CVE-2023-44487
HTTP/2 Rapid Reset Attack Vulnerability - [Actively Exploited]
Description
The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.
INFO
Published Date :
Oct. 10, 2023, 2:15 p.m.
Last Modified :
Dec. 20, 2024, 5:40 p.m.
Source :
[email protected]
Remotely Exploitable :
Yes !
Impact Score :
3.6
Exploitability Score :
3.9
CISA KEV (Known Exploited Vulnerabilities)
For the benefit of the cybersecurity community and network defenders—and to help every organization better manage vulnerabilities and keep pace with threat activity—CISA maintains the authoritative source of vulnerabilities that have been exploited in the wild.
HTTP/2 contains a rapid reset vulnerability that allows for a distributed denial-of-service attack (DDoS).
Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
This vulnerability affects a common open-source component, third-party library, or a protocol used by different products. Please check with specific vendors for information on patching status. For more information, please see: https://blog.cloudflare.com/technical-breakdown-http2-rapid-reset-ddos-attack/ ; https://nvd.nist.gov/vuln/detail/CVE-2023-44487
Public PoC/Exploit Available at Github
CVE-2023-44487 has a 61 public PoC/Exploit
available at Github.
Go to the Public Exploits
tab to see the list.
Affected Products
The following products are affected by CVE-2023-44487
vulnerability.
Even if cvefeed.io
is aware of the exact versions of the
products
that
are
affected, the information is not represented in the table below.
References to Advisories, Solutions, and Tools
Here, you will find a curated list of external links that provide in-depth
information, practical solutions, and valuable tools related to
CVE-2023-44487
.
We scan GitHub repositories to detect new proof-of-concept exploits. Following list is a collection of public exploits and proof-of-concepts, which have been published on GitHub (sorted by the most recently updated).
H2-Rapid Reset Client for stress testing.
JavaScript
None
Python
None
Задание по DevSecOps второе задание
Indra is a powerful, versatile, and user-friendly Python-based network scanning and vulnerability assessment tool.
Python
Learn about 'How to check and prevent Docker's security vulnerability'
Dockerfile Java
None
Makefile Dockerfile Go
None
Shell
практика
Some information about the process of CVE recurrence
None
None
Python JavaScript
None
Dockerfile Go
None
Latest CVEs with their Proof of Concept exploits.
Python
Results are limited to the first 15 repositories due to potential performance issues.
The following list is the news that have been mention
CVE-2023-44487
vulnerability anywhere in the article.
- security.nl
VS publiceert overzicht van meest misbruikte kwetsbaarheden in 2023
De Amerikaanse autoriteiten hebben samen met cyberagentschappen uit Australië, Canada, Nieuw-Zeeland en het Verenigd Koninkrijk een overzicht van de meest misbruikte kwetsbaarheden in 2023 opgesteld. ... Read more
The following table lists the changes that have been made to the
CVE-2023-44487
vulnerability over time.
Vulnerability history details can be useful for understanding the evolution of a vulnerability, and for identifying the most recent changes that may impact the vulnerability's severity, exploitability, or other characteristics.
-
Modified Analysis by [email protected]
Dec. 20, 2024
Action Type Old Value New Value Changed Reference Type https://gist.github.com/adulau/7c2bfb8e9cdbe4b35a5e131c66a0c088 Third Party Advisory https://gist.github.com/adulau/7c2bfb8e9cdbe4b35a5e131c66a0c088 Patch Changed Reference Type https://gist.github.com/adulau/7c2bfb8e9cdbe4b35a5e131c66a0c088 Third Party Advisory https://gist.github.com/adulau/7c2bfb8e9cdbe4b35a5e131c66a0c088 Patch Changed Reference Type https://github.com/advisories/GHSA-vx74-f528-fxqg Mitigation, Patch, Vendor Advisory https://github.com/advisories/GHSA-vx74-f528-fxqg Mitigation, Patch Changed Reference Type https://github.com/advisories/GHSA-vx74-f528-fxqg Mitigation, Patch, Vendor Advisory https://github.com/advisories/GHSA-vx74-f528-fxqg Mitigation, Patch Changed Reference Type https://github.com/akka/akka-http/issues/4323 Issue Tracking, Vendor Advisory https://github.com/akka/akka-http/issues/4323 Issue Tracking Changed Reference Type https://github.com/akka/akka-http/issues/4323 Issue Tracking, Vendor Advisory https://github.com/akka/akka-http/issues/4323 Issue Tracking Changed Reference Type https://github.com/alibaba/tengine/issues/1872 Issue Tracking, Vendor Advisory https://github.com/alibaba/tengine/issues/1872 Issue Tracking Changed Reference Type https://github.com/alibaba/tengine/issues/1872 Issue Tracking, Vendor Advisory https://github.com/alibaba/tengine/issues/1872 Issue Tracking Changed Reference Type https://github.com/apache/apisix/issues/10320 Issue Tracking, Vendor Advisory https://github.com/apache/apisix/issues/10320 Issue Tracking Changed Reference Type https://github.com/apache/apisix/issues/10320 Issue Tracking, Vendor Advisory https://github.com/apache/apisix/issues/10320 Issue Tracking Changed Reference Type https://github.com/apache/httpd-site/pull/10 Issue Tracking, Vendor Advisory https://github.com/apache/httpd-site/pull/10 Issue Tracking Changed Reference Type https://github.com/apache/httpd-site/pull/10 Issue Tracking, Vendor Advisory https://github.com/apache/httpd-site/pull/10 Issue Tracking Changed Reference Type https://github.com/apache/httpd/blob/afcdbeebbff4b0c50ea26cdd16e178c0d1f24152/modules/http2/h2_mplx.c#L1101-L1113 Product, Third Party Advisory https://github.com/apache/httpd/blob/afcdbeebbff4b0c50ea26cdd16e178c0d1f24152/modules/http2/h2_mplx.c#L1101-L1113 Product Changed Reference Type https://github.com/apache/httpd/blob/afcdbeebbff4b0c50ea26cdd16e178c0d1f24152/modules/http2/h2_mplx.c#L1101-L1113 Product, Third Party Advisory https://github.com/apache/httpd/blob/afcdbeebbff4b0c50ea26cdd16e178c0d1f24152/modules/http2/h2_mplx.c#L1101-L1113 Product Changed Reference Type https://github.com/apache/tomcat/tree/main/java/org/apache/coyote/http2 Product, Third Party Advisory https://github.com/apache/tomcat/tree/main/java/org/apache/coyote/http2 Product Changed Reference Type https://github.com/apache/tomcat/tree/main/java/org/apache/coyote/http2 Product, Third Party Advisory https://github.com/apache/tomcat/tree/main/java/org/apache/coyote/http2 Product Changed Reference Type https://github.com/apache/trafficserver/pull/10564 Patch, Vendor Advisory https://github.com/apache/trafficserver/pull/10564 Issue Tracking, Patch Changed Reference Type https://github.com/apache/trafficserver/pull/10564 Patch, Vendor Advisory https://github.com/apache/trafficserver/pull/10564 Issue Tracking, Patch Changed Reference Type https://github.com/Azure/AKS/issues/3947 Issue Tracking, Vendor Advisory https://github.com/Azure/AKS/issues/3947 Issue Tracking Changed Reference Type https://github.com/Azure/AKS/issues/3947 Issue Tracking, Vendor Advisory https://github.com/Azure/AKS/issues/3947 Issue Tracking Changed Reference Type https://github.com/dotnet/core/blob/e4613450ea0da7fd2fc6b61dfb2c1c1dec1ce9ec/release-notes/6.0/6.0.23/6.0.23.md?plain=1#L73 Product, Release Notes, Vendor Advisory https://github.com/dotnet/core/blob/e4613450ea0da7fd2fc6b61dfb2c1c1dec1ce9ec/release-notes/6.0/6.0.23/6.0.23.md?plain=1#L73 Release Notes Changed Reference Type https://github.com/dotnet/core/blob/e4613450ea0da7fd2fc6b61dfb2c1c1dec1ce9ec/release-notes/6.0/6.0.23/6.0.23.md?plain=1#L73 Product, Release Notes, Vendor Advisory https://github.com/dotnet/core/blob/e4613450ea0da7fd2fc6b61dfb2c1c1dec1ce9ec/release-notes/6.0/6.0.23/6.0.23.md?plain=1#L73 Release Notes Changed Reference Type https://github.com/eclipse/jetty.project/issues/10679 Issue Tracking, Vendor Advisory https://github.com/eclipse/jetty.project/issues/10679 Issue Tracking Changed Reference Type https://github.com/eclipse/jetty.project/issues/10679 Issue Tracking, Vendor Advisory https://github.com/eclipse/jetty.project/issues/10679 Issue Tracking Changed Reference Type https://github.com/envoyproxy/envoy/pull/30055 Patch, Vendor Advisory https://github.com/envoyproxy/envoy/pull/30055 Issue Tracking, Patch Changed Reference Type https://github.com/envoyproxy/envoy/pull/30055 Patch, Vendor Advisory https://github.com/envoyproxy/envoy/pull/30055 Issue Tracking, Patch Changed Reference Type https://github.com/etcd-io/etcd/issues/16740 Issue Tracking, Patch, Vendor Advisory https://github.com/etcd-io/etcd/issues/16740 Issue Tracking, Patch Changed Reference Type https://github.com/etcd-io/etcd/issues/16740 Issue Tracking, Patch, Vendor Advisory https://github.com/etcd-io/etcd/issues/16740 Issue Tracking, Patch Changed Reference Type https://github.com/facebook/proxygen/pull/466 Patch, Vendor Advisory https://github.com/facebook/proxygen/pull/466 Issue Tracking, Patch Changed Reference Type https://github.com/facebook/proxygen/pull/466 Patch, Vendor Advisory https://github.com/facebook/proxygen/pull/466 Issue Tracking, Patch Changed Reference Type https://github.com/golang/go/issues/63417 Issue Tracking, Vendor Advisory https://github.com/golang/go/issues/63417 Issue Tracking Changed Reference Type https://github.com/golang/go/issues/63417 Issue Tracking, Vendor Advisory https://github.com/golang/go/issues/63417 Issue Tracking Changed Reference Type https://github.com/grpc/grpc-go/pull/6703 Patch, Vendor Advisory https://github.com/grpc/grpc-go/pull/6703 Issue Tracking, Patch Changed Reference Type https://github.com/grpc/grpc-go/pull/6703 Patch, Vendor Advisory https://github.com/grpc/grpc-go/pull/6703 Issue Tracking, Patch Changed Reference Type https://github.com/h2o/h2o/pull/3291 Patch, Third Party Advisory https://github.com/h2o/h2o/pull/3291 Issue Tracking, Patch Changed Reference Type https://github.com/h2o/h2o/pull/3291 Patch, Third Party Advisory https://github.com/h2o/h2o/pull/3291 Issue Tracking, Patch Changed Reference Type https://github.com/haproxy/haproxy/issues/2312 Issue Tracking, Vendor Advisory https://github.com/haproxy/haproxy/issues/2312 Issue Tracking Changed Reference Type https://github.com/haproxy/haproxy/issues/2312 Issue Tracking, Vendor Advisory https://github.com/haproxy/haproxy/issues/2312 Issue Tracking Changed Reference Type https://github.com/icing/mod_h2/blob/0a864782af0a942aa2ad4ed960a6b32cd35bcf0a/mod_http2/README.md?plain=1#L239-L244 Product, Vendor Advisory https://github.com/icing/mod_h2/blob/0a864782af0a942aa2ad4ed960a6b32cd35bcf0a/mod_http2/README.md?plain=1#L239-L244 Product Changed Reference Type https://github.com/icing/mod_h2/blob/0a864782af0a942aa2ad4ed960a6b32cd35bcf0a/mod_http2/README.md?plain=1#L239-L244 Product, Vendor Advisory https://github.com/icing/mod_h2/blob/0a864782af0a942aa2ad4ed960a6b32cd35bcf0a/mod_http2/README.md?plain=1#L239-L244 Product Changed Reference Type https://github.com/junkurihara/rust-rpxy/issues/97 Issue Tracking, Vendor Advisory https://github.com/junkurihara/rust-rpxy/issues/97 Issue Tracking Changed Reference Type https://github.com/junkurihara/rust-rpxy/issues/97 Issue Tracking, Vendor Advisory https://github.com/junkurihara/rust-rpxy/issues/97 Issue Tracking Changed Reference Type https://github.com/kazu-yamamoto/http2/commit/f61d41a502bd0f60eb24e1ce14edc7b6df6722a1 Patch, Third Party Advisory https://github.com/kazu-yamamoto/http2/commit/f61d41a502bd0f60eb24e1ce14edc7b6df6722a1 Patch Changed Reference Type https://github.com/kazu-yamamoto/http2/commit/f61d41a502bd0f60eb24e1ce14edc7b6df6722a1 Patch, Third Party Advisory https://github.com/kazu-yamamoto/http2/commit/f61d41a502bd0f60eb24e1ce14edc7b6df6722a1 Patch Changed Reference Type https://github.com/kazu-yamamoto/http2/issues/93 Issue Tracking, Third Party Advisory https://github.com/kazu-yamamoto/http2/issues/93 Issue Tracking Changed Reference Type https://github.com/kazu-yamamoto/http2/issues/93 Issue Tracking, Third Party Advisory https://github.com/kazu-yamamoto/http2/issues/93 Issue Tracking Changed Reference Type https://github.com/Kong/kong/discussions/11741 Issue Tracking, Vendor Advisory https://github.com/Kong/kong/discussions/11741 Issue Tracking Changed Reference Type https://github.com/Kong/kong/discussions/11741 Issue Tracking, Vendor Advisory https://github.com/Kong/kong/discussions/11741 Issue Tracking Changed Reference Type https://github.com/kubernetes/kubernetes/pull/121120 Patch, Vendor Advisory https://github.com/kubernetes/kubernetes/pull/121120 Issue Tracking, Patch Changed Reference Type https://github.com/kubernetes/kubernetes/pull/121120 Patch, Vendor Advisory https://github.com/kubernetes/kubernetes/pull/121120 Issue Tracking, Patch Changed Reference Type https://github.com/line/armeria/pull/5232 Issue Tracking, Patch, Vendor Advisory https://github.com/line/armeria/pull/5232 Issue Tracking, Patch Changed Reference Type https://github.com/line/armeria/pull/5232 Issue Tracking, Patch, Vendor Advisory https://github.com/line/armeria/pull/5232 Issue Tracking, Patch Changed Reference Type https://github.com/linkerd/website/pull/1695/commits/4b9c6836471bc8270ab48aae6fd2181bc73fd632 Vendor Advisory https://github.com/linkerd/website/pull/1695/commits/4b9c6836471bc8270ab48aae6fd2181bc73fd632 Patch Changed Reference Type https://github.com/linkerd/website/pull/1695/commits/4b9c6836471bc8270ab48aae6fd2181bc73fd632 Vendor Advisory https://github.com/linkerd/website/pull/1695/commits/4b9c6836471bc8270ab48aae6fd2181bc73fd632 Patch Changed Reference Type https://github.com/microsoft/CBL-Mariner/pull/6381 Patch, Vendor Advisory https://github.com/microsoft/CBL-Mariner/pull/6381 Issue Tracking, Patch Changed Reference Type https://github.com/microsoft/CBL-Mariner/pull/6381 Patch, Vendor Advisory https://github.com/microsoft/CBL-Mariner/pull/6381 