Cisco	nexus_93180yc-ex_switch
121	Cisco	nexus_93180yc-fx
122	Cisco	nexus_93180yc-fx-24
123	Cisco	nexus_93180yc-fx3
124	Cisco	nexus_93180yc-fx3h
125	Cisco	nexus_93180yc-fx3s
126	Cisco	nexus_93216tc-fx2
127	Cisco	nexus_93240tc-fx2
128	Cisco	nexus_93240yc-fx2
129	Cisco	nexus_9332c
130	Cisco	nexus_9332d-gx2b
131	Cisco	nexus_9332d-h2r
132	Cisco	nexus_9332pq
133	Cisco	nexus_9332pq_switch
134	Cisco	nexus_93360yc-fx2
135	Cisco	nexus_9336c-fx2
136	Cisco	nexus_9336c-fx2-e
137	Cisco	nexus_9336pq
138	Cisco	nexus_9336pq_aci
139	Cisco	nexus_9336pq_aci_spine
140	Cisco	nexus_9336pq_aci_spine_switch
141	Cisco	nexus_9348d-gx2a
142	Cisco	nexus_9348gc-fx3
143	Cisco	nexus_9348gc-fxp
144	Cisco	nexus_93600cd-gx
145	Cisco	nexus_9364c
146	Cisco	nexus_9364c-gx
147	Cisco	nexus_9364d-gx2a
148	Cisco	nexus_9372px
149	Cisco	nexus_9372px-e
150	Cisco	nexus_9372px-e_switch
151	Cisco	nexus_9372px_switch
152	Cisco	nexus_9372tx
153	Cisco	nexus_9372tx-e
154	Cisco	nexus_9372tx-e_switch
155	Cisco	nexus_9372tx_switch
156	Cisco	nexus_9396px
157	Cisco	nexus_9396px_switch
158	Cisco	nexus_9396tx
159	Cisco	nexus_9396tx_switch
160	Cisco	nexus_9408
161	Cisco	nexus_9432pq
162	Cisco	nexus_9500
163	Cisco	nexus_9500_16-slot
164	Cisco	nexus_9500_4-slot
165	Cisco	nexus_9500_8-slot
166	Cisco	nexus_9500_supervisor_a
167	Cisco	nexus_9500_supervisor_a\+
168	Cisco	nexus_9500_supervisor_b
169	Cisco	nexus_9500_supervisor_b\+
170	Cisco	nexus_9500r
171	Cisco	nexus_9504
172	Cisco	nexus_9504_switch
173	Cisco	nexus_9508
174	Cisco	nexus_9508_switch
175	Cisco	nexus_9516
176	Cisco	nexus_9516_switch
177	Cisco	nexus_9536pq
178	Cisco	nexus_9636pq
179	Cisco	nexus_9716d-gx
180	Cisco	nexus_9736pq
181	Cisco	nexus_9800
182	Cisco	nexus_9804
183	Cisco	nexus_9808
1	Redhat	enterprise_linux
2	Redhat	openshift_container_platform
3	Redhat	satellite
4	Redhat	ceph_storage
5	Redhat	openshift
6	Redhat	jboss_data_grid
7	Redhat	jboss_enterprise_application_platform
8	Redhat	decision_manager
9	Redhat	single_sign-on
10	Redhat	jboss_core_services
11	Redhat	openstack_platform
12	Redhat	openshift_service_mesh
13	Redhat	jboss_fuse
14	Redhat	jboss_a-mq
15	Redhat	process_automation
16	Redhat	build_of_quarkus
17	Redhat	integration_camel_k
18	Redhat	integration_service_registry
19	Redhat	advanced_cluster_management_for_kubernetes
20	Redhat	quay
21	Redhat	openshift_data_science
22	Redhat	build_of_optaplanner
23	Redhat	openshift_serverless
24	Redhat	openshift_virtualization
25	Redhat	integration_camel_for_spring_boot
26	Redhat	migration_toolkit_for_applications
27	Redhat	ansible_automation_platform
28	Redhat	3scale_api_management_platform
29	Redhat	advanced_cluster_security
30	Redhat	service_interconnect
31	Redhat	openshift_gitops
32	Redhat	openshift_pipelines
33	Redhat	openshift_developer_tools_and_services
34	Redhat	openshift_api_for_data_protection
35	Redhat	openshift_dev_spaces
36	Redhat	cert-manager_operator_for_red_hat_openshift
37	Redhat	certification_for_red_hat_enterprise_linux
38	Redhat	cost_management
39	Redhat	cryostat
40	Redhat	fence_agents_remediation_operator
41	Redhat	jboss_a-mq_streams
42	Redhat	logging_subsystem_for_red_hat_openshift
43	Redhat	machine_deletion_remediation_operator
44	Redhat	migration_toolkit_for_containers
45	Redhat	migration_toolkit_for_virtualization
46	Redhat	network_observability_operator
47	Redhat	node_healthcheck_operator
48	Redhat	node_maintenance_operator
49	Redhat	openshift_container_platform_assisted_installer
50	Redhat	openshift_distributed_tracing
51	Redhat	openshift_sandboxed_containers
52	Redhat	openshift_secondary_scheduler_operator
53	Redhat	run_once_duration_override_operator
54	Redhat	self_node_remediation_operator
55	Redhat	support_for_spring_boot
56	Redhat	web_terminal
57	Redhat	service_telemetry_framework
1	F5	big-ip_access_policy_manager
2	F5	big-ip_advanced_firewall_manager
3	F5	big-ip_analytics
4	F5	big-ip_application_acceleration_manager
5	F5	big-ip_application_security_manager
6	F5	big-ip_domain_name_system
7	F5	big-ip_fraud_protection_service
8	F5	big-ip_global_traffic_manager
9	F5	big-ip_link_controller
10	F5	big-ip_local_traffic_manager
11	F5	big-ip_policy_enforcement_manager
12	F5	big-ip_advanced_web_application_firewall
13	F5	big-ip_ddos_hybrid_defender
14	F5	big-ip_ssl_orchestrator
15	F5	big-ip_websafe
16	F5	big-ip_webaccelerator
17	F5	big-ip_carrier-grade_nat
18	F5	nginx
19	F5	big-ip_application_visibility_and_reporting
20	F5	big-ip_next_service_proxy_for_kubernetes
21	F5	nginx_ingress_controller
22	F5	nginx_plus
23	F5	big-ip_next
1	Microsoft	windows_server_2016
2	Microsoft	asp.net_core
3	Microsoft	windows_server_2019
4	Microsoft	windows_10_1607
5	Microsoft	windows_10_1809
6	Microsoft	windows_10_21h2
7	Microsoft	windows_10_22h2
8	Microsoft	windows_server_2022
9	Microsoft	windows_11_21h2
10	Microsoft	windows_11_22h2
11	Microsoft	.net
12	Microsoft	azure_kubernetes_service
13	Microsoft	visual_studio_2022
14	Microsoft	cbl-mariner
1	Apache	traffic_server
2	Apache	solr
3	Apache	tomcat
4	Apache	apisix
1	Golang	go
2	Golang	networking
3	Golang	http2
1	Netapp	oncommand_insight
2	Netapp	astra_control_center
1	Netty	netty
1	Fedoraproject	fedora
1	Debian	debian_linux
1	Envoyproxy	envoy
1	Istio	istio
1	Nodejs	node.js
1	Jenkins	jenkins
1	Eclipse	jetty
1	Varnish_cache_project	varnish_cache
1	Grpc	grpc
1	Traefik	traefik
1	Nghttp2	nghttp2
1	Dena	h2o
1	Linecorp	armeria
1	Akka	http_server
1	Facebook	proxygen
1	Projectcontour	contour
1	Caddyserver	caddy
1	Openresty	openresty
1	Konghq	kong_gateway
1	Apple	swiftnio_http\/2
1	Ietf	http
1	Amazon	opensearch_data_prepper
1	Kazu-yamamoto	http2
1	Linkerd	linkerd

: Total Affected Vendor : 32 | Products : 311

References to Advisories, Solutions, and Tools

Here, you will find a curated list of external links that provide in-depth information, practical solutions, and valuable tools related to CVE-2023-44487.