Issue Tracking, Patch Changed Reference Type https://github.com/netty/netty/commit/58f75f665aa81a8cbcf6ffa74820042a285c5e61 Patch, Vendor Advisory https://github.com/netty/netty/commit/58f75f665aa81a8cbcf6ffa74820042a285c5e61 Patch Changed Reference Type https://github.com/netty/netty/commit/58f75f665aa81a8cbcf6ffa74820042a285c5e61 Patch, Vendor Advisory https://github.com/netty/netty/commit/58f75f665aa81a8cbcf6ffa74820042a285c5e61 Patch Changed Reference Type https://github.com/nghttp2/nghttp2/pull/1961 Patch, Vendor Advisory https://github.com/nghttp2/nghttp2/pull/1961 Issue Tracking, Patch Changed Reference Type https://github.com/nghttp2/nghttp2/pull/1961 Patch, Vendor Advisory https://github.com/nghttp2/nghttp2/pull/1961 Issue Tracking, Patch Changed Reference Type https://github.com/nghttp2/nghttp2/releases/tag/v1.57.0 Release Notes, Third Party Advisory https://github.com/nghttp2/nghttp2/releases/tag/v1.57.0 Release Notes Changed Reference Type https://github.com/nghttp2/nghttp2/releases/tag/v1.57.0 Release Notes, Third Party Advisory https://github.com/nghttp2/nghttp2/releases/tag/v1.57.0 Release Notes Changed Reference Type https://github.com/ninenines/cowboy/issues/1615 Issue Tracking, Vendor Advisory https://github.com/ninenines/cowboy/issues/1615 Issue Tracking Changed Reference Type https://github.com/ninenines/cowboy/issues/1615 Issue Tracking, Vendor Advisory https://github.com/ninenines/cowboy/issues/1615 Issue Tracking Changed Reference Type https://github.com/nodejs/node/pull/50121 Vendor Advisory https://github.com/nodejs/node/pull/50121 Issue Tracking Changed Reference Type https://github.com/nodejs/node/pull/50121 Vendor Advisory https://github.com/nodejs/node/pull/50121 Issue Tracking Changed Reference Type https://github.com/openresty/openresty/issues/930 Issue Tracking, Vendor Advisory https://github.com/openresty/openresty/issues/930 Issue Tracking Changed Reference Type https://github.com/openresty/openresty/issues/930 Issue Tracking, Vendor Advisory https://github.com/openresty/openresty/issues/930 Issue Tracking Changed Reference Type https://github.com/opensearch-project/data-prepper/issues/3474 Issue Tracking, Patch, Vendor Advisory https://github.com/opensearch-project/data-prepper/issues/3474 Issue Tracking, Patch Changed Reference Type https://github.com/opensearch-project/data-prepper/issues/3474 Issue Tracking, Patch, Vendor Advisory https://github.com/opensearch-project/data-prepper/issues/3474 Issue Tracking, Patch Changed Reference Type https://github.com/oqtane/oqtane.framework/discussions/3367 Issue Tracking, Vendor Advisory https://github.com/oqtane/oqtane.framework/discussions/3367 Issue Tracking Changed Reference Type https://github.com/oqtane/oqtane.framework/discussions/3367 Issue Tracking, Vendor Advisory https://github.com/oqtane/oqtane.framework/discussions/3367 Issue Tracking Changed Reference Type https://github.com/projectcontour/contour/pull/5826 Issue Tracking, Patch, Vendor Advisory https://github.com/projectcontour/contour/pull/5826 Issue Tracking, Patch Changed Reference Type https://github.com/projectcontour/contour/pull/5826 Issue Tracking, Patch, Vendor Advisory https://github.com/projectcontour/contour/pull/5826 Issue Tracking, Patch Changed Reference Type https://github.com/tempesta-tech/tempesta/issues/1986 Issue Tracking, Vendor Advisory https://github.com/tempesta-tech/tempesta/issues/1986 Issue Tracking Changed Reference Type https://github.com/tempesta-tech/tempesta/issues/1986 Issue Tracking, Vendor Advisory https://github.com/tempesta-tech/tempesta/issues/1986 Issue Tracking Changed Reference Type https://github.com/varnishcache/varnish-cache/issues/3996 Issue Tracking, Vendor Advisory https://github.com/varnishcache/varnish-cache/issues/3996 Issue Tracking Changed Reference Type https://github.com/varnishcache/varnish-cache/issues/3996 Issue Tracking, Vendor Advisory https://github.com/varnishcache/varnish-cache/issues/3996 Issue Tracking Changed Reference Type https://lists.apache.org/thread/5py8h42mxfsn8l1wy6o41xwhsjlsd87q Mailing List, Vendor Advisory https://lists.apache.org/thread/5py8h42mxfsn8l1wy6o41xwhsjlsd87q Mailing List Changed Reference Type https://lists.apache.org/thread/5py8h42mxfsn8l1wy6o41xwhsjlsd87q Mailing List, Vendor Advisory https://lists.apache.org/thread/5py8h42mxfsn8l1wy6o41xwhsjlsd87q Mailing List Changed Reference Type https://lists.debian.org/debian-lts-announce/2023/10/msg00020.html Mailing List, Third Party Advisory https://lists.debian.org/debian-lts-announce/2023/10/msg00020.html Mailing List Changed Reference Type https://lists.debian.org/debian-lts-announce/2023/10/msg00020.html Mailing List, Third Party Advisory https://lists.debian.org/debian-lts-announce/2023/10/msg00020.html Mailing List Changed Reference Type https://lists.debian.org/debian-lts-announce/2023/10/msg00023.html Mailing List, Third Party Advisory https://lists.debian.org/debian-lts-announce/2023/10/msg00023.html Mailing List Changed Reference Type https://lists.debian.org/debian-lts-announce/2023/10/msg00023.html Mailing List, Third Party Advisory https://lists.debian.org/debian-lts-announce/2023/10/msg00023.html Mailing List Changed Reference Type https://lists.debian.org/debian-lts-announce/2023/10/msg00024.html Mailing List, Third Party Advisory https://lists.debian.org/debian-lts-announce/2023/10/msg00024.html Mailing List Changed Reference Type https://lists.debian.org/debian-lts-announce/2023/10/msg00024.html Mailing List, Third Party Advisory https://lists.debian.org/debian-lts-announce/2023/10/msg00024.html Mailing List Changed Reference Type https://lists.debian.org/debian-lts-announce/2023/10/msg00045.html Third Party Advisory https://lists.debian.org/debian-lts-announce/2023/10/msg00045.html Mailing List Changed Reference Type https://lists.debian.org/debian-lts-announce/2023/10/msg00045.html Third Party Advisory https://lists.debian.org/debian-lts-announce/2023/10/msg00045.html Mailing List Changed Reference Type https://lists.debian.org/debian-lts-announce/2023/10/msg00047.html Third Party Advisory https://lists.debian.org/debian-lts-announce/2023/10/msg00047.html Mailing List Changed Reference Type https://lists.debian.org/debian-lts-announce/2023/10/msg00047.html Third Party Advisory https://lists.debian.org/debian-lts-announce/2023/10/msg00047.html Mailing List Changed Reference Type https://lists.debian.org/debian-lts-announce/2023/11/msg00001.html Mailing List, Third Party Advisory https://lists.debian.org/debian-lts-announce/2023/11/msg00001.html Mailing List Changed Reference Type https://lists.debian.org/debian-lts-announce/2023/11/msg00001.html Mailing List, Third Party Advisory https://lists.debian.org/debian-lts-announce/2023/11/msg00001.html Mailing List Changed Reference Type https://lists.debian.org/debian-lts-announce/2023/11/msg00012.html Mailing List, Third Party Advisory https://lists.debian.org/debian-lts-announce/2023/11/msg00012.html Mailing List Changed Reference Type https://lists.debian.org/debian-lts-announce/2023/11/msg00012.html Mailing List, Third Party Advisory https://lists.debian.org/debian-lts-announce/2023/11/msg00012.html Mailing List Changed Reference Type https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2MBEPPC36UBVOZZNAXFHKLFGSLCMN5LI/ Mailing List, Third Party Advisory https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2MBEPPC36UBVOZZNAXFHKLFGSLCMN5LI/ Mailing List Changed Reference Type https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2MBEPPC36UBVOZZNAXFHKLFGSLCMN5LI/ Mailing List, Third Party Advisory https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2MBEPPC36UBVOZZNAXFHKLFGSLCMN5LI/ Mailing List Changed Reference Type https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3N4NJ7FR4X4FPZUGNTQAPSTVB2HB2Y4A/ Mailing List, Third Party Advisory https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3N4NJ7FR4X4FPZUGNTQAPSTVB2HB2Y4A/ Mailing List Changed Reference Type https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3N4NJ7FR4X4FPZUGNTQAPSTVB2HB2Y4A/ Mailing List, Third Party Advisory https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3N4NJ7FR4X4FPZUGNTQAPSTVB2HB2Y4A/ Mailing List Changed Reference Type https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BFQD3KUEMFBHPAPBGLWQC34L4OWL5HAZ/ Mailing List, Third Party Advisory https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BFQD3KUEMFBHPAPBGLWQC34L4OWL5HAZ/ Mailing List Changed Reference Type https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BFQD3KUEMFBHPAPBGLWQC34L4OWL5HAZ/ Mailing List, Third Party Advisory https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BFQD3KUEMFBHPAPBGLWQC34L4OWL5HAZ/ Mailing List Changed Reference Type https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CLB4TW7KALB3EEQWNWCN7OUIWWVWWCG2/ Mailing List, Third Party Advisory https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CLB4TW7KALB3EEQWNWCN7OUIWWVWWCG2/ Mailing List Changed Reference Type https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CLB4TW7KALB3EEQWNWCN7OUIWWVWWCG2/ Mailing List, Third Party Advisory https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CLB4TW7KALB3EEQWNWCN7OUIWWVWWCG2/ Mailing List Changed Reference Type https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/E72T67UPDRXHIDLO3OROR25YAMN4GGW5/ Mailing List, Third Party Advisory https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/E72T67UPDRXHIDLO3OROR25YAMN4GGW5/ Mailing List Changed Reference Type https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/E72T67UPDRXHIDLO3OROR25YAMN4GGW5/ Mailing List, Third Party Advisory https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/E72T67UPDRXHIDLO3OROR25YAMN4GGW5/ Mailing List Changed Reference Type https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FNA62Q767CFAFHBCDKYNPBMZWB7TWYVU/ Mailing List, Third Party Advisory https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FNA62Q767CFAFHBCDKYNPBMZWB7TWYVU/ Mailing List Changed Reference Type https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FNA62Q767CFAFHBCDKYNPBMZWB7TWYVU/ Mailing List, Third Party Advisory https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FNA62Q767CFAFHBCDKYNPBMZWB7TWYVU/ Mailing List Changed Reference Type https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HT7T2R4MQKLIF4ODV4BDLPARWFPCJ5CZ/ Mailing List, Third Party Advisory https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HT7T2R4MQKLIF4ODV4BDLPARWFPCJ5CZ/ Mailing List Changed Reference Type https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HT7T2R4MQKLIF4ODV4BDLPARWFPCJ5CZ/ Mailing List, Third Party Advisory https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HT7T2R4MQKLIF4ODV4BDLPARWFPCJ5CZ/ Mailing List Changed Reference Type https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JIZSEFC3YKCGABA2BZW6ZJRMDZJMB7PJ/ Mailing List, Third Party Advisory https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JIZSEFC3YKCGABA2BZW6ZJRMDZJMB7PJ/ Mailing List Changed Reference Type https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JIZSEFC3YKCGABA2BZW6ZJRMDZJMB7PJ/ Mailing List, Third Party Advisory https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JIZSEFC3YKCGABA2BZW6ZJRMDZJMB7PJ/ Mailing List Changed Reference Type https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JMEXY22BFG5Q64HQCM5CK2Q7KDKVV4TY/ Mailing List, Third Party Advisory https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JMEXY22BFG5Q64HQCM5CK2Q7KDKVV4TY/ Mailing List Changed Reference Type https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JMEXY22BFG5Q64HQCM5CK2Q7KDKVV4TY/ Mailing List, Third Party Advisory https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JMEXY22BFG5Q64HQCM5CK2Q7KDKVV4TY/ Mailing List Changed Reference Type https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KSEGD2IWKNUO3DWY4KQGUQM5BISRWHQE/ Mailing List, Third Party Advisory https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KSEGD2IWKNUO3DWY4KQGUQM5BISRWHQE/ Mailing List Changed Reference Type https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KSEGD2IWKNUO3DWY4KQGUQM5BISRWHQE/ Mailing List, Third Party Advisory https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KSEGD2IWKNUO3DWY4KQGUQM5BISRWHQE/ Mailing List Changed Reference Type https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LKYHSZQFDNR7RSA7LHVLLIAQMVYCUGBG/ Mailing List, Third Party Advisory https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LKYHSZQFDNR7RSA7LHVLLIAQMVYCUGBG/ Mailing List Changed Reference Type https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LKYHSZQFDNR7RSA7LHVLLIAQMVYCUGBG/ Mailing List, Third Party Advisory https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LKYHSZQFDNR7RSA7LHVLLIAQMVYCUGBG/ Mailing List Changed Reference Type https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LNMZJCDHGLJJLXO4OXWJMTVQRNWOC7UL/ Mailing List, Third Party Advisory https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LNMZJCDHGLJJLXO4OXWJMTVQRNWOC7UL/ Mailing List Changed Reference Type https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LNMZJCDHGLJJLXO4OXWJMTVQRNWOC7UL/ Mailing List, Third Party Advisory https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LNMZJCDHGLJJLXO4OXWJMTVQRNWOC7UL/ Mailing List Changed Reference Type https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VHUHTSXLXGXS7JYKBXTA3VINUPHTNGVU/ Mailing List, Third Party Advisory https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VHUHTSXLXGXS7JYKBXTA3VINUPHTNGVU/ Mailing List Changed Reference Type https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VHUHTSXLXGXS7JYKBXTA3VINUPHTNGVU/ Mailing List, Third Party Advisory https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VHUHTSXLXGXS7JYKBXTA3VINUPHTNGVU/ Mailing List Changed Reference Type https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VSRDIV77HNKUSM7SJC5BKE5JSHLHU2NK/ Mailing List, Third Party Advisory https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VSRDIV77HNKUSM7SJC5BKE5JSHLHU2NK/ Mailing List Changed Reference Type https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VSRDIV77HNKUSM7SJC5BKE5JSHLHU2NK/ Mailing List, Third Party Advisory https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VSRDIV77HNKUSM7SJC5BKE5JSHLHU2NK/ Mailing List Changed Reference Type https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WE2I52RHNNU42PX6NZ2RBUHSFFJ2LVZX/ Mailing List, Third Party Advisory https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WE2I52RHNNU42PX6NZ2RBUHSFFJ2LVZX/ Mailing List Changed Reference Type https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WE2I52RHNNU42PX6NZ2RBUHSFFJ2LVZX/ Mailing List, Third Party Advisory https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WE2I52RHNNU42PX6NZ2RBUHSFFJ2LVZX/ Mailing List Changed Reference Type https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WLPRQ5TWUQQXYWBJM7ECYDAIL2YVKIUH/ Mailing List, Third Party Advisory https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WLPRQ5TWUQQXYWBJM7ECYDAIL2YVKIUH/ Mailing List Changed Reference Type https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WLPRQ5TWUQQXYWBJM7ECYDAIL2YVKIUH/ Mailing List, Third Party Advisory https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WLPRQ5TWUQQXYWBJM7ECYDAIL2YVKIUH/ Mailing List Changed Reference Type https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X6QXN4ORIVF6XBW4WWFE7VNPVC74S45Y/ Mailing List, Third Party Advisory https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X6QXN4ORIVF6XBW4WWFE7VNPVC74S45Y/ Mailing List Changed Reference Type https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X6QXN4ORIVF6XBW4WWFE7VNPVC74S45Y/ Mailing List, Third Party Advisory https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X6QXN4ORIVF6XBW4WWFE7VNPVC74S45Y/ Mailing List Changed Reference Type https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XFOIBB4YFICHDM7IBOP7PWXW3FX4HLL2/ Mailing List, Third Party Advisory https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XFOIBB4YFICHDM7IBOP7PWXW3FX4HLL2/ Mailing List Changed Reference Type https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XFOIBB4YFICHDM7IBOP7PWXW3FX4HLL2/ Mailing List, Third Party Advisory https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XFOIBB4YFICHDM7IBOP7PWXW3FX4HLL2/ Mailing List Changed Reference Type https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZB43REMKRQR62NJEI7I5NQ4FSXNLBKRT/ Mailing List, Third Party Advisory https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZB43REMKRQR62NJEI7I5NQ4FSXNLBKRT/ Mailing List Changed Reference Type https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZB43REMKRQR62NJEI7I5NQ4FSXNLBKRT/ Mailing List, Third Party Advisory https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZB43REMKRQR62NJEI7I5NQ4FSXNLBKRT/ Mailing List Changed Reference Type https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZKQSIKIAT5TJ3WSLU3RDBQ35YX4GY4V3/ Mailing List, Third Party Advisory https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZKQSIKIAT5TJ3WSLU3RDBQ35YX4GY4V3/ Mailing List Changed Reference Type https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZKQSIKIAT5TJ3WSLU3RDBQ35YX4GY4V3/ Mailing List, Third Party Advisory https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZKQSIKIAT5TJ3WSLU3RDBQ35YX4GY4V3/ Mailing List Changed Reference Type https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZLU6U2R2IC2K64NDPNMV55AUAO65MAF4/ Mailing List, Third Party Advisory https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZLU6U2R2IC2K64NDPNMV55AUAO65MAF4/ Mailing List Changed Reference Type https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZLU6U2R2IC2K64NDPNMV55AUAO65MAF4/ Mailing List, Third Party Advisory https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZLU6U2R2IC2K64NDPNMV55AUAO65MAF4/ Mailing List Changed Reference Type https://news.ycombinator.com/item?id=37830987 Issue Tracking, Third Party Advisory https://news.ycombinator.com/item?id=37830987 Issue Tracking Changed Reference Type https://news.ycombinator.com/item?id=37830987 Issue Tracking, Third Party Advisory https://news.ycombinator.com/item?id=37830987 Issue Tracking Changed Reference Type https://news.ycombinator.com/item?id=37831062 Issue Tracking, Third Party Advisory https://news.ycombinator.com/item?id=37831062 Issue Tracking Changed Reference Type https://news.ycombinator.com/item?id=37831062 Issue Tracking, Third Party Advisory https://news.ycombinator.com/item?id=37831062 Issue Tracking Changed Reference Type https://tomcat.apache.org/security-10.html#Fixed_in_Apache_Tomcat_10.1.14 Release Notes, Vendor Advisory https://tomcat.apache.org/security-10.html#Fixed_in_Apache_Tomcat_10.1.14 Release Notes Changed Reference Type https://tomcat.apache.org/security-10.html#Fixed_in_Apache_Tomcat_10.1.14 Release Notes, Vendor Advisory https://tomcat.apache.org/security-10.html#Fixed_in_Apache_Tomcat_10.1.14 Release Notes Changed Reference Type https://www.vicarius.io/vsociety/posts/rapid-reset-cve-2023-44487-dos-in-http2-understanding-the-root-cause No Types Assigned https://www.vicarius.io/vsociety/posts/rapid-reset-cve-2023-44487-dos-in-http2-understanding-the-root-cause Third Party Advisory -
CVE Modified by af854a3a-2127-422b-91ae-364da2661108
Nov. 21, 2024
Action Type Old Value New Value Added Reference http://www.openwall.com/lists/oss-security/2023/10/13/4 Added Reference http://www.openwall.com/lists/oss-security/2023/10/13/9 Added Reference http://www.openwall.com/lists/oss-security/2023/10/18/4 Added Reference http://www.openwall.com/lists/oss-security/2023/10/18/8 Added Reference http://www.openwall.com/lists/oss-security/2023/10/19/6 Added Reference http://www.openwall.com/lists/oss-security/2023/10/20/8 Added Reference https://access.redhat.com/security/cve/cve-2023-44487 Added Reference https://arstechnica.com/security/2023/10/how-ddosers-used-the-http-2-protocol-to-deliver-attacks-of-unprecedented-size/ Added Reference https://aws.amazon.com/security/security-bulletins/AWS-2023-011/ Added Reference https://blog.cloudflare.com/technical-breakdown-http2-rapid-reset-ddos-attack/ Added Reference https://blog.cloudflare.com/zero-day-rapid-reset-http2-record-breaking-ddos-attack/ Added Reference https://blog.litespeedtech.com/2023/10/11/rapid-reset-http-2-vulnerablilty/ Added Reference https://blog.qualys.com/vulnerabilities-threat-research/2023/10/10/cve-2023-44487-http-2-rapid-reset-attack Added Reference https://blog.vespa.ai/cve-2023-44487/ Added Reference https://bugzilla.proxmox.com/show_bug.cgi?id=4988 Added Reference https://bugzilla.redhat.com/show_bug.cgi?id=2242803 Added Reference https://bugzilla.suse.com/show_bug.cgi?id=1216123 Added Reference https://cgit.freebsd.org/ports/commit/?id=c64c329c2c1752f46b73e3e6ce9f4329be6629f9 Added Reference https://cloud.google.com/blog/products/identity-security/google-cloud-mitigated-largest-ddos-attack-peaking-above-398-million-rps/ Added Reference https://cloud.google.com/blog/products/identity-security/how-it-works-the-novel-http2-rapid-reset-ddos-attack Added Reference https://community.traefik.io/t/is-traefik-vulnerable-to-cve-2023-44487/20125 Added Reference https://discuss.hashicorp.com/t/hcsec-2023-32-vault-consul-and-boundary-affected-by-http-2-rapid-reset-denial-of-service-vulnerability-cve-2023-44487/59715 Added Reference https://edg.io/lp/blog/resets-leaks-ddos-and-the-tale-of-a-hidden-cve Added Reference https://forums.swift.org/t/swift-nio-http2-security-update-cve-2023-44487-http-2-dos/67764 Added Reference https://gist.github.com/adulau/7c2bfb8e9cdbe4b35a5e131c66a0c088 Added Reference https://github.com/advisories/GHSA-qppj-fm5r-hxr3 Added Reference https://github.com/advisories/GHSA-vx74-f528-fxqg Added Reference https://github.com/advisories/GHSA-xpw8-rcwv-8f8p Added Reference https://github.com/akka/akka-http/issues/4323 Added Reference https://github.com/alibaba/tengine/issues/1872 Added Reference https://github.com/apache/apisix/issues/10320 Added Reference https://github.com/apache/httpd/blob/afcdbeebbff4b0c50ea26cdd16e178c0d1f24152/modules/http2/h2_mplx.c#L1101-L1113 Added Reference https://github.com/apache/httpd-site/pull/10 Added Reference https://github.com/apache/tomcat/tree/main/java/org/apache/coyote/http2 Added Reference https://github.com/apache/trafficserver/pull/10564 Added Reference https://github.com/arkrwn/PoC/tree/main/CVE-2023-44487 Added Reference https://github.com/Azure/AKS/issues/3947 Added Reference https://github.com/bcdannyboy/CVE-2023-44487 Added Reference https://github.com/caddyserver/caddy/issues/5877 Added Reference https://github.com/caddyserver/caddy/releases/tag/v2.7.5 Added Reference https://github.com/dotnet/announcements/issues/277 Added Reference https://github.com/dotnet/core/blob/e4613450ea0da7fd2fc6b61dfb2c1c1dec1ce9ec/release-notes/6.0/6.0.23/6.0.23.md?plain=1#L73 Added Reference https://github.com/eclipse/jetty.project/issues/10679 Added Reference https://github.com/envoyproxy/envoy/pull/30055 Added Reference https://github.com/etcd-io/etcd/issues/16740 Added Reference https://github.com/facebook/proxygen/pull/466 Added Reference https://github.com/golang/go/issues/63417 Added Reference https://github.com/grpc/grpc-go/pull/6703 Added Reference https://github.com/h2o/h2o/pull/3291 Added Reference https://github.com/h2o/h2o/security/advisories/GHSA-2m7v-gc89-fjqf Added Reference https://github.com/haproxy/haproxy/issues/2312 Added Reference https://github.com/icing/mod_h2/blob/0a864782af0a942aa2ad4ed960a6b32cd35bcf0a/mod_http2/README.md?plain=1#L239-L244 Added Reference https://github.com/junkurihara/rust-rpxy/issues/97 Added Reference https://github.com/kazu-yamamoto/http2/commit/f61d41a502bd0f60eb24e1ce14edc7b6df6722a1 Added Reference https://github.com/kazu-yamamoto/http2/issues/93 Added Reference https://github.com/Kong/kong/discussions/11741 Added Reference https://github.com/kubernetes/kubernetes/pull/121120 Added Reference https://github.com/line/armeria/pull/5232 Added Reference https://github.com/linkerd/website/pull/1695/commits/4b9c6836471bc8270ab48aae6fd2181bc73fd632 Added Reference https://github.com/micrictor/http2-rst-stream Added Reference https://github.com/microsoft/CBL-Mariner/pull/6381 Added Reference https://github.com/netty/netty/commit/58f75f665aa81a8cbcf6ffa74820042a285c5e61 Added Reference https://github.com/nghttp2/nghttp2/pull/1961 Added Reference https://github.com/nghttp2/nghttp2/releases/tag/v1.57.0 Added Reference https://github.com/ninenines/cowboy/issues/1615 Added Reference https://github.com/nodejs/node/pull/50121 Added Reference https://github.com/openresty/openresty/issues/930 Added Reference https://github.com/opensearch-project/data-prepper/issues/3474 Added Reference https://github.com/oqtane/oqtane.framework/discussions/3367 Added Reference https://github.com/projectcontour/contour/pull/5826 Added Reference https://github.com/tempesta-tech/tempesta/issues/1986 Added Reference https://github.com/varnishcache/varnish-cache/issues/3996 Added Reference https://groups.google.com/g/golang-announce/c/iNNxDTCjZvo Added Reference https://istio.io/latest/news/security/istio-security-2023-004/ Added Reference https://linkerd.io/2023/10/12/linkerd-cve-2023-44487/ Added Reference https://lists.apache.org/thread/5py8h42mxfsn8l1wy6o41xwhsjlsd87q Added Reference https://lists.debian.org/debian-lts-announce/2023/10/msg00020.html Added Reference https://lists.debian.org/debian-lts-announce/2023/10/msg00023.html Added Reference https://lists.debian.org/debian-lts-announce/2023/10/msg00024.html Added Reference https://lists.debian.org/debian-lts-announce/2023/10/msg00045.html Added Reference https://lists.debian.org/debian-lts-announce/2023/10/msg00047.html Added Reference https://lists.debian.org/debian-lts-announce/2023/11/msg00001.html Added Reference https://lists.debian.org/debian-lts-announce/2023/11/msg00012.html Added Reference https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2MBEPPC36UBVOZZNAXFHKLFGSLCMN5LI/ Added Reference https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3N4NJ7FR4X4FPZUGNTQAPSTVB2HB2Y4A/ Added Reference https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BFQD3KUEMFBHPAPBGLWQC34L4OWL5HAZ/ Added Reference https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CLB4TW7KALB3EEQWNWCN7OUIWWVWWCG2/ Added Reference https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/E72T67UPDRXHIDLO3OROR25YAMN4GGW5/ Added Reference https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FNA62Q767CFAFHBCDKYNPBMZWB7TWYVU/ Added Reference https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HT7T2R4MQKLIF4ODV4BDLPARWFPCJ5CZ/ Added Reference https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JIZSEFC3YKCGABA2BZW6ZJRMDZJMB7PJ/ Added Reference https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JMEXY22BFG5Q64HQCM5CK2Q7KDKVV4TY/ Added Reference https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KSEGD2IWKNUO3DWY4KQGUQM5BISRWHQE/ Added Reference https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LKYHSZQFDNR7RSA7LHVLLIAQMVYCUGBG/ Added Reference https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LNMZJCDHGLJJLXO4OXWJMTVQRNWOC7UL/ Added Reference https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VHUHTSXLXGXS7JYKBXTA3VINUPHTNGVU/ Added Reference https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VSRDIV77HNKUSM7SJC5BKE5JSHLHU2NK/ Added Reference