URL	Resource
http://www.openwall.com/lists/oss-security/2023/10/13/4	Mailing List Third Party Advisory
http://www.openwall.com/lists/oss-security/2023/10/13/9	Mailing List Third Party Advisory
http://www.openwall.com/lists/oss-security/2023/10/18/4	Mailing List Third Party Advisory
http://www.openwall.com/lists/oss-security/2023/10/18/8	Mailing List Third Party Advisory
http://www.openwall.com/lists/oss-security/2023/10/19/6	Mailing List Third Party Advisory
http://www.openwall.com/lists/oss-security/2023/10/20/8	Mailing List
https://access.redhat.com/security/cve/cve-2023-44487	Vendor Advisory
https://arstechnica.com/security/2023/10/how-ddosers-used-the-http-2-protocol-to-deliver-attacks-of-unprecedented-size/	Press/Media Coverage Third Party Advisory
https://aws.amazon.com/security/security-bulletins/AWS-2023-011/	Third Party Advisory
https://blog.cloudflare.com/technical-breakdown-http2-rapid-reset-ddos-attack/	Technical Description Vendor Advisory
https://blog.cloudflare.com/zero-day-rapid-reset-http2-record-breaking-ddos-attack/	Vendor Advisory
https://blog.litespeedtech.com/2023/10/11/rapid-reset-http-2-vulnerablilty/	Vendor Advisory
https://blog.qualys.com/vulnerabilities-threat-research/2023/10/10/cve-2023-44487-http-2-rapid-reset-attack	Press/Media Coverage Third Party Advisory
https://blog.vespa.ai/cve-2023-44487/	Vendor Advisory
https://bugzilla.proxmox.com/show_bug.cgi?id=4988	Issue Tracking Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=2242803	Issue Tracking Vendor Advisory
https://bugzilla.suse.com/show_bug.cgi?id=1216123	Issue Tracking Vendor Advisory
https://cgit.freebsd.org/ports/commit/?id=c64c329c2c1752f46b73e3e6ce9f4329be6629f9	Mailing List Patch Vendor Advisory
https://cloud.google.com/blog/products/identity-security/google-cloud-mitigated-largest-ddos-attack-peaking-above-398-million-rps/	Technical Description Vendor Advisory
https://cloud.google.com/blog/products/identity-security/how-it-works-the-novel-http2-rapid-reset-ddos-attack	Technical Description Vendor Advisory
https://community.traefik.io/t/is-traefik-vulnerable-to-cve-2023-44487/20125	Vendor Advisory
https://discuss.hashicorp.com/t/hcsec-2023-32-vault-consul-and-boundary-affected-by-http-2-rapid-reset-denial-of-service-vulnerability-cve-2023-44487/59715	Third Party Advisory
https://edg.io/lp/blog/resets-leaks-ddos-and-the-tale-of-a-hidden-cve	Technical Description Third Party Advisory
https://forums.swift.org/t/swift-nio-http2-security-update-cve-2023-44487-http-2-dos/67764	Vendor Advisory
https://gist.github.com/adulau/7c2bfb8e9cdbe4b35a5e131c66a0c088	Third Party Advisory
https://github.com/Azure/AKS/issues/3947	Issue Tracking Vendor Advisory
https://github.com/Kong/kong/discussions/11741	Issue Tracking Vendor Advisory
https://github.com/advisories/GHSA-qppj-fm5r-hxr3	Vendor Advisory
https://github.com/advisories/GHSA-vx74-f528-fxqg	Mitigation Patch Vendor Advisory
https://github.com/advisories/GHSA-xpw8-rcwv-8f8p	Patch Vendor Advisory
https://github.com/akka/akka-http/issues/4323	Issue Tracking Vendor Advisory
https://github.com/alibaba/tengine/issues/1872	Issue Tracking Vendor Advisory
https://github.com/apache/apisix/issues/10320	Issue Tracking Vendor Advisory
https://github.com/apache/httpd-site/pull/10	Issue Tracking Vendor Advisory
https://github.com/apache/httpd/blob/afcdbeebbff4b0c50ea26cdd16e178c0d1f24152/modules/http2/h2_mplx.c#L1101-L1113	Product Third Party Advisory
https://github.com/apache/tomcat/tree/main/java/org/apache/coyote/http2	Product Third Party Advisory
https://github.com/apache/trafficserver/pull/10564	Patch Vendor Advisory
https://github.com/arkrwn/PoC/tree/main/CVE-2023-44487	Vendor Advisory
https://github.com/bcdannyboy/CVE-2023-44487	Third Party Advisory
https://github.com/caddyserver/caddy/issues/5877	Issue Tracking Vendor Advisory
https://github.com/caddyserver/caddy/releases/tag/v2.7.5	Release Notes Third Party Advisory
https://github.com/dotnet/announcements/issues/277	Mitigation Vendor Advisory
https://github.com/dotnet/core/blob/e4613450ea0da7fd2fc6b61dfb2c1c1dec1ce9ec/release-notes/6.0/6.0.23/6.0.23.md?plain=1#L73	Product Release Notes Vendor Advisory
https://github.com/eclipse/jetty.project/issues/10679	Issue Tracking Vendor Advisory
https://github.com/envoyproxy/envoy/pull/30055	Patch Vendor Advisory
https://github.com/etcd-io/etcd/issues/16740	Issue Tracking Patch Vendor Advisory
https://github.com/facebook/proxygen/pull/466	Patch Vendor Advisory
https://github.com/golang/go/issues/63417	Issue Tracking Vendor Advisory
https://github.com/grpc/grpc-go/pull/6703	Patch Vendor Advisory
https://github.com/h2o/h2o/pull/3291	Patch Third Party Advisory
https://github.com/h2o/h2o/security/advisories/GHSA-2m7v-gc89-fjqf	Vendor Advisory
https://github.com/haproxy/haproxy/issues/2312	Issue Tracking Vendor Advisory
https://github.com/icing/mod_h2/blob/0a864782af0a942aa2ad4ed960a6b32cd35bcf0a/mod_http2/README.md?plain=1#L239-L244	Product Vendor Advisory
https://github.com/junkurihara/rust-rpxy/issues/97	Issue Tracking Vendor Advisory
https://github.com/kazu-yamamoto/http2/commit/f61d41a502bd0f60eb24e1ce14edc7b6df6722a1	Patch Third Party Advisory
https://github.com/kazu-yamamoto/http2/issues/93	Issue Tracking Third Party Advisory
https://github.com/kubernetes/kubernetes/pull/121120	Patch Vendor Advisory
https://github.com/line/armeria/pull/5232	Issue Tracking Patch Vendor Advisory
https://github.com/linkerd/website/pull/1695/commits/4b9c6836471bc8270ab48aae6fd2181bc73fd632	Vendor Advisory
https://github.com/micrictor/http2-rst-stream	Exploit Third Party Advisory
https://github.com/microsoft/CBL-Mariner/pull/6381	Patch Vendor Advisory
https://github.com/netty/netty/commit/58f75f665aa81a8cbcf6ffa74820042a285c5e61	Patch Vendor Advisory
https://github.com/nghttp2/nghttp2/pull/1961	Patch Vendor Advisory
https://github.com/nghttp2/nghttp2/releases/tag/v1.57.0	Release Notes Third Party Advisory
https://github.com/ninenines/cowboy/issues/1615	Issue Tracking Vendor Advisory
https://github.com/nodejs/node/pull/50121	Vendor Advisory
https://github.com/openresty/openresty/issues/930	Issue Tracking Vendor Advisory
https://github.com/opensearch-project/data-prepper/issues/3474	Issue Tracking Patch Vendor Advisory
https://github.com/oqtane/oqtane.framework/discussions/3367	Issue Tracking Vendor Advisory
https://github.com/projectcontour/contour/pull/5826	Issue Tracking Patch Vendor Advisory
https://github.com/tempesta-tech/tempesta/issues/1986	Issue Tracking Vendor Advisory
https://github.com/varnishcache/varnish-cache/issues/3996	Issue Tracking Vendor Advisory
https://groups.google.com/g/golang-announce/c/iNNxDTCjZvo	Mailing List Vendor Advisory
https://istio.io/latest/news/security/istio-security-2023-004/	Vendor Advisory
https://linkerd.io/2023/10/12/linkerd-cve-2023-44487/	Vendor Advisory
https://lists.apache.org/thread/5py8h42mxfsn8l1wy6o41xwhsjlsd87q	Mailing List Vendor Advisory
https://lists.debian.org/debian-lts-announce/2023/10/msg00020.html	Mailing List Third Party Advisory
https://lists.debian.org/debian-lts-announce/2023/10/msg00023.html	Mailing List Third Party Advisory
https://lists.debian.org/debian-lts-announce/2023/10/msg00024.html	Mailing List Third Party Advisory
https://lists.debian.org/debian-lts-announce/2023/10/msg00045.html	Third Party Advisory
https://lists.debian.org/debian-lts-announce/2023/10/msg00047.html	Third Party Advisory
https://lists.debian.org/debian-lts-announce/2023/11/msg00001.html	Mailing List Third Party Advisory
https://lists.debian.org/debian-lts-announce/2023/11/msg00012.html	Mailing List Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2MBEPPC36UBVOZZNAXFHKLFGSLCMN5LI/	Mailing List Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3N4NJ7FR4X4FPZUGNTQAPSTVB2HB2Y4A/	Mailing List Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BFQD3KUEMFBHPAPBGLWQC34L4OWL5HAZ/	Mailing List Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CLB4TW7KALB3EEQWNWCN7OUIWWVWWCG2/	Mailing List Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/E72T67UPDRXHIDLO3OROR25YAMN4GGW5/	Mailing List Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FNA62Q767CFAFHBCDKYNPBMZWB7TWYVU/	Mailing List Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HT7T2R4MQKLIF4ODV4BDLPARWFPCJ5CZ/	Mailing List Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JIZSEFC3YKCGABA2BZW6ZJRMDZJMB7PJ/	Mailing List Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JMEXY22BFG5Q64HQCM5CK2Q7KDKVV4TY/	Mailing List Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KSEGD2IWKNUO3DWY4KQGUQM5BISRWHQE/	Mailing List Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LKYHSZQFDNR7RSA7LHVLLIAQMVYCUGBG/	Mailing List Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LNMZJCDHGLJJLXO4OXWJMTVQRNWOC7UL/	Mailing List Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VHUHTSXLXGXS7JYKBXTA3VINUPHTNGVU/	Mailing List Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VSRDIV77HNKUSM7SJC5BKE5JSHLHU2NK/	Mailing List Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WE2I52RHNNU42PX6NZ2RBUHSFFJ2LVZX/	Mailing List Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WLPRQ5TWUQQXYWBJM7ECYDAIL2YVKIUH/	Mailing List Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X6QXN4ORIVF6XBW4WWFE7VNPVC74S45Y/	Mailing List Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XFOIBB4YFICHDM7IBOP7PWXW3FX4HLL2/	Mailing List Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZB43REMKRQR62NJEI7I5NQ4FSXNLBKRT/	Mailing List Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZKQSIKIAT5TJ3WSLU3RDBQ35YX4GY4V3/	Mailing List Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZLU6U2R2IC2K64NDPNMV55AUAO65MAF4/	Mailing List Third Party Advisory
https://lists.w3.org/Archives/Public/ietf-http-wg/2023OctDec/0025.html	Mailing List Third Party Advisory
https://mailman.nginx.org/pipermail/nginx-devel/2023-October/S36Q5HBXR7CAIMPLLPRSSSYR4PCMWILK.html	Mailing List Patch Third Party Advisory
https://martinthomson.github.io/h2-stream-limits/draft-thomson-httpbis-h2-stream-limits.html	Third Party Advisory
https://msrc.microsoft.com/blog/2023/10/microsoft-response-to-distributed-denial-of-service-ddos-attacks-against-http/2/	Patch Vendor Advisory
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-44487	Mitigation Patch Vendor Advisory
https://my.f5.com/manage/s/article/K000137106	Vendor Advisory
https://netty.io/news/2023/10/10/4-1-100-Final.html	Release Notes Vendor Advisory
https://news.ycombinator.com/item?id=37830987	Issue Tracking Third Party Advisory
https://news.ycombinator.com/item?id=37830998	Issue Tracking Press/Media Coverage
https://news.ycombinator.com/item?id=37831062	Issue Tracking Third Party Advisory
https://news.ycombinator.com/item?id=37837043	Issue Tracking
https://openssf.org/blog/2023/10/10/http-2-rapid-reset-vulnerability-highlights-need-for-rapid-response/	Third Party Advisory
https://seanmonstar.com/post/730794151136935936/hyper-http2-rapid-reset-unaffected	Third Party Advisory
https://security.gentoo.org/glsa/202311-09	Third Party Advisory
https://security.netapp.com/advisory/ntap-20231016-0001/	Third Party Advisory
https://security.netapp.com/advisory/ntap-20240426-0007/	Third Party Advisory
https://security.netapp.com/advisory/ntap-20240621-0006/	Third Party Advisory
https://security.netapp.com/advisory/ntap-20240621-0007/	Third Party Advisory
https://security.paloaltonetworks.com/CVE-2023-44487	Vendor Advisory
https://tomcat.apache.org/security-10.html#Fixed_in_Apache_Tomcat_10.1.14	Release Notes Vendor Advisory
https://ubuntu.com/security/CVE-2023-44487	Vendor Advisory
https://www.bleepingcomputer.com/news/security/new-http-2-rapid-reset-zero-day-attack-breaks-ddos-records/	Third Party Advisory
https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487	Third Party Advisory US Government Resource
https://www.darkreading.com/cloud/internet-wide-zero-day-bug-fuels-largest-ever-ddos-event	Press/Media Coverage Third Party Advisory
https://www.debian.org/security/2023/dsa-5521	Vendor Advisory
https://www.debian.org/security/2023/dsa-5522	Vendor Advisory
https://www.debian.org/security/2023/dsa-5540	Third Party Advisory
https://www.debian.org/security/2023/dsa-5549	Third Party Advisory
https://www.debian.org/security/2023/dsa-5558	Third Party Advisory
https://www.debian.org/security/2023/dsa-5570	Third Party Advisory
https://www.haproxy.com/blog/haproxy-is-not-affected-by-the-http-2-rapid-reset-attack-cve-2023-44487	Vendor Advisory
https://www.netlify.com/blog/netlify-successfully-mitigates-cve-2023-44487/	Vendor Advisory
https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/	Mitigation Vendor Advisory
https://www.openwall.com/lists/oss-security/2023/10/10/6	Mailing List Third Party Advisory
https://www.phoronix.com/news/HTTP2-Rapid-Reset-Attack	Press/Media Coverage
https://www.theregister.com/2023/10/10/http2_rapid_reset_zeroday/	Press/Media Coverage Third Party Advisory