https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WE2I52RHNNU42PX6NZ2RBUHSFFJ2LVZX/ Added Reference https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WLPRQ5TWUQQXYWBJM7ECYDAIL2YVKIUH/ Added Reference https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X6QXN4ORIVF6XBW4WWFE7VNPVC74S45Y/ Added Reference https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XFOIBB4YFICHDM7IBOP7PWXW3FX4HLL2/ Added Reference https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZB43REMKRQR62NJEI7I5NQ4FSXNLBKRT/ Added Reference https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZKQSIKIAT5TJ3WSLU3RDBQ35YX4GY4V3/ Added Reference https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZLU6U2R2IC2K64NDPNMV55AUAO65MAF4/ Added Reference https://lists.w3.org/Archives/Public/ietf-http-wg/2023OctDec/0025.html Added Reference https://mailman.nginx.org/pipermail/nginx-devel/2023-October/S36Q5HBXR7CAIMPLLPRSSSYR4PCMWILK.html Added Reference https://martinthomson.github.io/h2-stream-limits/draft-thomson-httpbis-h2-stream-limits.html Added Reference https://msrc.microsoft.com/blog/2023/10/microsoft-response-to-distributed-denial-of-service-ddos-attacks-against-http/2/ Added Reference https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-44487 Added Reference https://my.f5.com/manage/s/article/K000137106 Added Reference https://netty.io/news/2023/10/10/4-1-100-Final.html Added Reference https://news.ycombinator.com/item?id=37830987 Added Reference https://news.ycombinator.com/item?id=37830998 Added Reference https://news.ycombinator.com/item?id=37831062 Added Reference https://news.ycombinator.com/item?id=37837043 Added Reference https://openssf.org/blog/2023/10/10/http-2-rapid-reset-vulnerability-highlights-need-for-rapid-response/ Added Reference https://seanmonstar.com/post/730794151136935936/hyper-http2-rapid-reset-unaffected Added Reference https://security.gentoo.org/glsa/202311-09 Added Reference https://security.netapp.com/advisory/ntap-20231016-0001/ Added Reference https://security.netapp.com/advisory/ntap-20240426-0007/ Added Reference https://security.netapp.com/advisory/ntap-20240621-0006/ Added Reference https://security.netapp.com/advisory/ntap-20240621-0007/ Added Reference https://security.paloaltonetworks.com/CVE-2023-44487 Added Reference https://tomcat.apache.org/security-10.html#Fixed_in_Apache_Tomcat_10.1.14 Added Reference https://ubuntu.com/security/CVE-2023-44487 Added Reference https://www.bleepingcomputer.com/news/security/new-http-2-rapid-reset-zero-day-attack-breaks-ddos-records/ Added Reference https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487 Added Reference https://www.darkreading.com/cloud/internet-wide-zero-day-bug-fuels-largest-ever-ddos-event Added Reference https://www.debian.org/security/2023/dsa-5521 Added Reference https://www.debian.org/security/2023/dsa-5522 Added Reference https://www.debian.org/security/2023/dsa-5540 Added Reference https://www.debian.org/security/2023/dsa-5549 Added Reference https://www.debian.org/security/2023/dsa-5558 Added Reference https://www.debian.org/security/2023/dsa-5570 Added Reference https://www.haproxy.com/blog/haproxy-is-not-affected-by-the-http-2-rapid-reset-attack-cve-2023-44487 Added Reference https://www.netlify.com/blog/netlify-successfully-mitigates-cve-2023-44487/ Added Reference https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/ Added Reference https://www.openwall.com/lists/oss-security/2023/10/10/6 Added Reference https://www.phoronix.com/news/HTTP2-Rapid-Reset-Attack Added Reference https://www.theregister.com/2023/10/10/http2_rapid_reset_zeroday/ Added Reference https://www.vicarius.io/vsociety/posts/rapid-reset-cve-2023-44487-dos-in-http2-understanding-the-root-cause -
Modified Analysis by [email protected]
Aug. 14, 2024
Action Type Old Value New Value Removed CWE NIST CWE-400 Added CWE NIST NVD-CWE-noinfo -
CVE Modified by 134c704f-9b21-4f2e-91b3-4a467353bcc0
Aug. 01, 2024
Action Type Old Value New Value Added CWE CISA-ADP CWE-400 Added CVSS V3.1 CISA-ADP AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H -
Modified Analysis by [email protected]
Jun. 27, 2024
Action Type Old Value New Value Changed Reference Type https://aws.amazon.com/security/security-bulletins/AWS-2023-011/ Vendor Advisory https://aws.amazon.com/security/security-bulletins/AWS-2023-011/ Third Party Advisory Changed Reference Type https://security.netapp.com/advisory/ntap-20240426-0007/ No Types Assigned https://security.netapp.com/advisory/ntap-20240426-0007/ Third Party Advisory Changed Reference Type https://security.netapp.com/advisory/ntap-20240621-0006/ No Types Assigned https://security.netapp.com/advisory/ntap-20240621-0006/ Third Party Advisory Changed Reference Type https://security.netapp.com/advisory/ntap-20240621-0007/ No Types Assigned https://security.netapp.com/advisory/ntap-20240621-0007/ Third Party Advisory Changed CPE Configuration OR *cpe:2.3:a:netapp:astra_control_center:-:*:*:*:*:*:*:* OR *cpe:2.3:a:netapp:astra_control_center:-:*:*:*:*:*:*:* *cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:* -
CVE Modified by [email protected]
Jun. 21, 2024
Action Type Old Value New Value Added Reference MITRE https://security.netapp.com/advisory/ntap-20240621-0006/ [No types assigned] Added Reference MITRE https://security.netapp.com/advisory/ntap-20240621-0007/ [No types assigned] -
CVE Modified by [email protected]
May. 14, 2024
Action Type Old Value New Value -
CVE Modified by [email protected]
Apr. 26, 2024
Action Type Old Value New Value Added Reference MITRE https://security.netapp.com/advisory/ntap-20240426-0007/ [No types assigned] -
Reanalysis by [email protected]
Feb. 02, 2024
Action Type Old Value New Value Added CPE Configuration OR *cpe:2.3:a:cisco:connected_mobile_experiences:*:*:*:*:*:*:*:* versions up to (excluding) 11.1 *cpe:2.3:a:cisco:crosswork_data_gateway:*:*:*:*:*:*:*:* versions up to (excluding) 4.1.3 *cpe:2.3:a:cisco:crosswork_data_gateway:5.0:*:*:*:*:*:*:* *cpe:2.3:a:cisco:crosswork_zero_touch_provisioning:*:*:*:*:*:*:*:* versions up to (excluding) 6.0.0 *cpe:2.3:a:cisco:data_center_network_manager:-:*:*:*:*:*:*:* *cpe:2.3:a:cisco:enterprise_chat_and_email:-:*:*:*:*:*:*:* *cpe:2.3:a:cisco:expressway:*:*:*:*:*:*:*:* versions up to (excluding) x14.3.3 *cpe:2.3:a:cisco:firepower_threat_defense:*:*:*:*:*:*:*:* versions up to (excluding) 7.4.2 *cpe:2.3:a:cisco:iot_field_network_director:*:*:*:*:*:*:*:* versions up to (excluding) 4.11.0 *cpe:2.3:a:cisco:prime_access_registrar:*:*:*:*:*:*:*:* versions up to (excluding) 9.3.3 *cpe:2.3:a:cisco:prime_cable_provisioning:*:*:*:*:*:*:*:* versions up to (excluding) 7.2.1 *cpe:2.3:a:cisco:prime_infrastructure:*:*:*:*:*:*:*:* versions up to (excluding) 3.10.4 *cpe:2.3:a:cisco:prime_network_registrar:*:*:*:*:*:*:*:* versions up to (excluding) 11.2 *cpe:2.3:a:cisco:secure_dynamic_attributes_connector:*:*:*:*:*:*:*:* versions up to (excluding) 2.2.0 *cpe:2.3:a:cisco:secure_malware_analytics:*:*:*:*:*:*:*:* versions up to (excluding) 2.19.2 *cpe:2.3:a:cisco:telepresence_video_communication_server:*:*:*:*:*:*:*:* versions up to (excluding) x14.3.3 *cpe:2.3:a:cisco:ultra_cloud_core_-_policy_control_function:*:*:*:*:*:*:*:* versions up to (excluding) 2024.01.0 *cpe:2.3:a:cisco:ultra_cloud_core_-_policy_control_function:2024.01.0:*:*:*:*:*:*:* *cpe:2.3:a:cisco:ultra_cloud_core_-_serving_gateway_function:*:*:*:*:*:*:*:* versions up to (excluding) 2024.02.0 *cpe:2.3:a:cisco:ultra_cloud_core_-_session_management_function:*:*:*:*:*:*:*:* versions up to (excluding) 2024.02.0 *cpe:2.3:a:cisco:unified_attendant_console_advanced:-:*:*:*:*:*:*:* *cpe:2.3:a:cisco:unified_contact_center_domain_manager:-:*:*:*:*:*:*:* *cpe:2.3:a:cisco:unified_contact_center_enterprise:-:*:*:*:*:*:*:* *cpe:2.3:a:cisco:unified_contact_center_enterprise_-_live_data_server:*:*:*:*:*:*:*:* versions up to (excluding) 12.6.2 *cpe:2.3:a:cisco:unified_contact_center_management_portal:-:*:*:*:*:*:*:* *cpe:2.3:o:cisco:fog_director:*:*:*:*:*:*:*:* versions up to (excluding) 1.22 *cpe:2.3:o:cisco:ios_xe:*:*:*:*:*:*:*:* versions up to (excluding) 17.15.1 *cpe:2.3:o:cisco:ios_xr:*:*:*:*:*:*:*:* versions up to (excluding) 7.11.2 Added CPE Configuration AND OR *cpe:2.3:o:cisco:secure_web_appliance_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 15.1.0 OR cpe:2.3:h:cisco:secure_web_appliance:-:*:*:*:*:*:*:* Added CPE Configuration AND OR *cpe:2.3:o:cisco:nx-os:*:*:*:*:*:*:*:* versions up to (excluding) 10.2\(7\) *cpe:2.3:o:cisco:nx-os:*:*:*:*:*:*:*:* versions from (including) 10.3\(1\) up to (excluding) 10.3\(5\) OR cpe:2.3:h:cisco:nexus_3016:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:nexus_3016q:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:nexus_3048:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:nexus_3064:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:nexus_3064-32t:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:nexus_3064-t:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:nexus_3064-x:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:nexus_3064t:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:nexus_3064x:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:nexus_3100:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:nexus_3100-v:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:nexus_3100-z:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:nexus_3100v:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:nexus_31108pc-v:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:nexus_31108pv-v:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:nexus_31108tc-v:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:nexus_31128pq:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:nexus_3132c-z:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:nexus_3132q:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:nexus_3132q-v:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:nexus_3132q-x:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:nexus_3132q-x\/3132q-xl:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:nexus_3132q-xl:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:nexus_3164q:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:nexus_3172:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:nexus_3172pq:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:nexus_3172pq-xl:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:nexus_3172pq\/pq-xl:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:nexus_3172tq:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:nexus_3172tq-32t:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:nexus_3172tq-xl:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:nexus_3200:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:nexus_3232:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:nexus_3232c:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:nexus_3232c_:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:nexus_3264c-e:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:nexus_3264q:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:nexus_3400:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:nexus_3408-s:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:nexus_34180yc:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:nexus_34200yc-sm:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:nexus_3432d-s:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:nexus_3464c:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:nexus_3500:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:nexus_3524:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:nexus_3524-x:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:nexus_3524-x\/xl:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:nexus_3524-xl:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:nexus_3548:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:nexus_3548-x:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:nexus_3548-x\/xl:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:nexus_3548-xl:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:nexus_3600:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:nexus_36180yc-r:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:nexus_3636c-r:-:*:*:*:*:*:*:* Added CPE Configuration AND OR *cpe:2.3:o:cisco:nx-os:*:*:*:*:*:*:*:* versions up to (excluding) 10.2\(7\) *cpe:2.3:o:cisco:nx-os:*:*:*:*:*:*:*:* versions from (including) 10.3\(1\) up to (excluding) 10.3\(5\) OR