We scan GitHub repositories to detect new proof-of-concept exploits. Following list is a collection of public exploits and proof-of-concepts, which have been published on GitHub (sorted by the most recently updated).

abegorov/linux10

None

Shell

Updated: 1 month, 1 week ago

0 stars 0 fork 0 watcher

Born at : Aug. 2, 2024, 7:36 p.m. This repo has been linked 1 different CVEs too.

Green-Ace/test

практика

Updated: 1 month ago

0 stars 0 fork 0 watcher

Born at : Aug. 1, 2024, 11:31 a.m. This repo has been linked 1 different CVEs too.

glkfc/CVE_Reproduce

Some information about the process of CVE recurrence

Updated: 1 month, 1 week ago

1 stars 0 fork 0 watcher

Born at : July 19, 2024, 12:30 p.m. This repo has been linked 4 different CVEs too.

h4ckm1n-dev/report-test

None

Updated: 3 weeks, 4 days ago

0 stars 0 fork 0 watcher

Born at : July 5, 2024, 2:18 p.m. This repo has been linked 40 different CVEs too.

xLanStar/http2-rapid-reset-test

None

Python JavaScript

Updated: 3 months, 2 weeks ago

0 stars 0 fork 0 watcher

Born at : May 29, 2024, 8:03 p.m. This repo has been linked 1 different CVEs too.

testing-felickz/docker-scout-demo

None

Dockerfile Go

Updated: 3 months, 2 weeks ago

0 stars 0 fork 0 watcher

Born at : May 29, 2024, 6:54 p.m. This repo has been linked 78 different CVEs too.

sn130hk/CVE-2023-44487

None

Updated: 3 months, 3 weeks ago

0 stars 0 fork 0 watcher

Born at : May 26, 2024, 1:01 p.m. This repo has been linked 1 different CVEs too.

0xMarcio/cve

Latest CVEs with their Proof of Concept exploits.

Python

Updated: 1 week, 1 day ago

5 stars 1 fork 1 watcher

Born at : May 24, 2024, 11:02 a.m. This repo has been linked 78 different CVEs too.

TYuan0816/cve-2023-44487

None

Updated: 4 months, 3 weeks ago

0 stars 0 fork 0 watcher

Born at : April 22, 2024, 8:56 a.m. This repo has been linked 1 different CVEs too.

fankun99/baicuan

百川，一个被动信息收集及数据融合工具。支持对多个网络空间搜索引擎进行本地查询、数据融合、IP聚合、搜索引擎化展示。

Batchfile Python

Updated: 1 week, 3 days ago

44 stars 6 fork 6 watcher

Born at : March 31, 2024, 6:55 a.m. This repo has been linked 1 different CVEs too.

kobutton/redhat-cve-fix-checker

None

Python

Updated: 5 months ago

2 stars 1 fork 1 watcher

Born at : March 28, 2024, 7:23 p.m. This repo has been linked 2 different CVEs too.

malinkamedok/devops_sandbox

Docker image with installed Go and Python made for checking student works at DevOps course

Python Dockerfile Shell

Updated: 2 months, 3 weeks ago

0 stars 0 fork 0 watcher

Born at : March 27, 2024, 11:02 p.m. This repo has been linked 5 different CVEs too.

nics-tw/sbom2vans

SBOM2VANS工具，此工具協助轉換 SBOM 文件符合 VANS 格式，呼叫 OSV API 查詢資料庫確認組件是否有已知的安全漏洞，並使用 NVD API 查詢已知漏洞對應 CPE 格式，若無 CVE 或 CPE 格式元件則會以 package-url 格式儲存，最後將 SBOM 內套件轉轉換符合 VANS 格式欄位進行上傳。本專案於 GitHub 以開源專案釋出。有任何數位韌性相關問題，歡迎來電至國家資通安全研究院前瞻中心架構設計組 02-6631-1881 詢問!

digital-resilience resilience sbom vans

Updated: 2 months ago

1 stars 0 fork 0 watcher

Born at : March 26, 2024, 3:20 a.m. This repo has been linked 10 different CVEs too.