cpe:2.3:h:cisco:nexus_9000v:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:nexus_9200:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:nexus_9200yc:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:nexus_92160yc-x:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:nexus_92160yc_switch:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:nexus_9221c:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:nexus_92300yc:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:nexus_92300yc_switch:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:nexus_92304qc:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:nexus_92304qc_switch:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:nexus_9232e:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:nexus_92348gc-x:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:nexus_9236c:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:nexus_9236c_switch:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:nexus_9272q:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:nexus_9272q_switch:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:nexus_9300:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:nexus_93108tc-ex:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:nexus_93108tc-ex-24:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:nexus_93108tc-ex_switch:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:nexus_93108tc-fx:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:nexus_93108tc-fx-24:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:nexus_93108tc-fx3h:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:nexus_93108tc-fx3p:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:nexus_93120tx:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:nexus_93120tx_switch:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:nexus_93128:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:nexus_93128tx:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:nexus_93128tx_switch:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:nexus_9316d-gx:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:nexus_93180lc-ex:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:nexus_93180lc-ex_switch:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:nexus_93180tc-ex:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:nexus_93180yc-ex:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:nexus_93180yc-ex-24:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:nexus_93180yc-ex_switch:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:nexus_93180yc-fx:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:nexus_93180yc-fx-24:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:nexus_93180yc-fx3:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:nexus_93180yc-fx3h:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:nexus_93180yc-fx3s:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:nexus_93216tc-fx2:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:nexus_93240tc-fx2:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:nexus_93240yc-fx2:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:nexus_9332c:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:nexus_9332d-gx2b:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:nexus_9332d-h2r:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:nexus_9332pq:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:nexus_9332pq_switch:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:nexus_93360yc-fx2:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:nexus_9336c-fx2:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:nexus_9336c-fx2-e:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:nexus_9336pq:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:nexus_9336pq_aci:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:nexus_9336pq_aci_spine:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:nexus_9336pq_aci_spine_switch:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:nexus_9348d-gx2a:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:nexus_9348gc-fx3:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:nexus_9348gc-fxp:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:nexus_93600cd-gx:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:nexus_9364c:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:nexus_9364c-gx:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:nexus_9364d-gx2a:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:nexus_9372px:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:nexus_9372px-e:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:nexus_9372px-e_switch:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:nexus_9372px_switch:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:nexus_9372tx:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:nexus_9372tx-e:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:nexus_9372tx-e_switch:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:nexus_9372tx_switch:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:nexus_9396px:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:nexus_9396px_switch:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:nexus_9396tx:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:nexus_9396tx_switch:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:nexus_9408:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:nexus_9432pq:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:nexus_9500:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:nexus_9500_16-slot:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:nexus_9500_4-slot:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:nexus_9500_8-slot:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:nexus_9500_supervisor_a:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:nexus_9500_supervisor_a\+:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:nexus_9500_supervisor_b:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:nexus_9500_supervisor_b\+:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:nexus_9500r:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:nexus_9504:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:nexus_9504_switch:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:nexus_9508:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:nexus_9508_switch:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:nexus_9516:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:nexus_9516_switch:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:nexus_9536pq:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:nexus_9636pq:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:nexus_9716d-gx:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:nexus_9736pq:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:nexus_9800:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:nexus_9804:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:nexus_9808:-:*:*:*:*:*:*:* -
Modified Analysis by [email protected]
Dec. 20, 2023
Action Type Old Value New Value Changed Reference Type https://www.debian.org/security/2023/dsa-5570 No Types Assigned https://www.debian.org/security/2023/dsa-5570 Third Party Advisory Added CPE Configuration OR *cpe:2.3:a:openresty:openresty:*:*:*:*:*:*:*:* versions up to (excluding) 1.21.4.3 -
CVE Modified by [email protected]
Dec. 02, 2023
Action Type Old Value New Value Added Reference MITRE https://www.debian.org/security/2023/dsa-5570 [No types assigned] -
Modified Analysis by [email protected]
Dec. 01, 2023
Action Type Old Value New Value Changed Reference Type https://blog.qualys.com/vulnerabilities-threat-research/2023/10/10/cve-2023-44487-http-2-rapid-reset-attack Press/Media Coverage https://blog.qualys.com/vulnerabilities-threat-research/2023/10/10/cve-2023-44487-http-2-rapid-reset-attack Press/Media Coverage, Third Party Advisory Changed Reference Type https://bugzilla.proxmox.com/show_bug.cgi?id=4988 Issue Tracking https://bugzilla.proxmox.com/show_bug.cgi?id=4988 Issue Tracking, Third Party Advisory Changed Reference Type https://cgit.freebsd.org/ports/commit/?id=c64c329c2c1752f46b73e3e6ce9f4329be6629f9 Mailing List, Patch https://cgit.freebsd.org/ports/commit/?id=c64c329c2c1752f46b73e3e6ce9f4329be6629f9 Mailing List, Patch, Vendor Advisory Changed Reference Type https://discuss.hashicorp.com/t/hcsec-2023-32-vault-consul-and-boundary-affected-by-http-2-rapid-reset-denial-of-service-vulnerability-cve-2023-44487/59715 No Types Assigned https://discuss.hashicorp.com/t/hcsec-2023-32-vault-consul-and-boundary-affected-by-http-2-rapid-reset-denial-of-service-vulnerability-cve-2023-44487/59715 Third Party Advisory Changed Reference Type https://github.com/apache/httpd/blob/afcdbeebbff4b0c50ea26cdd16e178c0d1f24152/modules/http2/h2_mplx.c#L1101-L1113 Product https://github.com/apache/httpd/blob/afcdbeebbff4b0c50ea26cdd16e178c0d1f24152/modules/http2/h2_mplx.c#L1101-L1113 Product, Third Party Advisory Changed Reference Type https://github.com/apache/tomcat/tree/main/java/org/apache/coyote/http2 Product https://github.com/apache/tomcat/tree/main/java/org/apache/coyote/http2 Product, Third Party Advisory Changed Reference Type https://github.com/caddyserver/caddy/releases/tag/v2.7.5 Release Notes https://github.com/caddyserver/caddy/releases/tag/v2.7.5 Release Notes, Third Party Advisory Changed Reference Type https://github.com/h2o/h2o/pull/3291 Patch https://github.com/h2o/h2o/pull/3291 Patch, Third Party Advisory Changed Reference Type https://github.com/kazu-yamamoto/http2/commit/f61d41a502bd0f60eb24e1ce14edc7b6df6722a1 Patch https://github.com/kazu-yamamoto/http2/commit/f61d41a502bd0f60eb24e1ce14edc7b6df6722a1 Patch, Third Party Advisory Changed Reference Type https://github.com/kazu-yamamoto/http2/issues/93 Issue Tracking https://github.com/kazu-yamamoto/http2/issues/93 Issue Tracking, Third Party Advisory Changed Reference Type https://github.com/nghttp2/nghttp2/releases/tag/v1.57.0 Release Notes https://github.com/nghttp2/nghttp2/releases/tag/v1.57.0 Release Notes, Third Party Advisory Changed Reference Type https://groups.google.com/g/golang-announce/c/iNNxDTCjZvo Vendor Advisory https://groups.google.com/g/golang-announce/c/iNNxDTCjZvo Mailing List, Vendor Advisory Changed Reference Type https://lists.debian.org/debian-lts-announce/2023/10/msg00020.html Mailing List https://lists.debian.org/debian-lts-announce/2023/10/msg00020.html Mailing List, Third Party Advisory Changed Reference Type https://lists.debian.org/debian-lts-announce/2023/10/msg00045.html No Types Assigned https://lists.debian.org/debian-lts-announce/2023/10/msg00045.html Third Party Advisory Changed Reference Type https://lists.debian.org/debian-lts-announce/2023/10/msg00047.html No Types Assigned https://lists.debian.org/debian-lts-announce/2023/10/msg00047.html Third Party Advisory Changed Reference Type https://lists.debian.org/debian-lts-announce/2023/11/msg00001.html No Types Assigned https://lists.debian.org/debian-lts-announce/2023/11/msg00001.html Mailing List, Third Party Advisory Changed Reference Type https://lists.debian.org/debian-lts-announce/2023/11/msg00012.html No Types Assigned https://lists.debian.org/debian-lts-announce/2023/11/msg00012.html Mailing List, Third Party Advisory Changed Reference Type https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2MBEPPC36UBVOZZNAXFHKLFGSLCMN5LI/ No Types Assigned https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2MBEPPC36UBVOZZNAXFHKLFGSLCMN5LI/ Mailing List, Third Party Advisory Changed Reference Type https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3N4NJ7FR4X4FPZUGNTQAPSTVB2HB2Y4A/ No Types Assigned https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3N4NJ7FR4X4FPZUGNTQAPSTVB2HB2Y4A/ Mailing List, Third Party Advisory Changed Reference Type https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BFQD3KUEMFBHPAPBGLWQC34L4OWL5HAZ/ No Types Assigned https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BFQD3KUEMFBHPAPBGLWQC34L4OWL5HAZ/ Mailing List, Third Party Advisory Changed Reference Type https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CLB4TW7KALB3EEQWNWCN7OUIWWVWWCG2/ No Types Assigned https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CLB4TW7KALB3EEQWNWCN7OUIWWVWWCG2/ Mailing List, Third Party Advisory Changed Reference Type https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/E72T67UPDRXHIDLO3OROR25YAMN4GGW5/ No Types Assigned https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/E72T67UPDRXHIDLO3OROR25YAMN4GGW5/ Mailing List, Third Party Advisory Changed Reference Type https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FNA62Q767CFAFHBCDKYNPBMZWB7TWYVU/ No Types Assigned https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FNA62Q767CFAFHBCDKYNPBMZWB7TWYVU/ Mailing List, Third Party Advisory Changed Reference Type https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HT7T2R4MQKLIF4ODV4BDLPARWFPCJ5CZ/ No Types Assigned https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HT7T2R4MQKLIF4ODV4BDLPARWFPCJ5CZ/ Mailing List, Third Party Advisory Changed Reference Type https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JIZSEFC3YKCGABA2BZW6ZJRMDZJMB7PJ/ No Types Assigned https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JIZSEFC3YKCGABA2BZW6ZJRMDZJMB7PJ/ Mailing List, Third Party Advisory Changed Reference Type https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JMEXY22BFG5Q64HQCM5CK2Q7KDKVV4TY/ No Types Assigned https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JMEXY22BFG5Q64HQCM5CK2Q7KDKVV4TY/ Mailing List, Third Party Advisory Changed Reference Type https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KSEGD2IWKNUO3DWY4KQGUQM5BISRWHQE/ No Types Assigned https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KSEGD2IWKNUO3DWY4KQGUQM5BISRWHQE/ Mailing List, Third Party Advisory Changed Reference Type https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LKYHSZQFDNR7RSA7LHVLLIAQMVYCUGBG/ No Types Assigned https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LKYHSZQFDNR7RSA7LHVLLIAQMVYCUGBG/ Mailing List, Third Party Advisory Changed Reference Type https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LNMZJCDHGLJJLXO4OXWJMTVQRNWOC7UL/ No Types Assigned https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LNMZJCDHGLJJLXO4OXWJMTVQRNWOC7UL/ Mailing List, Third Party Advisory Changed Reference Type https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VHUHTSXLXGXS7JYKBXTA3VINUPHTNGVU/ No Types Assigned https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VHUHTSXLXGXS7JYKBXTA3VINUPHTNGVU/ Mailing List, Third Party Advisory Changed Reference Type https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VSRDIV77HNKUSM7SJC5BKE5JSHLHU2NK/ No Types Assigned https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VSRDIV77HNKUSM7SJC5BKE5JSHLHU2NK/ Mailing List, Third Party Advisory Changed Reference Type https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WE2I52RHNNU42PX6NZ2RBUHSFFJ2LVZX/ No Types Assigned