Dzmitry-Basiachenka/dist-foreign-aliakh

None

SCSS Mustache

Updated: 6 months ago

0 stars 0 fork 0 watcher

Born at : March 11, 2024, 8:53 a.m. This repo has been linked 52 different CVEs too.

knabben/dos-poc

Golang DDoS CVE POC

Go Dockerfile Makefile

Updated: 3 months, 3 weeks ago

5 stars 2 fork 2 watcher

Born at : March 3, 2024, 12:41 p.m. This repo has been linked 4 different CVEs too.

Results are limited to the first 15 repositories due to potential performance issues.

The following list is the news that have been mention CVE-2023-44487 vulnerability anywhere in the article.

The following table lists the changes that have been made to the CVE-2023-44487 vulnerability over time.

Vulnerability history details can be useful for understanding the evolution of a vulnerability, and for identifying the most recent changes that may impact the vulnerability's severity, exploitability, or other characteristics.

Modified Analysis by [email protected]

Aug. 14, 2024

Action Type Old Value New Value

Removed CWE NIST CWE-400

Added CWE NIST NVD-CWE-noinfo
CVE Modified by 134c704f-9b21-4f2e-91b3-4a467353bcc0

Aug. 01, 2024

Action Type Old Value New Value

Added CWE CISA-ADP CWE-400

Added CVSS V3.1 CISA-ADP AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Action	Type	Old Value	New Value
Removed	CWE	NIST CWE-400
Added	CWE		NIST NVD-CWE-noinfo

Action	Type	Old Value	New Value
Added	CWE		CISA-ADP CWE-400
Added	CVSS V3.1		CISA-ADP AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Modified Analysis by [email protected]

Jun. 27, 2024

Action	Type	Old Value	New Value
Changed	Reference Type	https://aws.amazon.com/security/security-bulletins/AWS-2023-011/ Vendor Advisory	https://aws.amazon.com/security/security-bulletins/AWS-2023-011/ Third Party Advisory
Changed	Reference Type	https://security.netapp.com/advisory/ntap-20240426-0007/ No Types Assigned	https://security.netapp.com/advisory/ntap-20240426-0007/ Third Party Advisory
Changed	Reference Type	https://security.netapp.com/advisory/ntap-20240621-0006/ No Types Assigned	https://security.netapp.com/advisory/ntap-20240621-0006/ Third Party Advisory
Changed	Reference Type	https://security.netapp.com/advisory/ntap-20240621-0007/ No Types Assigned	https://security.netapp.com/advisory/ntap-20240621-0007/ Third Party Advisory
Changed	CPE Configuration	OR cpe:2.3:a:netapp:astra_control_center:-:::::::	OR cpe:2.3:a:netapp:astra_control_center:-::::::: cpe:2.3:a:netapp:oncommand_insight:-:::::::

Action	Type	Old Value	New Value
Added	Reference		MITRE https://security.netapp.com/advisory/ntap-20240621-0006/ [No types assigned]
Added	Reference		MITRE https://security.netapp.com/advisory/ntap-20240621-0007/ [No types assigned]

Action	Type	New Value
Added	CPE Configuration	OR cpe:2.3:a:cisco:connected_mobile_experiences::::::::* versions up to (excluding) 11.1 cpe:2.3:a:cisco:crosswork_data_gateway::::::::* versions up to (excluding) 4.1.3 cpe:2.3:a:cisco:crosswork_data_gateway:5.0::::::: cpe:2.3:a:cisco:crosswork_zero_touch_provisioning::::::::* versions up to (excluding) 6.0.0 cpe:2.3:a:cisco:data_center_network_manager:-::::::: cpe:2.3:a:cisco:enterprise_chat_and_email:-::::::: cpe:2.3:a:cisco:expressway::::::::* versions up to (excluding) x14.3.3 cpe:2.3:a:cisco:firepower_threat_defense::::::::* versions up to (excluding) 7.4.2 cpe:2.3:a:cisco:iot_field_network_director::::::::* versions up to (excluding) 4.11.0 cpe:2.3:a:cisco:prime_access_registrar::::::::* versions up to (excluding) 9.3.3 cpe:2.3:a:cisco:prime_cable_provisioning::::::::* versions up to (excluding) 7.2.1 cpe:2.3:a:cisco:prime_infrastructure::::::::* versions up to (excluding) 3.10.4 cpe:2.3:a:cisco:prime_network_registrar::::::::* versions up to (excluding) 11.2 cpe:2.3:a:cisco:secure_dynamic_attributes_connector::::::::* versions up to (excluding) 2.2.0 cpe:2.3:a:cisco:secure_malware_analytics::::::::* versions up to (excluding) 2.19.2 cpe:2.3:a:cisco:telepresence_video_communication_server::::::::* versions up to (excluding) x14.3.3 cpe:2.3:a:cisco:ultra_cloud_core_-_policy_control_function::::::::* versions up to (excluding) 2024.01.0 cpe:2.3:a:cisco:ultra_cloud_core_-_policy_control_function:2024.01.0::::::: cpe:2.3:a:cisco:ultra_cloud_core_-_serving_gateway_function::::::::* versions up to (excluding) 2024.02.0 cpe:2.3:a:cisco:ultra_cloud_core_-_session_management_function::::::::* versions up to (excluding) 2024.02.0 cpe:2.3:a:cisco:unified_attendant_console_advanced:-::::::: cpe:2.3:a:cisco:unified_contact_center_domain_manager:-::::::: cpe:2.3:a:cisco:unified_contact_center_enterprise:-::::::: cpe:2.3:a:cisco:unified_contact_center_enterprise_-_live_data_server::::::::* versions up to (excluding) 12.6.2 cpe:2.3:a:cisco:unified_contact_center_management_portal:-::::::: cpe:2.3:o:cisco:fog_director::::::::* versions up to (excluding) 1.22 cpe:2.3:o:cisco:ios_xe::::::::* versions up to (excluding) 17.15.1 cpe:2.3:o:cisco:ios_xr::::::::* versions up to (excluding) 7.11.2
Added	CPE Configuration	AND OR cpe:2.3:o:cisco:secure_web_appliance_firmware::::::::* versions up to (excluding) 15.1.0 OR cpe:2.3:h:cisco:secure_web_appliance:-:::::::*
Added	CPE Configuration	AND OR cpe:2.3:o:cisco:nx-os::::::::* versions up to (excluding) 10.2\(7\) cpe:2.3:o:cisco:nx-os::::::::* versions from (including) 10.3\(1\) up to (excluding) 10.3\(5\) OR cpe:2.3:h:cisco:nexus_3016:-:::::::* cpe:2.3:h:cisco:nexus_3016q:-:::::::* cpe:2.3:h:cisco:nexus_3048:-:::::::* cpe:2.3:h:cisco:nexus_3064:-:::::::* cpe:2.3:h:cisco:nexus_3064-32t:-:::::::* cpe:2.3:h:cisco:nexus_3064-t:-:::::::* cpe:2.3:h:cisco:nexus_3064-x:-:::::::* cpe:2.3:h:cisco:nexus_3064t:-:::::::* cpe:2.3:h:cisco:nexus_3064x:-:::::::* cpe:2.3:h:cisco:nexus_3100:-:::::::* cpe:2.3:h:cisco:nexus_3100-v:-:::::::* cpe:2.3:h:cisco:nexus_3100-z:-:::::::* cpe:2.3:h:cisco:nexus_3100v:-:::::::* cpe:2.3:h:cisco:nexus_31108pc-v:-:::::::* cpe:2.3:h:cisco:nexus_31108pv-v:-:::::::* cpe:2.3:h:cisco:nexus_31108tc-v:-:::::::* cpe:2.3:h:cisco:nexus_31128pq:-:::::::* cpe:2.3:h:cisco:nexus_3132c-z:-:::::::* cpe:2.3:h:cisco:nexus_3132q:-:::::::* cpe:2.3:h:cisco:nexus_3132q-v:-:::::::* cpe:2.3:h:cisco:nexus_3132q-x:-:::::::* cpe:2.3:h:cisco:nexus_3132q-x\/3132q-xl:-:::::::* cpe:2.3:h:cisco:nexus_3132q-xl:-:::::::* cpe:2.3:h:cisco:nexus_3164q:-:::::::* cpe:2.3:h:cisco:nexus_3172:-:::::::* cpe:2.3:h:cisco:nexus_3172pq:-:::::::* cpe:2.3:h:cisco:nexus_3172pq-xl:-:::::::* cpe:2.3:h:cisco:nexus_3172pq\/pq-xl:-:::::::* cpe:2.3:h:cisco:nexus_3172tq:-:::::::* cpe:2.3:h:cisco:nexus_3172tq-32t:-:::::::* cpe:2.3:h:cisco:nexus_3172tq-xl:-:::::::* cpe:2.3:h:cisco:nexus_3200:-:::::::* cpe:2.3:h:cisco:nexus_3232:-:::::::* cpe:2.3:h:cisco:nexus_3232c:-:::::::* cpe:2.3:h:cisco:nexus_3232c_:-:::::::* cpe:2.3:h:cisco:nexus_3264c-e:-:::::::* cpe:2.3:h:cisco:nexus_3264q:-:::::::* cpe:2.3:h:cisco:nexus_3400:-:::::::* cpe:2.3:h:cisco:nexus_3408-s:-:::::::* cpe:2.3:h:cisco:nexus_34180yc:-:::::::* cpe:2.3:h:cisco:nexus_34200yc-sm:-:::::::* cpe:2.3:h:cisco:nexus_3432d-s:-:::::::* cpe:2.3:h:cisco:nexus_3464c:-:::::::* cpe:2.3:h:cisco:nexus_3500:-:::::::* cpe:2.3:h:cisco:nexus_3524:-:::::::* cpe:2.3:h:cisco:nexus_3524-x:-:::::::* cpe:2.3:h:cisco:nexus_3524-x\/xl:-:::::::* cpe:2.3:h:cisco:nexus_3524-xl:-:::::::* cpe:2.3:h:cisco:nexus_3548:-:::::::* cpe:2.3:h:cisco:nexus_3548-x:-:::::::* cpe:2.3:h:cisco:nexus_3548-x\/xl:-:::::::* cpe:2.3:h:cisco:nexus_3548-xl:-:::::::* cpe:2.3:h:cisco:nexus_3600:-:::::::* cpe:2.3:h:cisco:nexus_36180yc-r:-:::::::* cpe:2.3:h:cisco:nexus_3636c-r:-:::::::*
Added	CPE Configuration	AND OR cpe:2.3:o:cisco:nx-os::::::::* versions up to (excluding) 10.2\(7\) cpe:2.3:o:cisco:nx-os::::::::* versions from (including) 10.3\(1\) up to (excluding) 10.3\(5\) OR cpe:2.3:h:cisco:nexus_9000v:-:::::::* cpe:2.3:h:cisco:nexus_9200:-:::::::* cpe:2.3:h:cisco:nexus_9200yc:-:::::::* cpe:2.3:h:cisco:nexus_92160yc-x:-:::::::* cpe:2.3:h:cisco:nexus_92160yc_switch:-:::::::* cpe:2.3:h:cisco:nexus_9221c:-:::::::* cpe:2.3:h:cisco:nexus_92300yc:-:::::::* cpe:2.3:h:cisco:nexus_92300yc_switch:-:::::::* cpe:2.3:h:cisco:nexus_92304qc:-:::::::* cpe:2.3:h:cisco:nexus_92304qc_switch:-:::::::* cpe:2.3:h:cisco:nexus_9232e:-:::::::* cpe:2.3:h:cisco:nexus_92348gc-x:-:::::::* cpe:2.3:h:cisco:nexus_9236c:-:::::::* cpe:2.3:h:cisco:nexus_9236c_switch:-:::::::* cpe:2.3:h:cisco:nexus_9272q:-:::::::* cpe:2.3:h:cisco:nexus_9272q_switch:-:::::::* cpe:2.3:h:cisco:nexus_9300:-:::::::* cpe:2.3:h:cisco:nexus_93108tc-ex:-:::::::* cpe:2.3:h:cisco:nexus_93108tc-ex-24:-:::::::* cpe:2.3:h:cisco:nexus_93108tc-ex_switch:-:::::::* cpe:2.3:h:cisco:nexus_93108tc-fx:-:::::::* cpe:2.3:h:cisco:nexus_93108tc-fx-24:-:::::::* cpe:2.3:h:cisco:nexus_93108tc-fx3h:-:::::::* cpe:2.3:h:cisco:nexus_93108tc-fx3p:-:::::::* cpe:2.3:h:cisco:nexus_93120tx:-:::::::* cpe:2.3:h:cisco:nexus_93120tx_switch:-:::::::* cpe:2.3:h:cisco:nexus_93128:-:::::::* cpe:2.3:h:cisco:nexus_93128tx:-:::::::* cpe:2.3:h:cisco:nexus_93128tx_switch:-:::::::* cpe:2.3:h:cisco:nexus_9316d-gx:-:::::::* cpe:2.3:h:cisco:nexus_93180lc-ex:-:::::::* cpe:2.3:h:cisco:nexus_93180lc-ex_switch:-:::::::* cpe:2.3:h:cisco:nexus_93180tc-ex:-:::::::* cpe:2.3:h:cisco:nexus_93180yc-ex:-:::::::* cpe:2.3:h:cisco:nexus_93180yc-ex-24:-:::::::* cpe:2.3:h:cisco:nexus_93180yc-ex_switch:-:::::::* cpe:2.3:h:cisco:nexus_93180yc-fx:-:::::::* cpe:2.3:h:cisco:nexus_93180yc-fx-24:-:::::::* cpe:2.3:h:cisco:nexus_93180yc-fx3:-:::::::* cpe:2.3:h:cisco:nexus_93180yc-fx3h:-:::::::* cpe:2.3:h:cisco:nexus_93180yc-fx3s:-:::::::* cpe:2.3:h:cisco:nexus_93216tc-fx2:-:::::::* cpe:2.3:h:cisco:nexus_93240tc-fx2:-:::::::* cpe:2.3:h:cisco:nexus_93240yc-fx2:-:::::::* cpe:2.3:h:cisco:nexus_9332c:-:::::::* cpe:2.3:h:cisco:nexus_9332d-gx2b:-:::::::* cpe:2.3:h:cisco:nexus_9332d-h2r:-:::::::* cpe:2.3:h:cisco:nexus_9332pq:-:::::::* cpe:2.3:h:cisco:nexus_9332pq_switch:-:::::::* cpe:2.3:h:cisco:nexus_93360yc-fx2:-:::::::* cpe:2.3:h:cisco:nexus_9336c-fx2:-:::::::* cpe:2.3:h:cisco:nexus_9336c-fx2-e:-:::::::* cpe:2.3:h:cisco:nexus_9336pq:-:::::::* cpe:2.3:h:cisco:nexus_9336pq_aci:-:::::::* cpe:2.3:h:cisco:nexus_9336pq_aci_spine:-:::::::* cpe:2.3:h:cisco:nexus_9336pq_aci_spine_switch:-:::::::* cpe:2.3:h:cisco:nexus_9348d-gx2a:-:::::::* cpe:2.3:h:cisco:nexus_9348gc-fx3:-:::::::* cpe:2.3:h:cisco:nexus_9348gc-fxp:-:::::::* cpe:2.3:h:cisco:nexus_93600cd-gx:-:::::::* cpe:2.3:h:cisco:nexus_9364c:-:::::::* cpe:2.3:h:cisco:nexus_9364c-gx:-:::::::* cpe:2.3:h:cisco:nexus_9364d-gx2a:-:::::::* cpe:2.3:h:cisco:nexus_9372px:-:::::::* cpe:2.3:h:cisco:nexus_9372px-e:-:::::::* cpe:2.3:h:cisco:nexus_9372px-e_switch:-:::::::* cpe:2.3:h:cisco:nexus_9372px_switch:-:::::::* cpe:2.3:h:cisco:nexus_9372tx:-:::::::* cpe:2.3:h:cisco:nexus_9372tx-e:-:::::::* cpe:2.3:h:cisco:nexus_9372tx-e_switch:-:::::::* cpe:2.3:h:cisco:nexus_9372tx_switch:-:::::::* cpe:2.3:h:cisco:nexus_9396px:-:::::::* cpe:2.3:h:cisco:nexus_9396px_switch:-:::::::* cpe:2.3:h:cisco:nexus_9396tx:-:::::::* cpe:2.3:h:cisco:nexus_9396tx_switch:-:::::::* cpe:2.3:h:cisco:nexus_9408:-:::::::* cpe:2.3:h:cisco:nexus_9432pq:-:::::::* cpe:2.3:h:cisco:nexus_9500:-:::::::* cpe:2.3:h:cisco:nexus_9500_16-slot:-:::::::* cpe:2.3:h:cisco:nexus_9500_4-slot:-:::::::* cpe:2.3:h:cisco:nexus_9500_8-slot:-:::::::* cpe:2.3:h:cisco:nexus_9500_supervisor_a:-:::::::* cpe:2.3:h:cisco:nexus_9500_supervisor_a\+:-:::::::* cpe:2.3:h:cisco:nexus_9500_supervisor_b:-:::::::* cpe:2.3:h:cisco:nexus_9500_supervisor_b\+:-:::::::* cpe:2.3:h:cisco:nexus_9500r:-:::::::* cpe:2.3:h:cisco:nexus_9504:-:::::::* cpe:2.3:h:cisco:nexus_9504_switch:-:::::::* cpe:2.3:h:cisco:nexus_9508:-:::::::* cpe:2.3:h:cisco:nexus_9508_switch:-:::::::* cpe:2.3:h:cisco:nexus_9516:-:::::::* cpe:2.3:h:cisco:nexus_9516_switch:-:::::::* cpe:2.3:h:cisco:nexus_9536pq:-:::::::* cpe:2.3:h:cisco:nexus_9636pq:-:::::::* cpe:2.3:h:cisco:nexus_9716d-gx:-:::::::* cpe:2.3:h:cisco:nexus_9736pq:-:::::::* cpe:2.3:h:cisco:nexus_9800:-:::::::* cpe:2.3:h:cisco:nexus_9804:-:::::::* cpe:2.3:h:cisco:nexus_9808:-:::::::*