https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WE2I52RHNNU42PX6NZ2RBUHSFFJ2LVZX/ Mailing List, Third Party Advisory Changed Reference Type https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WLPRQ5TWUQQXYWBJM7ECYDAIL2YVKIUH/ No Types Assigned https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WLPRQ5TWUQQXYWBJM7ECYDAIL2YVKIUH/ Mailing List, Third Party Advisory Changed Reference Type https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X6QXN4ORIVF6XBW4WWFE7VNPVC74S45Y/ No Types Assigned https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X6QXN4ORIVF6XBW4WWFE7VNPVC74S45Y/ Mailing List, Third Party Advisory Changed Reference Type https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XFOIBB4YFICHDM7IBOP7PWXW3FX4HLL2/ No Types Assigned https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XFOIBB4YFICHDM7IBOP7PWXW3FX4HLL2/ Mailing List, Third Party Advisory Changed Reference Type https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZB43REMKRQR62NJEI7I5NQ4FSXNLBKRT/ No Types Assigned https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZB43REMKRQR62NJEI7I5NQ4FSXNLBKRT/ Mailing List, Third Party Advisory Changed Reference Type https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZKQSIKIAT5TJ3WSLU3RDBQ35YX4GY4V3/ No Types Assigned https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZKQSIKIAT5TJ3WSLU3RDBQ35YX4GY4V3/ Mailing List, Third Party Advisory Changed Reference Type https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZLU6U2R2IC2K64NDPNMV55AUAO65MAF4/ No Types Assigned https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZLU6U2R2IC2K64NDPNMV55AUAO65MAF4/ Mailing List, Third Party Advisory Changed Reference Type https://lists.w3.org/Archives/Public/ietf-http-wg/2023OctDec/0025.html Mailing List https://lists.w3.org/Archives/Public/ietf-http-wg/2023OctDec/0025.html Mailing List, Third Party Advisory Changed Reference Type https://mailman.nginx.org/pipermail/nginx-devel/2023-October/S36Q5HBXR7CAIMPLLPRSSSYR4PCMWILK.html Mailing List, Patch https://mailman.nginx.org/pipermail/nginx-devel/2023-October/S36Q5HBXR7CAIMPLLPRSSSYR4PCMWILK.html Mailing List, Patch, Third Party Advisory Changed Reference Type https://security.gentoo.org/glsa/202311-09 No Types Assigned https://security.gentoo.org/glsa/202311-09 Third Party Advisory Changed Reference Type https://www.darkreading.com/cloud/internet-wide-zero-day-bug-fuels-largest-ever-ddos-event Press/Media Coverage https://www.darkreading.com/cloud/internet-wide-zero-day-bug-fuels-largest-ever-ddos-event Press/Media Coverage, Third Party Advisory Changed Reference Type https://www.debian.org/security/2023/dsa-5540 No Types Assigned https://www.debian.org/security/2023/dsa-5540 Third Party Advisory Changed Reference Type https://www.debian.org/security/2023/dsa-5549 No Types Assigned https://www.debian.org/security/2023/dsa-5549 Third Party Advisory Changed Reference Type https://www.debian.org/security/2023/dsa-5558 No Types Assigned https://www.debian.org/security/2023/dsa-5558 Third Party Advisory Changed Reference Type https://www.theregister.com/2023/10/10/http2_rapid_reset_zeroday/ Press/Media Coverage https://www.theregister.com/2023/10/10/http2_rapid_reset_zeroday/ Press/Media Coverage, Third Party Advisory Changed CPE Configuration OR *cpe:2.3:a:grpc:grpc:*:*:*:*:*:go:*:* versions up to (excluding) 1.56.3 *cpe:2.3:a:grpc:grpc:1.57.0:-:*:*:*:go:*:* *cpe:2.3:a:grpc:grpc:*:*:*:*:*:go:*:* versions from (including) 1.58.0 up to (excluding) 1.58.3 OR *cpe:2.3:a:grpc:grpc:*:*:*:*:*:go:*:* versions up to (excluding) 1.56.3 *cpe:2.3:a:grpc:grpc:1.57.0:-:*:*:*:go:*:* *cpe:2.3:a:grpc:grpc:*:*:*:*:*:go:*:* versions from (including) 1.58.0 up to (excluding) 1.58.3 *cpe:2.3:a:grpc:grpc:*:*:*:*:*:-:*:* versions up to (including) 1.59.2 -
CVE Modified by [email protected]
Nov. 25, 2023
Action Type Old Value New Value Added Reference MITRE https://security.gentoo.org/glsa/202311-09 [No types assigned] -
CVE Modified by [email protected]
Nov. 19, 2023
Action Type Old Value New Value Added Reference MITRE https://lists.debian.org/debian-lts-announce/2023/11/msg00012.html [No types assigned] -
CVE Modified by [email protected]
Nov. 18, 2023
Action Type Old Value New Value Added Reference MITRE https://www.debian.org/security/2023/dsa-5558 [No types assigned] -
CVE Modified by [email protected]
Nov. 07, 2023
Action Type Old Value New Value Added Reference MITRE https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2MBEPPC36UBVOZZNAXFHKLFGSLCMN5LI/ [No types assigned] Added Reference MITRE https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WE2I52RHNNU42PX6NZ2RBUHSFFJ2LVZX/ [No types assigned] -
CVE Modified by [email protected]
Nov. 07, 2023
Action Type Old Value New Value Added Reference MITRE https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JMEXY22BFG5Q64HQCM5CK2Q7KDKVV4TY/ [No types assigned] Added Reference MITRE https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZKQSIKIAT5TJ3WSLU3RDBQ35YX4GY4V3/ [No types assigned] Added Reference MITRE https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JIZSEFC3YKCGABA2BZW6ZJRMDZJMB7PJ/ [No types assigned] Added Reference MITRE https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WLPRQ5TWUQQXYWBJM7ECYDAIL2YVKIUH/ [No types assigned] Added Reference MITRE https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/E72T67UPDRXHIDLO3OROR25YAMN4GGW5/ [No types assigned] Added Reference MITRE https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BFQD3KUEMFBHPAPBGLWQC34L4OWL5HAZ/ [No types assigned] Added Reference MITRE https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZLU6U2R2IC2K64NDPNMV55AUAO65MAF4/ [No types assigned] Added Reference MITRE https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X6QXN4ORIVF6XBW4WWFE7VNPVC74S45Y/ [No types assigned] Added Reference MITRE https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LKYHSZQFDNR7RSA7LHVLLIAQMVYCUGBG/ [No types assigned] Added Reference MITRE https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FNA62Q767CFAFHBCDKYNPBMZWB7TWYVU/ [No types assigned] Added Reference MITRE https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LNMZJCDHGLJJLXO4OXWJMTVQRNWOC7UL/ [No types assigned] Added Reference MITRE https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KSEGD2IWKNUO3DWY4KQGUQM5BISRWHQE/ [No types assigned] Added Reference MITRE https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CLB4TW7KALB3EEQWNWCN7OUIWWVWWCG2/ [No types assigned] Added Reference MITRE https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VHUHTSXLXGXS7JYKBXTA3VINUPHTNGVU/ [No types assigned] Added Reference MITRE https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VSRDIV77HNKUSM7SJC5BKE5JSHLHU2NK/ [No types assigned] Added Reference MITRE https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3N4NJ7FR4X4FPZUGNTQAPSTVB2HB2Y4A/ [No types assigned] Added Reference MITRE https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZB43REMKRQR62NJEI7I5NQ4FSXNLBKRT/ [No types assigned] Added Reference MITRE https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HT7T2R4MQKLIF4ODV4BDLPARWFPCJ5CZ/ [No types assigned] Added Reference MITRE https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XFOIBB4YFICHDM7IBOP7PWXW3FX4HLL2/ [No types assigned] Removed Reference MITRE https://lists.fedoraproject.org/archives/list/[email protected]/message/JMEXY22BFG5Q64HQCM5CK2Q7KDKVV4TY/ Removed Reference MITRE https://lists.fedoraproject.org/archives/list/[email protected]/message/JIZSEFC3YKCGABA2BZW6ZJRMDZJMB7PJ/ Removed Reference MITRE https://lists.fedoraproject.org/archives/list/[email protected]/message/ZKQSIKIAT5TJ3WSLU3RDBQ35YX4GY4V3/ Removed Reference MITRE https://lists.fedoraproject.org/archives/list/[email protected]/message/ZLU6U2R2IC2K64NDPNMV55AUAO65MAF4/ Removed Reference MITRE https://lists.fedoraproject.org/archives/list/[email protected]/message/BFQD3KUEMFBHPAPBGLWQC34L4OWL5HAZ/ Removed Reference MITRE https://lists.fedoraproject.org/archives/list/[email protected]/message/WLPRQ5TWUQQXYWBJM7ECYDAIL2YVKIUH/ Removed Reference MITRE https://lists.fedoraproject.org/archives/list/[email protected]/message/E72T67UPDRXHIDLO3OROR25YAMN4GGW5/ Removed Reference MITRE https://lists.fedoraproject.org/archives/list/[email protected]/message/LKYHSZQFDNR7RSA7LHVLLIAQMVYCUGBG/ Removed Reference MITRE https://lists.fedoraproject.org/archives/list/[email protected]/message/X6QXN4ORIVF6XBW4WWFE7VNPVC74S45Y/ Removed Reference MITRE https://lists.fedoraproject.org/archives/list/[email protected]/message/FNA62Q767CFAFHBCDKYNPBMZWB7TWYVU/ Removed Reference MITRE https://lists.fedoraproject.org/archives/list/[email protected]/message/LNMZJCDHGLJJLXO4OXWJMTVQRNWOC7UL/ Removed Reference MITRE https://lists.fedoraproject.org/archives/list/[email protected]/message/KSEGD2IWKNUO3DWY4KQGUQM5BISRWHQE/ Removed Reference MITRE https://lists.fedoraproject.org/archives/list/[email protected]/message/CLB4TW7KALB3EEQWNWCN7OUIWWVWWCG2/ Removed Reference MITRE https://lists.fedoraproject.org/archives/list/[email protected]/message/VHUHTSXLXGXS7JYKBXTA3VINUPHTNGVU/ Removed Reference MITRE https://lists.fedoraproject.org/archives/list/[email protected]/message/ZB43REMKRQR62NJEI7I5NQ4FSXNLBKRT/ Removed Reference MITRE https://lists.fedoraproject.org/archives/list/[email protected]/message/3N4NJ7FR4X4FPZUGNTQAPSTVB2HB2Y4A/ Removed Reference MITRE https://lists.fedoraproject.org/archives/list/[email protected]/message/VSRDIV77HNKUSM7SJC5BKE5JSHLHU2NK/ Removed Reference MITRE https://lists.fedoraproject.org/archives/list/[email protected]/message/HT7T2R4MQKLIF4ODV4BDLPARWFPCJ5CZ/ Removed Reference MITRE https://lists.fedoraproject.org/archives/list/[email protected]/message/XFOIBB4YFICHDM7IBOP7PWXW3FX4HLL2/ -
CVE Modified by [email protected]
Nov. 06, 2023
Action Type Old Value New Value Added Reference https://www.debian.org/security/2023/dsa-5549 [No Types Assigned] -
CVE Modified by [email protected]
Nov. 06, 2023
Action Type Old Value New Value Added Reference https://lists.debian.org/debian-lts-announce/2023/11/msg00001.html [No Types Assigned] -
CVE Modified by [email protected]
Nov. 03, 2023
Action Type Old Value New Value Added Reference https://lists.fedoraproject.org/archives/list/[email protected]/message/ZB43REMKRQR62NJEI7I5NQ4FSXNLBKRT/ [No Types Assigned] Added Reference https://lists.fedoraproject.org/archives/list/[email protected]/message/3N4NJ7FR4X4FPZUGNTQAPSTVB2HB2Y4A/ [No Types Assigned] Added Reference https://lists.fedoraproject.org/archives/list/[email protected]/message/VSRDIV77HNKUSM7SJC5BKE5JSHLHU2NK/ [No Types Assigned] Added Reference https://lists.fedoraproject.org/archives/list/[email protected]/message/HT7T2R4MQKLIF4ODV4BDLPARWFPCJ5CZ/ [No Types Assigned] Added Reference https://lists.fedoraproject.org/archives/list/[email protected]/message/XFOIBB4YFICHDM7IBOP7PWXW3FX4HLL2/ [No Types Assigned] -
CVE Modified by [email protected]
Nov. 03, 2023
Action Type Old Value New Value Added Reference https://lists.fedoraproject.org/archives/list/[email protected]/message/VHUHTSXLXGXS7JYKBXTA3VINUPHTNGVU/ [No Types Assigned] -
CVE Modified by [email protected]
Nov. 03, 2023
Action Type Old Value New Value Added Reference https://discuss.hashicorp.com/t/hcsec-2023-32-vault-consul-and-boundary-affected-by-http-2-rapid-reset-denial-of-service-vulnerability-cve-2023-44487/59715 [No Types Assigned] -
CVE Modified by [email protected]
Oct. 31, 2023
Action Type Old Value New Value Added Reference https://lists.debian.org/debian-lts-announce/2023/10/msg00047.html [No Types Assigned] -
CVE Modified by [email protected]
Oct. 31, 2023
Action Type Old Value New Value Added Reference https://www.debian.org/security/2023/dsa-5540 [No Types Assigned] -
CVE Modified by [email protected]
Oct. 30, 2023
Action Type Old Value New Value Added Reference https://lists.debian.org/debian-lts-announce/2023/10/msg00045.html [No Types Assigned] -
CVE Modified by [email protected]
Oct. 29, 2023
Action Type Old Value New Value Added Reference https://lists.fedoraproject.org/archives/list/[email protected]/message/CLB4TW7KALB3EEQWNWCN7OUIWWVWWCG2/ [No Types Assigned] -
CVE Modified by [email protected]
Oct. 29, 2023
Action Type Old Value New Value Added Reference https://lists.fedoraproject.org/archives/list/[email protected]/message/KSEGD2IWKNUO3DWY4KQGUQM5BISRWHQE/ [No Types Assigned] -
CVE Modified by [email protected]
Oct. 28, 2023
Action Type Old Value New Value Added Reference https://lists.fedoraproject.org/archives/list/[email protected]/message/LNMZJCDHGLJJLXO4OXWJMTVQRNWOC7UL/ [No Types Assigned] -
CVE Modified by [email protected]
Oct. 26, 2023
Action Type Old Value New Value Added Reference https://lists.fedoraproject.org/archives/list/[email protected]/message/FNA62Q767CFAFHBCDKYNPBMZWB7TWYVU/ [No Types Assigned] -
CVE Modified by [email protected]
Oct. 26, 2023
Action Type Old Value New Value Added Reference https://lists.fedoraproject.org/archives/list/[email protected]/message/LKYHSZQFDNR7RSA7LHVLLIAQMVYCUGBG/ [No Types Assigned] Added Reference https://lists.fedoraproject.org/archives/list/[email protected]/message/X6QXN4ORIVF6XBW4WWFE7VNPVC74S45Y/ [No Types Assigned] -
CVE Modified by [email protected]
Oct. 25, 2023
Action Type Old Value New Value Added Reference https://lists.fedoraproject.org/archives/list/[email protected]/message/ZLU6U2R2IC2K64NDPNMV55AUAO65MAF4/ [No Types Assigned] Added Reference https://lists.fedoraproject.org/archives/list/[email protected]/message/BFQD3KUEMFBHPAPBGLWQC34L4OWL5HAZ/ [No Types Assigned] Added Reference https://lists.fedoraproject.org/archives/list/[email protected]/message/WLPRQ5TWUQQXYWBJM7ECYDAIL2YVKIUH/ [No Types Assigned] Added Reference https://lists.fedoraproject.org/archives/list/[email protected]/message/E72T67UPDRXHIDLO3OROR25YAMN4GGW5/ [No Types Assigned] -