Action	Type	Old Value	New Value
Added	Reference		MITRE https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2MBEPPC36UBVOZZNAXFHKLFGSLCMN5LI/ [No types assigned]
Added	Reference		MITRE https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WE2I52RHNNU42PX6NZ2RBUHSFFJ2LVZX/ [No types assigned]

Action	Type	Old Value	New Value
Added	CVSS V3.1		NIST AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Changed	Reference Type	http://www.openwall.com/lists/oss-security/2023/10/13/4 No Types Assigned	http://www.openwall.com/lists/oss-security/2023/10/13/4 Mailing List, Third Party Advisory
Changed	Reference Type	https://access.redhat.com/security/cve/cve-2023-44487 No Types Assigned	https://access.redhat.com/security/cve/cve-2023-44487 Vendor Advisory
Changed	Reference Type	https://aws.amazon.com/security/security-bulletins/AWS-2023-011/ No Types Assigned	https://aws.amazon.com/security/security-bulletins/AWS-2023-011/ Vendor Advisory
Changed	Reference Type	https://blog.cloudflare.com/technical-breakdown-http2-rapid-reset-ddos-attack/ No Types Assigned	https://blog.cloudflare.com/technical-breakdown-http2-rapid-reset-ddos-attack/ Technical Description, Vendor Advisory
Changed	Reference Type	https://blog.cloudflare.com/zero-day-rapid-reset-http2-record-breaking-ddos-attack/ No Types Assigned	https://blog.cloudflare.com/zero-day-rapid-reset-http2-record-breaking-ddos-attack/ Vendor Advisory
Changed	Reference Type	https://blog.litespeedtech.com/2023/10/11/rapid-reset-http-2-vulnerablilty/ No Types Assigned	https://blog.litespeedtech.com/2023/10/11/rapid-reset-http-2-vulnerablilty/ Vendor Advisory
Changed	Reference Type	https://blog.qualys.com/vulnerabilities-threat-research/2023/10/10/cve-2023-44487-http-2-rapid-reset-attack No Types Assigned	https://blog.qualys.com/vulnerabilities-threat-research/2023/10/10/cve-2023-44487-http-2-rapid-reset-attack Vendor Advisory
Changed	Reference Type	https://blog.vespa.ai/cve-2023-44487/ No Types Assigned	https://blog.vespa.ai/cve-2023-44487/ Vendor Advisory
Changed	Reference Type	https://bugzilla.proxmox.com/show_bug.cgi?id=4988 No Types Assigned	https://bugzilla.proxmox.com/show_bug.cgi?id=4988 Issue Tracking
Changed	Reference Type	https://bugzilla.redhat.com/show_bug.cgi?id=2242803 No Types Assigned	https://bugzilla.redhat.com/show_bug.cgi?id=2242803 Issue Tracking, Vendor Advisory
Changed	Reference Type	https://bugzilla.suse.com/show_bug.cgi?id=1216123 No Types Assigned	https://bugzilla.suse.com/show_bug.cgi?id=1216123 Issue Tracking
Changed	Reference Type	https://cgit.freebsd.org/ports/commit/?id=c64c329c2c1752f46b73e3e6ce9f4329be6629f9 No Types Assigned	https://cgit.freebsd.org/ports/commit/?id=c64c329c2c1752f46b73e3e6ce9f4329be6629f9 Patch
Changed	Reference Type	https://cloud.google.com/blog/products/identity-security/google-cloud-mitigated-largest-ddos-attack-peaking-above-398-million-rps/ No Types Assigned	https://cloud.google.com/blog/products/identity-security/google-cloud-mitigated-largest-ddos-attack-peaking-above-398-million-rps/ Technical Description, Vendor Advisory
Changed	Reference Type	https://cloud.google.com/blog/products/identity-security/how-it-works-the-novel-http2-rapid-reset-ddos-attack No Types Assigned	https://cloud.google.com/blog/products/identity-security/how-it-works-the-novel-http2-rapid-reset-ddos-attack Technical Description, Vendor Advisory
Changed	Reference Type	https://community.traefik.io/t/is-traefik-vulnerable-to-cve-2023-44487/20125 No Types Assigned	https://community.traefik.io/t/is-traefik-vulnerable-to-cve-2023-44487/20125 Vendor Advisory
Changed	Reference Type	https://edg.io/lp/blog/resets-leaks-ddos-and-the-tale-of-a-hidden-cve No Types Assigned	https://edg.io/lp/blog/resets-leaks-ddos-and-the-tale-of-a-hidden-cve Technical Description, Vendor Advisory
Changed	Reference Type	https://forums.swift.org/t/swift-nio-http2-security-update-cve-2023-44487-http-2-dos/67764 No Types Assigned	https://forums.swift.org/t/swift-nio-http2-security-update-cve-2023-44487-http-2-dos/67764 Vendor Advisory
Changed	Reference Type	https://gist.github.com/adulau/7c2bfb8e9cdbe4b35a5e131c66a0c088 No Types Assigned	https://gist.github.com/adulau/7c2bfb8e9cdbe4b35a5e131c66a0c088 Vendor Advisory
Changed	Reference Type	https://github.com/advisories/GHSA-qppj-fm5r-hxr3 No Types Assigned	https://github.com/advisories/GHSA-qppj-fm5r-hxr3 Issue Tracking, Vendor Advisory
Changed	Reference Type	https://github.com/advisories/GHSA-vx74-f528-fxqg No Types Assigned	https://github.com/advisories/GHSA-vx74-f528-fxqg Vendor Advisory
Changed	Reference Type	https://github.com/advisories/GHSA-xpw8-rcwv-8f8p No Types Assigned	https://github.com/advisories/GHSA-xpw8-rcwv-8f8p Vendor Advisory
Changed	Reference Type	https://github.com/akka/akka-http/issues/4323 No Types Assigned	https://github.com/akka/akka-http/issues/4323 Issue Tracking, Vendor Advisory
Changed	Reference Type	https://github.com/alibaba/tengine/issues/1872 No Types Assigned	https://github.com/alibaba/tengine/issues/1872 Vendor Advisory
Changed	Reference Type	https://github.com/apache/apisix/issues/10320 No Types Assigned	https://github.com/apache/apisix/issues/10320 Issue Tracking, Vendor Advisory
Changed	Reference Type	https://github.com/apache/httpd/blob/afcdbeebbff4b0c50ea26cdd16e178c0d1f24152/modules/http2/h2_mplx.c#L1101-L1113 No Types Assigned	https://github.com/apache/httpd/blob/afcdbeebbff4b0c50ea26cdd16e178c0d1f24152/modules/http2/h2_mplx.c#L1101-L1113 Vendor Advisory
Changed	Reference Type	https://github.com/apache/httpd-site/pull/10 No Types Assigned	https://github.com/apache/httpd-site/pull/10 Issue Tracking, Vendor Advisory
Changed	Reference Type	https://github.com/apache/tomcat/tree/main/java/org/apache/coyote/http2 No Types Assigned	https://github.com/apache/tomcat/tree/main/java/org/apache/coyote/http2 Vendor Advisory
Changed	Reference Type	https://github.com/apache/trafficserver/pull/10564 No Types Assigned	https://github.com/apache/trafficserver/pull/10564 Vendor Advisory
Changed	Reference Type	https://github.com/arkrwn/PoC/tree/main/CVE-2023-44487 No Types Assigned	https://github.com/arkrwn/PoC/tree/main/CVE-2023-44487 Issue Tracking, Vendor Advisory
Changed	Reference Type	https://github.com/Azure/AKS/issues/3947 No Types Assigned	https://github.com/Azure/AKS/issues/3947 Issue Tracking, Vendor Advisory
Changed	Reference Type	https://github.com/bcdannyboy/CVE-2023-44487 No Types Assigned	https://github.com/bcdannyboy/CVE-2023-44487 Vendor Advisory
Changed	Reference Type	https://github.com/caddyserver/caddy/issues/5877 No Types Assigned	https://github.com/caddyserver/caddy/issues/5877 Vendor Advisory
Changed	Reference Type	https://github.com/caddyserver/caddy/releases/tag/v2.7.5 No Types Assigned	https://github.com/caddyserver/caddy/releases/tag/v2.7.5 Issue Tracking, Vendor Advisory
Changed	Reference Type	https://github.com/dotnet/announcements/issues/277 No Types Assigned	https://github.com/dotnet/announcements/issues/277 Vendor Advisory
Changed	Reference Type	https://github.com/dotnet/core/blob/e4613450ea0da7fd2fc6b61dfb2c1c1dec1ce9ec/release-notes/6.0/6.0.23/6.0.23.md?plain=1#L73 No Types Assigned	https://github.com/dotnet/core/blob/e4613450ea0da7fd2fc6b61dfb2c1c1dec1ce9ec/release-notes/6.0/6.0.23/6.0.23.md?plain=1#L73 Vendor Advisory
Changed	Reference Type	https://github.com/eclipse/jetty.project/issues/10679 No Types Assigned	https://github.com/eclipse/jetty.project/issues/10679 Vendor Advisory
Changed	Reference Type	https://github.com/envoyproxy/envoy/pull/30055 No Types Assigned	https://github.com/envoyproxy/envoy/pull/30055 Vendor Advisory
Changed	Reference Type	https://github.com/etcd-io/etcd/issues/16740 No Types Assigned	https://github.com/etcd-io/etcd/issues/16740 Issue Tracking, Vendor Advisory
Changed	Reference Type	https://github.com/facebook/proxygen/pull/466 No Types Assigned	https://github.com/facebook/proxygen/pull/466 Vendor Advisory
Changed	Reference Type	https://github.com/golang/go/issues/63417 No Types Assigned	https://github.com/golang/go/issues/63417 Vendor Advisory
Changed	Reference Type	https://github.com/grpc/grpc-go/pull/6703 No Types Assigned	https://github.com/grpc/grpc-go/pull/6703 Vendor Advisory
Changed	Reference Type	https://github.com/h2o/h2o/pull/3291 No Types Assigned	https://github.com/h2o/h2o/pull/3291 Vendor Advisory
Changed	Reference Type	https://github.com/h2o/h2o/security/advisories/GHSA-2m7v-gc89-fjqf No Types Assigned	https://github.com/h2o/h2o/security/advisories/GHSA-2m7v-gc89-fjqf Vendor Advisory
Changed	Reference Type	https://github.com/haproxy/haproxy/issues/2312 No Types Assigned	https://github.com/haproxy/haproxy/issues/2312 Vendor Advisory
Changed	Reference Type	https://github.com/icing/mod_h2/blob/0a864782af0a942aa2ad4ed960a6b32cd35bcf0a/mod_http2/README.md?plain=1#L239-L244 No Types Assigned	https://github.com/icing/mod_h2/blob/0a864782af0a942aa2ad4ed960a6b32cd35bcf0a/mod_http2/README.md?plain=1#L239-L244 Vendor Advisory
Changed	Reference Type	https://github.com/junkurihara/rust-rpxy/issues/97 No Types Assigned	https://github.com/junkurihara/rust-rpxy/issues/97 Issue Tracking, Vendor Advisory
Changed	Reference Type	https://github.com/kazu-yamamoto/http2/commit/f61d41a502bd0f60eb24e1ce14edc7b6df6722a1 No Types Assigned	https://github.com/kazu-yamamoto/http2/commit/f61d41a502bd0f60eb24e1ce14edc7b6df6722a1 Patch
Changed	Reference Type	https://github.com/kazu-yamamoto/http2/issues/93 No Types Assigned	https://github.com/kazu-yamamoto/http2/issues/93 Vendor Advisory
Changed	Reference Type	https://github.com/Kong/kong/discussions/11741 No Types Assigned	https://github.com/Kong/kong/discussions/11741 Issue Tracking, Vendor Advisory
Changed	Reference Type	https://github.com/kubernetes/kubernetes/pull/121120 No Types Assigned	https://github.com/kubernetes/kubernetes/pull/121120 Vendor Advisory
Changed	Reference Type	https://github.com/line/armeria/pull/5232 No Types Assigned	https://github.com/line/armeria/pull/5232 Issue Tracking, Vendor Advisory
Changed	Reference Type	https://github.com/linkerd/website/pull/1695/commits/4b9c6836471bc8270ab48aae6fd2181bc73fd632 No Types Assigned	https://github.com/linkerd/website/pull/1695/commits/4b9c6836471bc8270ab48aae6fd2181bc73fd632 Vendor Advisory
Changed	Reference Type	https://github.com/micrictor/http2-rst-stream No Types Assigned	https://github.com/micrictor/http2-rst-stream Vendor Advisory
Changed	Reference Type	https://github.com/microsoft/CBL-Mariner/pull/6381 No Types Assigned	https://github.com/microsoft/CBL-Mariner/pull/6381 Vendor Advisory
Changed	Reference Type	https://github.com/netty/netty/commit/58f75f665aa81a8cbcf6ffa74820042a285c5e61 No Types Assigned	https://github.com/netty/netty/commit/58f75f665aa81a8cbcf6ffa74820042a285c5e61 Vendor Advisory
Changed	Reference Type	https://github.com/nghttp2/nghttp2/pull/1961 No Types Assigned	https://github.com/nghttp2/nghttp2/pull/1961 Vendor Advisory
Changed	Reference Type	https://github.com/nghttp2/nghttp2/releases/tag/v1.57.0 No Types Assigned	https://github.com/nghttp2/nghttp2/releases/tag/v1.57.0 Vendor Advisory
Changed	Reference Type	https://github.com/ninenines/cowboy/issues/1615 No Types Assigned	https://github.com/ninenines/cowboy/issues/1615 Issue Tracking, Vendor Advisory
Changed	Reference Type	https://github.com/nodejs/node/pull/50121 No Types Assigned	https://github.com/nodejs/node/pull/50121 Vendor Advisory
Changed	Reference Type	https://github.com/openresty/openresty/issues/930 No Types Assigned	https://github.com/openresty/openresty/issues/930 Issue Tracking, Vendor Advisory
Changed	Reference Type	https://github.com/opensearch-project/data-prepper/issues/3474 No Types Assigned	https://github.com/opensearch-project/data-prepper/issues/3474 Vendor Advisory
Changed	Reference Type	https://github.com/oqtane/oqtane.framework/discussions/3367 No Types Assigned	https://github.com/oqtane/oqtane.framework/discussions/3367 Vendor Advisory
Changed	Reference Type	https://github.com/projectcontour/contour/pull/5826 No Types Assigned	https://github.com/projectcontour/contour/pull/5826 Issue Tracking, Vendor Advisory
Changed	Reference Type	https://github.com/tempesta-tech/tempesta/issues/1986 No Types Assigned	https://github.com/tempesta-tech/tempesta/issues/1986 Issue Tracking, Vendor Advisory
Changed	Reference Type	https://github.com/varnishcache/varnish-cache/issues/3996 No Types Assigned	https://github.com/varnishcache/varnish-cache/issues/3996 Issue Tracking, Vendor Advisory
Changed	Reference Type	https://groups.google.com/g/golang-announce/c/iNNxDTCjZvo No Types Assigned	https://groups.google.com/g/golang-announce/c/iNNxDTCjZvo Vendor Advisory
Changed	Reference Type	https://istio.io/latest/news/security/istio-security-2023-004/ No Types Assigned	https://istio.io/latest/news/security/istio-security-2023-004/ Vendor Advisory
Changed	Reference Type	https://lists.apache.org/thread/5py8h42mxfsn8l1wy6o41xwhsjlsd87q No Types Assigned	https://lists.apache.org/thread/5py8h42mxfsn8l1wy6o41xwhsjlsd87q Vendor Advisory
Changed	Reference Type	https://lists.debian.org/debian-lts-announce/2023/10/msg00020.html No Types Assigned	https://lists.debian.org/debian-lts-announce/2023/10/msg00020.html Vendor Advisory
Changed	Reference Type	https://mailman.nginx.org/pipermail/nginx-devel/2023-October/S36Q5HBXR7CAIMPLLPRSSSYR4PCMWILK.html No Types Assigned	https://mailman.nginx.org/pipermail/nginx-devel/2023-October/S36Q5HBXR7CAIMPLLPRSSSYR4PCMWILK.html Mailing List
Changed	Reference Type	https://martinthomson.github.io/h2-stream-limits/draft-thomson-httpbis-h2-stream-limits.html No Types Assigned	https://martinthomson.github.io/h2-stream-limits/draft-thomson-httpbis-h2-stream-limits.html Vendor Advisory
Changed	Reference Type	https://msrc.microsoft.com/blog/2023/10/microsoft-response-to-distributed-denial-of-service-ddos-attacks-against-http/2/ No Types Assigned	https://msrc.microsoft.com/blog/2023/10/microsoft-response-to-distributed-denial-of-service-ddos-attacks-against-http/2/ Vendor Advisory
Changed	Reference Type	https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-44487 No Types Assigned	https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-44487 Patch, Vendor Advisory
Changed	Reference Type	https://my.f5.com/manage/s/article/K000137106 No Types Assigned	https://my.f5.com/manage/s/article/K000137106 Vendor Advisory
Changed	Reference Type	https://netty.io/news/2023/10/10/4-1-100-Final.html No Types Assigned	https://netty.io/news/2023/10/10/4-1-100-Final.html Vendor Advisory
Changed	Reference Type	https://news.ycombinator.com/item?id=37830987 No Types Assigned	https://news.ycombinator.com/item?id=37830987 Third Party Advisory
Changed	Reference Type	https://news.ycombinator.com/item?id=37830998 No Types Assigned	https://news.ycombinator.com/item?id=37830998 Press/Media Coverage
Changed	Reference Type	https://news.ycombinator.com/item?id=37831062 No Types Assigned	https://news.ycombinator.com/item?id=37831062 Third Party Advisory
Changed	Reference Type	https://news.ycombinator.com/item?id=37837043 No Types Assigned	https://news.ycombinator.com/item?id=37837043 Third Party Advisory
Changed	Reference Type	https://openssf.org/blog/2023/10/10/http-2-rapid-reset-vulnerability-highlights-need-for-rapid-response/ No Types Assigned	https://openssf.org/blog/2023/10/10/http-2-rapid-reset-vulnerability-highlights-need-for-rapid-response/ Third Party Advisory
Changed	Reference Type	https://seanmonstar.com/post/730794151136935936/hyper-http2-rapid-reset-unaffected No Types Assigned	https://seanmonstar.com/post/730794151136935936/hyper-http2-rapid-reset-unaffected Third Party Advisory
Changed	Reference Type	https://security.paloaltonetworks.com/CVE-2023-44487 No Types Assigned	https://security.paloaltonetworks.com/CVE-2023-44487 Vendor Advisory
Changed	Reference Type	https://tomcat.apache.org/security-10.html#Fixed_in_Apache_Tomcat_10.1.14 No Types Assigned	https://tomcat.apache.org/security-10.html#Fixed_in_Apache_Tomcat_10.1.14 Vendor Advisory
Changed	Reference Type	https://ubuntu.com/security/CVE-2023-44487 No Types Assigned	https://ubuntu.com/security/CVE-2023-44487 Vendor Advisory
Changed	Reference Type	https://www.bleepingcomputer.com/news/security/new-http-2-rapid-reset-zero-day-attack-breaks-ddos-records/ No Types Assigned	https://www.bleepingcomputer.com/news/security/new-http-2-rapid-reset-zero-day-attack-breaks-ddos-records/ Third Party Advisory
Changed	Reference Type	https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487 No Types Assigned	https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487 Third Party Advisory, US Government Resource
Changed	Reference Type	https://www.darkreading.com/cloud/internet-wide-zero-day-bug-fuels-largest-ever-ddos-event No Types Assigned	https://www.darkreading.com/cloud/internet-wide-zero-day-bug-fuels-largest-ever-ddos-event Press/Media Coverage
Changed	Reference Type	https://www.debian.org/security/2023/dsa-5521 No Types Assigned	https://www.debian.org/security/2023/dsa-5521 Vendor Advisory
Changed	Reference Type	https://www.debian.org/security/2023/dsa-5522 No Types Assigned	https://www.debian.org/security/2023/dsa-5522 Vendor Advisory
Changed	Reference Type	https://www.haproxy.com/blog/haproxy-is-not-affected-by-the-http-2-rapid-reset-attack-cve-2023-44487 No Types Assigned	https://www.haproxy.com/blog/haproxy-is-not-affected-by-the-http-2-rapid-reset-attack-cve-2023-44487 Vendor Advisory
Changed	Reference Type	https://www.netlify.com/blog/netlify-successfully-mitigates-cve-2023-44487/ No Types Assigned	https://www.netlify.com/blog/netlify-successfully-mitigates-cve-2023-44487/ Vendor Advisory
Changed	Reference Type	https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/ No Types Assigned	https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/ Vendor Advisory
Changed	Reference Type	https://www.openwall.com/lists/oss-security/2023/10/10/6 No Types Assigned	https://www.openwall.com/lists/oss-security/2023/10/10/6 Mailing List, Third Party Advisory
Changed	Reference Type	https://www.phoronix.com/news/HTTP2-Rapid-Reset-Attack No Types Assigned	https://www.phoronix.com/news/HTTP2-Rapid-Reset-Attack Press/Media Coverage
Changed	Reference Type	https://www.theregister.com/2023/10/10/http2_rapid_reset_zeroday/ No Types Assigned	https://www.theregister.com/2023/10/10/http2_rapid_reset_zeroday/ Press/Media Coverage
Added	CWE		NIST CWE-400
Added	CPE Configuration		OR cpe:2.3:a:ietf:http:2.0:::::::

Action	Type	New Value
Added	Reference	https://blog.vespa.ai/cve-2023-44487/ [No Types Assigned]
Added	Reference	https://github.com/tempesta-tech/tempesta/issues/1986 [No Types Assigned]
Added	Reference	https://ubuntu.com/security/CVE-2023-44487 [No Types Assigned]
Added	Reference	https://access.redhat.com/security/cve/cve-2023-44487 [No Types Assigned]
Added	Reference	https://github.com/junkurihara/rust-rpxy/issues/97 [No Types Assigned]
Added	Reference	https://istio.io/latest/news/security/istio-security-2023-004/ [No Types Assigned]
Added	Reference	https://bugzilla.redhat.com/show_bug.cgi?id=2242803 [No Types Assigned]
Added	Reference	https://github.com/etcd-io/etcd/issues/16740 [No Types Assigned]
Added	Reference	https://community.traefik.io/t/is-traefik-vulnerable-to-cve-2023-44487/20125 [No Types Assigned]
Added	Reference	https://www.darkreading.com/cloud/internet-wide-zero-day-bug-fuels-largest-ever-ddos-event [No Types Assigned]
Added	Reference	https://github.com/advisories/GHSA-qppj-fm5r-hxr3 [No Types Assigned]
Added	Reference	https://bugzilla.suse.com/show_bug.cgi?id=1216123 [No Types Assigned]
Added	Reference	https://github.com/ninenines/cowboy/issues/1615 [No Types Assigned]
Added	Reference	https://github.com/varnishcache/varnish-cache/issues/3996 [No Types Assigned]

Action	Type	Old Value	New Value
Removed	Reference	https://github.com/hyperium/hyper/issues/3337 [No Types Assigned]
Added	Reference		https://lists.apache.org/thread/5py8h42mxfsn8l1wy6o41xwhsjlsd87q [No Types Assigned]
Added	Reference		https://www.openwall.com/lists/oss-security/2023/10/10/6 [No Types Assigned]
Added	Reference		https://tomcat.apache.org/security-10.html#Fixed_in_Apache_Tomcat_10.1.14 [No Types Assigned]
Added	Reference		https://seanmonstar.com/post/730794151136935936/hyper-http2-rapid-reset-unaffected [No Types Assigned]

Action	Type	Old Value	New Value
Removed	Reference	https://chaos.social/@icing/111210915918780532 [No Types Assigned]
Added	Reference		https://github.com/grpc/grpc-go/pull/6703 [No Types Assigned]
Added	Reference		https://github.com/icing/mod_h2/blob/0a864782af0a942aa2ad4ed960a6b32cd35bcf0a/mod_http2/README.md?plain=1#L239-L244 [No Types Assigned]

CVE-2023-44487

HTTP/2 Rapid Reset Attack Vulnerability - [Actively Exploited]

Description

INFO

Oct. 10, 2023, 2:15 p.m.

Aug. 14, 2024, 7:57 p.m.

Yes !

3.6

3.9

CISA KEV (Known Exploited Vulnerabilities)

Public PoC/Exploit Available at Github

Affected Products

References to Advisories, Solutions, and Tools

Modified Analysis by [email protected]

CVE Modified by 134c704f-9b21-4f2e-91b3-4a467353bcc0

Modified Analysis by [email protected]

CVE Modified by [email protected]

CVE Modified by [email protected]

CVE Modified by [email protected]

Reanalysis by [email protected]

Modified Analysis by [email protected]

CVE Modified by [email protected]

Modified Analysis by [email protected]

CVE Modified by [email protected]

CVE Modified by [email protected]

CVE Modified by [email protected]

CVE Modified by [email protected]

CVE Modified by [email protected]

CVE Modified by [email protected]

CVE Modified by [email protected]

CVE Modified by [email protected]

CVE Modified by [email protected]

CVE Modified by [email protected]

CVE Modified by [email protected]

CVE Modified by [email protected]

CVE Modified by [email protected]

CVE Modified by [email protected]

CVE Modified by [email protected]

CVE Modified by [email protected]

CVE Modified by [email protected]

CVE Modified by [email protected]

CVE Modified by [email protected]

Reanalysis by [email protected]

Modified Analysis by [email protected]

CVE Modified by [email protected]

CVE Modified by [email protected]

CVE Modified by [email protected]

CVE Modified by [email protected]

CVE Modified by [email protected]

Reanalysis by [email protected]

Modified Analysis by [email protected]

CVE Modified by [email protected]

CVE Modified by [email protected]

CVE Modified by [email protected]

CVE Modified by [email protected]

CVE Modified by [email protected]

CVE Modified by [email protected]

CVE Modified by [email protected]

Initial Analysis by [email protected]

CVE Modified by [email protected]

CVE Modified by [email protected]

CVE Modified by [email protected]

CVE Modified by [email protected]

CVE Modified by [email protected]

CVE Modified by [email protected]

CVE Modified by [email protected]

CVE Modified by [email protected]

CVE Modified by [email protected]

CVE Modified by [email protected]

CVE Modified by [email protected]

CVE Modified by [email protected]

CVE Modified by [email protected]

CVE Modified by [email protected]

CVE Modified by [email protected]

CVE Modified by [email protected]

CVE Modified by [email protected]

CVE Modified by [email protected]

CWE - Common Weakness Enumeration

Common Attack Pattern Enumeration and Classification (CAPEC)

Exploit Prediction