Reanalysis by [email protected]
Oct. 25, 2023
Action Type Old Value New Value Changed CPE Configuration OR *cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:* versions up to (excluding) 21.0.0 OR *cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:* versions from (including) 18.0.0 up to (excluding) 18.18.2 *cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:* versions from (including) 20.0.0 up to (excluding) 20.8.1 -
Modified Analysis by [email protected]
Oct. 24, 2023
Action Type Old Value New Value Changed Reference Type http://www.openwall.com/lists/oss-security/2023/10/18/4 No Types Assigned http://www.openwall.com/lists/oss-security/2023/10/18/4 Mailing List, Third Party Advisory Changed Reference Type http://www.openwall.com/lists/oss-security/2023/10/18/8 No Types Assigned http://www.openwall.com/lists/oss-security/2023/10/18/8 Mailing List, Third Party Advisory Changed Reference Type http://www.openwall.com/lists/oss-security/2023/10/19/6 No Types Assigned http://www.openwall.com/lists/oss-security/2023/10/19/6 Mailing List, Third Party Advisory Changed Reference Type http://www.openwall.com/lists/oss-security/2023/10/20/8 No Types Assigned http://www.openwall.com/lists/oss-security/2023/10/20/8 Mailing List Changed Reference Type https://lists.fedoraproject.org/archives/list/[email protected]/message/JIZSEFC3YKCGABA2BZW6ZJRMDZJMB7PJ/ No Types Assigned https://lists.fedoraproject.org/archives/list/[email protected]/message/JIZSEFC3YKCGABA2BZW6ZJRMDZJMB7PJ/ Mailing List Changed Reference Type https://lists.fedoraproject.org/archives/list/[email protected]/message/ZKQSIKIAT5TJ3WSLU3RDBQ35YX4GY4V3/ No Types Assigned https://lists.fedoraproject.org/archives/list/[email protected]/message/ZKQSIKIAT5TJ3WSLU3RDBQ35YX4GY4V3/ Mailing List Changed CPE Configuration OR *cpe:2.3:a:linkerd:linkerd:*:*:*:*:*:*:*:* versions from (including) 2.12.0 up to (including) 2.12.5 *cpe:2.3:a:linkerd:linkerd:2.13.0:*:*:*:*:*:*:* *cpe:2.3:a:linkerd:linkerd:2.13.1:*:*:*:*:*:*:* *cpe:2.3:a:linkerd:linkerd:2.14.0:*:*:*:*:*:*:* *cpe:2.3:a:linkerd:linkerd:2.14.1:*:*:*:*:*:*:* OR *cpe:2.3:a:linkerd:linkerd:*:*:*:*:stable:kubernetes:*:* versions from (including) 2.12.0 up to (including) 2.12.5 *cpe:2.3:a:linkerd:linkerd:2.13.0:*:*:*:stable:kubernetes:*:* *cpe:2.3:a:linkerd:linkerd:2.13.1:*:*:*:stable:kubernetes:*:* *cpe:2.3:a:linkerd:linkerd:2.14.0:*:*:*:stable:kubernetes:*:* *cpe:2.3:a:linkerd:linkerd:2.14.1:*:*:*:stable:kubernetes:*:* Changed CPE Configuration OR *cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:* OR *cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:* *cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:* Added CPE Configuration OR *cpe:2.3:a:jenkins:jenkins:*:*:*:*:lts:*:*:* versions up to (including) 2.414.2 *cpe:2.3:a:jenkins:jenkins:*:*:*:*:-:*:*:* versions up to (including) 2.427 Added CPE Configuration OR *cpe:2.3:a:apache:solr:*:*:*:*:*:*:*:* versions up to (excluding) 9.4.0 -
CVE Modified by [email protected]
Oct. 20, 2023
Action Type Old Value New Value Added Reference http://www.openwall.com/lists/oss-security/2023/10/20/8 [No Types Assigned] -
CVE Modified by [email protected]
Oct. 20, 2023
Action Type Old Value New Value Added Reference https://lists.fedoraproject.org/archives/list/[email protected]/message/JIZSEFC3YKCGABA2BZW6ZJRMDZJMB7PJ/ [No Types Assigned] Added Reference https://lists.fedoraproject.org/archives/list/[email protected]/message/ZKQSIKIAT5TJ3WSLU3RDBQ35YX4GY4V3/ [No Types Assigned] -
CVE Modified by [email protected]
Oct. 19, 2023
Action Type Old Value New Value Added Reference http://www.openwall.com/lists/oss-security/2023/10/19/6 [No Types Assigned] -
CVE Modified by [email protected]
Oct. 19, 2023
Action Type Old Value New Value Added Reference http://www.openwall.com/lists/oss-security/2023/10/18/8 [No Types Assigned] -
CVE Modified by [email protected]
Oct. 18, 2023
Action Type Old Value New Value Added Reference http://www.openwall.com/lists/oss-security/2023/10/18/4 [No Types Assigned] -
Reanalysis by [email protected]
Oct. 18, 2023
Action Type Old Value New Value Changed Reference Type https://arstechnica.com/security/2023/10/how-ddosers-used-the-http-2-protocol-to-deliver-attacks-of-unprecedented-size/ Third Party Advisory https://arstechnica.com/security/2023/10/how-ddosers-used-the-http-2-protocol-to-deliver-attacks-of-unprecedented-size/ Press/Media Coverage, Third Party Advisory Changed Reference Type https://blog.qualys.com/vulnerabilities-threat-research/2023/10/10/cve-2023-44487-http-2-rapid-reset-attack Vendor Advisory https://blog.qualys.com/vulnerabilities-threat-research/2023/10/10/cve-2023-44487-http-2-rapid-reset-attack Press/Media Coverage Changed Reference Type https://bugzilla.suse.com/show_bug.cgi?id=1216123 Issue Tracking https://bugzilla.suse.com/show_bug.cgi?id=1216123 Issue Tracking, Vendor Advisory Changed Reference Type https://github.com/advisories/GHSA-qppj-fm5r-hxr3 Issue Tracking, Vendor Advisory https://github.com/advisories/GHSA-qppj-fm5r-hxr3 Vendor Advisory Changed Reference Type https://github.com/apache/httpd/blob/afcdbeebbff4b0c50ea26cdd16e178c0d1f24152/modules/http2/h2_mplx.c#L1101-L1113 Vendor Advisory https://github.com/apache/httpd/blob/afcdbeebbff4b0c50ea26cdd16e178c0d1f24152/modules/http2/h2_mplx.c#L1101-L1113 Product Changed Reference Type https://github.com/arkrwn/PoC/tree/main/CVE-2023-44487 Issue Tracking, Vendor Advisory https://github.com/arkrwn/PoC/tree/main/CVE-2023-44487 Vendor Advisory Changed Reference Type https://github.com/caddyserver/caddy/releases/tag/v2.7.5 Issue Tracking, Vendor Advisory https://github.com/caddyserver/caddy/releases/tag/v2.7.5 Release Notes Changed Reference Type https://github.com/etcd-io/etcd/issues/16740 Issue Tracking, Vendor Advisory https://github.com/etcd-io/etcd/issues/16740 Issue Tracking, Patch, Vendor Advisory Changed Reference Type https://github.com/kazu-yamamoto/http2/issues/93 Vendor Advisory https://github.com/kazu-yamamoto/http2/issues/93 Issue Tracking Changed Reference Type https://github.com/line/armeria/pull/5232 Issue Tracking, Vendor Advisory https://github.com/line/armeria/pull/5232 Issue Tracking, Patch, Vendor Advisory Changed Reference Type https://github.com/projectcontour/contour/pull/5826 Issue Tracking, Vendor Advisory https://github.com/projectcontour/contour/pull/5826 Issue Tracking, Patch, Vendor Advisory Changed Reference Type https://linkerd.io/2023/10/12/linkerd-cve-2023-44487/ Third Party Advisory https://linkerd.io/2023/10/12/linkerd-cve-2023-44487/ Vendor Advisory Changed Reference Type https://lists.debian.org/debian-lts-announce/2023/10/msg00020.html Vendor Advisory https://lists.debian.org/debian-lts-announce/2023/10/msg00020.html Mailing List Changed Reference Type https://lists.debian.org/debian-lts-announce/2023/10/msg00023.html Third Party Advisory https://lists.debian.org/debian-lts-announce/2023/10/msg00023.html Mailing List, Third Party Advisory Changed Reference Type https://lists.debian.org/debian-lts-announce/2023/10/msg00024.html Third Party Advisory https://lists.debian.org/debian-lts-announce/2023/10/msg00024.html Mailing List, Third Party Advisory Changed Reference Type https://lists.fedoraproject.org/archives/list/[email protected]/message/JMEXY22BFG5Q64HQCM5CK2Q7KDKVV4TY/ Third Party Advisory https://lists.fedoraproject.org/archives/list/[email protected]/message/JMEXY22BFG5Q64HQCM5CK2Q7KDKVV4TY/ Mailing List, Third Party Advisory Changed Reference Type https://lists.w3.org/Archives/Public/ietf-http-wg/2023OctDec/0025.html Third Party Advisory https://lists.w3.org/Archives/Public/ietf-http-wg/2023OctDec/0025.html Mailing List Changed Reference Type https://martinthomson.github.io/h2-stream-limits/draft-thomson-httpbis-h2-stream-limits.html Vendor Advisory https://martinthomson.github.io/h2-stream-limits/draft-thomson-httpbis-h2-stream-limits.html Third Party Advisory Changed Reference Type https://news.ycombinator.com/item?id=37837043 Third Party Advisory https://news.ycombinator.com/item?id=37837043 Issue Tracking Changed CPE Configuration OR *cpe:2.3:a:caddyserver:caddy:*:*:*:*:*:*:*:* versions up to (excluding) 2.5.7 OR *cpe:2.3:a:caddyserver:caddy:*:*:*:*:*:*:*:* versions up to (excluding) 2.7.5 Changed CPE Configuration OR *cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:* versions from (including) 6.0.0 up to (excluding) 6.0.23 *cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:* versions from (including) 7.0.0 up to (excluding) 7.0.12 *cpe:2.3:a:microsoft:asp.net_core:*:*:*:*:*:*:*:* versions from (including) 6.0.0 up to (excluding) 6.0.23 *cpe:2.3:a:microsoft:asp.net_core:*:*:*:*:*:*:*:* versions from (including) 7.0.0 up to (excluding) 7.0.12 *cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:* versions from (including) 17.0 up to (excluding) 17.2.20 *cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:* versions from (including) 17.4 up to (excluding) 17.4.12 *cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:* versions from (including) 17.6 up to (excluding) 17.6.8 *cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:* versions from (including) 17.7 up to (excluding) 17.7.5 *cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x64:* versions up to (excluding) 10.0.14393.6351 *cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x86:* versions up to (excluding) 10.0.14393.6351 *cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:*:* versions up to (excluding) 10.0.17763.4974 *cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:*:* versions up to (excluding) 10.0.19044.3570 *cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:*:* versions up to (excluding) 10.0.19045.3570 *cpe:2.3:o:microsoft:windows_11_21h2:*:*:*:*:*:*:*:* versions up to (excluding) 10.0.22000.2538 *cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:*:* versions up to (excluding) 10.0.22621.2428 *cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:* *cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:* *cpe:2.3:o:microsoft:windows_server_2022:-:*:*:*:*:*:*:* OR *cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:* versions from (including) 6.0.0 up to (excluding) 6.0.23 *cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:* versions from (including) 7.0.0 up to (excluding) 7.0.12 *cpe:2.3:a:microsoft:asp.net_core:*:*:*:*:*:*:*:* versions from (including) 6.0.0 up to (excluding) 6.0.23 *cpe:2.3:a:microsoft:asp.net_core:*:*:*:*:*:*:*:* versions from (including) 7.0.0 up to (excluding) 7.0.12 *cpe:2.3:a:microsoft:azure_kubernetes_service:*:*:*:*:*:*:*:* versions up to (excluding) 2023-10-08 *cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:* versions from (including) 17.0 up to (excluding) 17.2.20 *cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:* versions from (including) 17.4 up to (excluding) 17.4.12 *cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:* versions from (including) 17.6 up to (excluding) 17.6.8 *cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:* versions from (including) 17.7 up to (excluding) 17.7.5 *cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x64:* versions up to (excluding) 10.0.14393.6351 *cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x86:* versions up to (excluding) 10.0.14393.6351 *cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:*:* versions up to (excluding) 10.0.17763.4974 *cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:*:* versions up to (excluding) 10.0.19044.3570 *cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:*:* versions up to (excluding) 10.0.19045.3570 *cpe:2.3:o:microsoft:windows_11_21h2:*:*:*:*:*:*:*:* versions up to (excluding) 10.0.22000.2538 *cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:*:* versions up to (excluding) 10.0.22621.2428 *cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:* *cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:* *cpe:2.3:o:microsoft:windows_server_2022:-:*:*:*:*:*:*:* Changed CPE Configuration OR *cpe:2.3:a:apache:traffic_server:*:*:*:*:*:*:*:* versions from (including) 8.0.0 up to (excluding) 8.1.9 *cpe:2.3:a:apache:traffic_server:*:*:*:*:*:*:*:* versions from (including) 9.0.0 up to (excluding) 9.2.3 OR *cpe:2.3:a:apache:apisix:*:*:*:*:*:*:*:* versions up to (excluding) 3.6.1 *cpe:2.3:a:apache:traffic_server:*:*:*:*:*:*:*:* versions from (including) 8.0.0 up to (excluding) 8.1.9 *cpe:2.3:a:apache:traffic_server:*:*:*:*:*:*:*:* versions from (including) 9.0.0 up to (excluding) 9.2.3 Added CPE Configuration OR *cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:* *cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:* *cpe:2.3:o:debian:debian_linux:12.0:*:*:*:*:*:*:* Added CPE Configuration OR *cpe:2.3:a:kazu-yamamoto:http2:*:*:*:*:*:*:*:* versions up to (excluding) 4.2.2 Added CPE Configuration OR *cpe:2.3:a:istio:istio:*:*:*:*:*:*:*:* versions up to (excluding) 1.17.6 *cpe:2.3:a:istio:istio:*:*:*:*:*:*:*:* versions from (including) 1.18.0 up to (excluding) 1.18.3 *cpe:2.3:a:istio:istio:*:*:*:*:*:*:*:* versions from (including) 1.19.0 up to (excluding) 1.19.1 Added CPE Configuration OR *cpe:2.3:a:varnish_cache_project:varnish_cache:*:*:*:*:*:*:*:* versions up to (excluding) 2023-10-10 Added CPE Configuration OR *cpe:2.3:a:traefik:traefik:*:*:*:*:*:*:*:* versions up to (excluding) 2.10.5 *cpe:2.3:a:traefik:traefik:3.0.0:beta1:*:*:*:*:*:* *cpe:2.3:a:traefik:traefik:3.0.0:beta2:*:*:*:*:*:* *cpe:2.3:a:traefik:traefik:3.0.0:beta3:*:*:*:*:*:* Added CPE Configuration OR *cpe:2.3:a:projectcontour:contour:*:*:*:*:*:kubernetes:*:* versions up to (excluding) 2023-10-11 Added CPE Configuration OR *cpe:2.3:a:linkerd:linkerd:*:*:*:*:*:*:*:* versions from (including) 2.12.0 up to (including) 2.12.5 *cpe:2.3:a:linkerd:linkerd:2.13.0:*:*:*:*:*:*:* *cpe:2.3:a:linkerd:linkerd:2.13.1:*:*:*:*:*:*:* *cpe:2.3:a:linkerd:linkerd:2.14.0:*:*:*:*:*:*:* *cpe:2.3:a:linkerd:linkerd:2.14.1:*:*:*:*:*:*:* Added CPE Configuration OR *cpe:2.3:a:linecorp:armeria:*:*:*:*:*:*:*:* versions up to (excluding) 1.26.0 Added CPE Configuration OR *cpe:2.3:a:redhat:3scale_api_management_platform:2.0:*:*:*:*:*:*:* *cpe:2.3:a:redhat:advanced_cluster_management_for_kubernetes:2.0:*:*:*:*:*:*:* *cpe:2.3:a:redhat:advanced_cluster_security:3.0:*:*:*:*:*:*:* *cpe:2.3:a:redhat:advanced_cluster_security:4.0:*:*:*:*:*:*:* *cpe:2.3:a:redhat:ansible_automation_platform:2.0:*:*:*:*:*:*:* *cpe:2.3:a:redhat:build_of_optaplanner:8.0:*:*:*:*:*:*:* *cpe:2.3:a:redhat:build_of_quarkus:-:*:*:*:*:*:*:* *cpe:2.3:a:redhat:ceph_storage:5.0:*:*:*:*:*:*:* *cpe:2.3:a:redhat:cert-manager_operator_for_red_hat_openshift:-:*:*:*:*:*:*:* *cpe:2.3:a:redhat:certification_for_red_hat_enterprise_linux:8.0:*:*:*:*:*:*:* *cpe:2.3:a:redhat:certification_for_red_hat_enterprise_linux:9.0:*:*:*:*:*:*:* *cpe:2.3:a:redhat:cost_management:-:*:*:*:*:*:*:* *cpe:2.3:a:redhat:cryostat:2.0:*:*:*:*:*:*:* *cpe:2.3:a:redhat:decision_manager:7.0:*:*:*:*:*:*:* *cpe:2.3:a:redhat:fence_agents_remediation_operator:-:*:*:*:*:*:*:* *cpe:2.3:a:redhat:integration_camel_for_spring_boot:-:*:*:*:*:*:*:* *cpe:2.3:a:redhat:integration_camel_k:-:*:*:*:*:*:*:* *cpe:2.3:a:redhat:integration_service_registry:-:*:*:*:*:*:*:* *cpe:2.3:a:redhat:jboss_a-mq:7:*:*:*:*:*:*:* *cpe:2.3:a:redhat:jboss_a-mq_streams:-:*:*:*:*:*:*:* *cpe:2.3:a:redhat:jboss_core_services:-:*:*:*:*:*:*:* *cpe:2.3:a:redhat:jboss_data_grid:7.0.0:*:*:*:*:*:*:* *cpe:2.3:a:redhat:jboss_enterprise_application_platform:6.0.0:*:*:*:*:*:*:* *cpe:2.3:a:redhat:jboss_enterprise_application_platform:7.0.0:*:*:*:*:*:*:* *cpe:2.3:a:redhat:jboss_fuse:6.0.0:*:*:*:*:*:*:* *cpe:2.3:a:redhat:jboss_fuse:7.0.0:*:*:*:*:*:*:* *cpe:2.3:a:redhat:logging_subsystem_for_red_hat_openshift:-:*:*:*:*:*:*:* *cpe:2.3:a:redhat:machine_deletion_remediation_operator:-:*:*:*:*:*:*:* *cpe:2.3:a:redhat:migration_toolkit_for_applications:6.0:*:*:*:*:*:*:* *cpe:2.3:a:redhat:migration_toolkit_for_containers:-:*:*:*:*:*:*:* *cpe:2.3:a:redhat:migration_toolkit_for_virtualization:-:*:*:*:*:*:*:* *cpe:2.3:a:redhat:network_observability_operator:-:*:*:*:*:*:*:* *cpe:2.3:a:redhat:node_healthcheck_operator:-:*:*:*:*:*:*:* *cpe:2.3:a:redhat:node_maintenance_operator:-:*:*:*:*:*:*:* *cpe:2.3:a:redhat:openshift:-:*:*:*:*:aws:*:* *cpe:2.3:a:redhat:openshift_api_for_data_protection:-:*:*:*:*:*:*:* *cpe:2.3:a:redhat:openshift_container_platform:4.0:*:*:*:*:*:*:* *cpe:2.3:a:redhat:openshift_container_platform_assisted_installer:-:*:*:*:*:*:*:* *cpe:2.3:a:redhat:openshift_data_science:-:*:*:*:*:*:*:* *cpe:2.3:a:redhat:openshift_dev_spaces:-:*:*:*:*:*:*:* *cpe:2.3:a:redhat:openshift_developer_tools_and_services:-:*:*:*:*:*:*:* *cpe:2.3:a:redhat:openshift_distributed_tracing:-:*:*:*:*:*:*:* *cpe:2.3:a:redhat:openshift_gitops:-:*:*:*:*:*:*:* *cpe:2.3:a:redhat:openshift_pipelines:-:*:*:*:*:*:*:* *cpe:2.3:a:redhat:openshift_sandboxed_containers:-:*:*:*:*:*:*:* *cpe:2.3:a:redhat:openshift_secondary_scheduler_operator:-:*:*:*:*:*:*:* *cpe:2.3:a:redhat:openshift_serverless:-:*:*:*:*:*:*:* *cpe:2.3:a:redhat:openshift_service_mesh:2.0:*:*:*:*:*:*:* *cpe:2.3:a:redhat:openshift_virtualization:4:*:*:*:*:*:*:* *cpe:2.3:a:redhat:openstack_platform:16.1:*:*:*:*:*:*:* *cpe:2.3:a:redhat:openstack_platform:16.2:*:*:*:*:*:*:* *cpe:2.3:a:redhat:openstack_platform:17.1:*:*:*:*:*:*:* *cpe:2.3:a:redhat:process_automation:7.0:*:*:*:*:*:*:* *cpe:2.3:a:redhat:quay:3.0.0:*:*:*:*:*:*:* *cpe:2.3:a:redhat:run_once_duration_override_operator:-:*:*:*:*:*:*:* *cpe:2.3:a:redhat:satellite:6.0:*:*:*:*:*:*:* *cpe:2.3:a:redhat:self_node_remediation_operator:-:*:*:*:*:*:*:* *cpe:2.3:a:redhat:service_interconnect:1.0:*:*:*:*:*:*:* *cpe:2.3:a:redhat:single_sign-on:7.0:*:*:*:*:*:*:* *cpe:2.3:a:redhat:support_for_spring_boot:-:*:*:*:*:*:*:* *cpe:2.3:a:redhat:web_terminal:-:*:*:*:*:*:*:* *cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:* *cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:* *cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:* Added CPE Configuration AND OR *cpe:2.3:a:redhat:service_telemetry_framework:1.5:*:*:*:*:*:*:* OR cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:* Added CPE Configuration OR *cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:* Added CPE Configuration OR *cpe:2.3:a:netapp:astra_control_center:-:*:*:*:*:*:*:* Added CPE Configuration OR *cpe:2.3:a:akka:http_server:*:*:*:*:*:*:*:* versions up to (excluding) 10.5.3 Added CPE Configuration OR *cpe:2.3:a:konghq:kong_gateway:*:*:*:*:enterprise:*:*:* versions up to (excluding) 3.4.2 -
Modified Analysis by [email protected]
Oct. 18, 2023
Action Type Old Value New Value Changed Reference Type http://www.openwall.com/lists/oss-security/2023/10/13/9 No Types Assigned http://www.openwall.com/lists/oss-security/2023/10/13/9 Mailing List, Third Party Advisory Changed Reference Type https://arstechnica.com/security/2023/10/how-ddosers-used-the-http-2-protocol-to-deliver-attacks-of-unprecedented-size/ No Types Assigned https://arstechnica.com/security/2023/10/how-ddosers-used-the-http-2-protocol-to-deliver-attacks-of-unprecedented-size/ Third Party Advisory Changed Reference Type https://cgit.freebsd.org/ports/commit/?id=c64c329c2c1752f46b73e3e6ce9f4329be6629f9 Patch https://cgit.freebsd.org/ports/commit/?id=c64c329c2c1752f46b73e3e6ce9f4329be6629f9 Mailing List, Patch Changed Reference Type https://edg.io/lp/blog/resets-leaks-ddos-and-the-tale-of-a-hidden-cve Technical Description, Vendor Advisory https://edg.io/lp/blog/resets-leaks-ddos-and-the-tale-of-a-hidden-cve Technical Description, Third Party Advisory Changed Reference Type https://gist.github.com/adulau/7c2bfb8e9cdbe4b35a5e131c66a0c088 Vendor Advisory https://gist.github.com/adulau/7c2bfb8e9cdbe4b35a5e131c66a0c088 Third Party Advisory Changed Reference Type https://github.com/advisories/GHSA-vx74-f528-fxqg Vendor Advisory https://github.com/advisories/GHSA-vx74-f528-fxqg Mitigation, Patch, Vendor Advisory Changed Reference Type https://github.com/advisories/GHSA-xpw8-rcwv-8f8p Vendor Advisory https://github.com/advisories/GHSA-xpw8-rcwv-8f8p Patch, Vendor Advisory Changed Reference Type https://github.com/alibaba/tengine/issues/1872 Vendor Advisory https://github.com/alibaba/tengine/issues/1872 Issue Tracking, Vendor Advisory Changed Reference Type https://github.com/apache/tomcat/tree/main/java/org/apache/coyote/http2 Vendor Advisory https://github.com/apache/tomcat/tree/main/java/org/apache/coyote/http2 Product Changed Reference Type https://github.com/apache/trafficserver/pull/10564 Vendor Advisory https://github.com/apache/trafficserver/pull/10564 Patch, Vendor Advisory Changed Reference Type https://github.com/bcdannyboy/CVE-2023-44487 Vendor Advisory https://github.com/bcdannyboy/CVE-2023-44487 Third Party Advisory Changed Reference Type https://github.com/caddyserver/caddy/issues/5877 Vendor Advisory https://github.com/caddyserver/caddy/issues/5877 Issue Tracking, Vendor Advisory Changed Reference Type https://github.com/dotnet/announcements/issues/277 Vendor Advisory https://github.com/dotnet/announcements/issues/277 Mitigation, Vendor Advisory Changed Reference Type https://github.com/dotnet/core/blob/e4613450ea0da7fd2fc6b61dfb2c1c1dec1ce9ec/release-notes/6.0/6.0.23/6.0.23.md?plain=1#L73 Vendor Advisory https://github.com/dotnet/core/blob/e4613450ea0da7fd2fc6b61dfb2c1c1dec1ce9ec/release-notes/6.0/6.0.23/6.0.23.md?plain=1#L73 Product, Release Notes, Vendor Advisory Changed Reference Type https://github.com/eclipse/jetty.project/issues/10679 Vendor Advisory https://github.com/eclipse/jetty.project/issues/10679 Issue Tracking, Vendor Advisory Changed Reference Type https://github.com/envoyproxy/envoy/pull/30055 Vendor Advisory https://github.com/envoyproxy/envoy/pull/30055 Patch, Vendor Advisory Changed Reference Type https://github.com/facebook/proxygen/pull/466 Vendor Advisory https://github.com/facebook/proxygen/pull/466 Patch, Vendor Advisory Changed Reference Type https://github.com/golang/go/issues/63417 Vendor Advisory https://github.com/golang/go/issues/63417 Issue Tracking, Vendor Advisory Changed Reference Type https://github.com/grpc/grpc-go/pull/6703 Vendor Advisory https://github.com/grpc/grpc-go/pull/6703 Patch, Vendor Advisory Changed Reference Type https://github.com/h2o/h2o/pull/3291 Vendor Advisory https://github.com/h2o/h2o/pull/3291 Patch Changed Reference Type https://github.com/haproxy/haproxy/issues/2312 Vendor Advisory https://github.com/haproxy/haproxy/issues/2312 Issue Tracking, Vendor Advisory Changed Reference Type https://github.com/icing/mod_h2/blob/0a864782af0a942aa2ad4ed960a6b32cd35bcf0a/mod_http2/README.md?plain=1#L239-L244 Vendor Advisory https://github.com/icing/mod_h2/blob/0a864782af0a942aa2ad4ed960a6b32cd35bcf0a/mod_http2/README.md?plain=1#L239-L244 Product, Vendor Advisory Changed Reference Type https://github.com/kubernetes/kubernetes/pull/121120 Vendor Advisory https://github.com/kubernetes/kubernetes/pull/121120 Patch, Vendor Advisory Changed Reference Type https://github.com/micrictor/http2-rst-stream Vendor Advisory https://github.com/micrictor/http2-rst-stream Exploit, Third Party Advisory Changed Reference Type https://github.com/microsoft/CBL-Mariner/pull/6381 Vendor Advisory https://github.com/microsoft/CBL-Mariner/pull/6381 Patch, Vendor Advisory Changed Reference Type https://github.com/netty/netty/commit/58f75f665aa81a8cbcf6ffa74820042a285c5e61 Vendor Advisory https://github.com/netty/netty/commit/58f75f665aa81a8cbcf6ffa74820042a285c5e61 Patch, Vendor Advisory Changed Reference Type https://github.com/nghttp2/nghttp2/pull/1961 Vendor Advisory https://github.com/nghttp2/nghttp2/pull/1961 Patch, Vendor Advisory Changed Reference Type https://github.com/nghttp2/nghttp2/releases/tag/v1.57.0 Vendor Advisory https://github.com/nghttp2/nghttp2/releases/tag/v1.57.0 Release Notes Changed Reference Type https://github.com/opensearch-project/data-prepper/issues/3474 Vendor Advisory https://github.com/opensearch-project/data-prepper/issues/3474 Issue Tracking, Patch, Vendor Advisory Changed Reference Type https://github.com/oqtane/oqtane.framework/discussions/3367 Vendor Advisory https://github.com/oqtane/oqtane.framework/discussions/3367 Issue Tracking, Vendor Advisory Changed Reference Type https://linkerd.io/2023/10/12/linkerd-cve-2023-44487/ No Types Assigned https://linkerd.io/2023/10/12/linkerd-cve-2023-44487/ Third Party Advisory Changed Reference Type https://lists.apache.org/thread/5py8h42mxfsn8l1wy6o41xwhsjlsd87q Vendor Advisory https://lists.apache.org/thread/5py8h42mxfsn8l1wy6o41xwhsjlsd87q Mailing List, Vendor Advisory Changed Reference Type https://lists.debian.org/debian-lts-announce/2023/10/msg00023.html No Types Assigned https://lists.debian.org/debian-lts-announce/2023/10/msg00023.html Third Party Advisory Changed Reference Type https://lists.debian.org/debian-lts-announce/2023/10/msg00024.html No Types Assigned https://lists.debian.org/debian-lts-announce/2023/10/msg00024.html Third Party Advisory Changed Reference Type https://lists.fedoraproject.org/archives/list/[email protected]/message/JMEXY22BFG5Q64HQCM5CK2Q7KDKVV4TY/ No Types Assigned https://lists.fedoraproject.org/archives/list/[email protected]/message/JMEXY22BFG5Q64HQCM5CK2Q7KDKVV4TY/ Third Party Advisory Changed Reference Type https://lists.w3.org/Archives/Public/ietf-http-wg/2023OctDec/0025.html No Types Assigned https://lists.w3.org/Archives/Public/ietf-http-wg/2023OctDec/0025.html Third Party Advisory Changed Reference Type https://mailman.nginx.org/pipermail/nginx-devel/2023-October/S36Q5HBXR7CAIMPLLPRSSSYR4PCMWILK.html Mailing List https://mailman.nginx.org/pipermail/nginx-devel/2023-October/S36Q5HBXR7CAIMPLLPRSSSYR4PCMWILK.html Mailing List, Patch Changed Reference Type https://msrc.microsoft.com/blog/2023/10/microsoft-response-to-distributed-denial-of-service-ddos-attacks-against-http/2/ Vendor Advisory https://msrc.microsoft.com/blog/2023/10/microsoft-response-to-distributed-denial-of-service-ddos-attacks-against-http/2/ Patch, Vendor Advisory Changed Reference Type https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-44487 Patch, Vendor Advisory https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-44487 Mitigation, Patch, Vendor Advisory Changed Reference Type https://netty.io/news/2023/10/10/4-1-100-Final.html Vendor Advisory https://netty.io/news/2023/10/10/4-1-100-Final.html Release Notes, Vendor Advisory Changed Reference Type https://news.ycombinator.com/item?id=37830987 Third Party Advisory https://news.ycombinator.com/item?id=37830987 Issue Tracking, Third Party Advisory Changed Reference Type https://news.ycombinator.com/item?id=37830998 Press/Media Coverage https://news.ycombinator.com/item?id=37830998 Issue Tracking, Press/Media Coverage Changed Reference Type https://news.ycombinator.com/item?id=37831062 Third Party Advisory https://news.ycombinator.com/item?id=37831062 Issue Tracking, Third Party Advisory Changed Reference Type https://security.netapp.com/advisory/ntap-20231016-0001/ No Types Assigned https://security.netapp.com/advisory/ntap-20231016-0001/ Third Party Advisory Changed Reference Type https://tomcat.apache.org/security-10.html#Fixed_in_Apache_Tomcat_10.1.14 Vendor Advisory https://tomcat.apache.org/security-10.html#Fixed_in_Apache_Tomcat_10.1.14 Release Notes, Vendor Advisory Changed Reference Type https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/ Vendor Advisory https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/ Mitigation, Vendor Advisory Added CPE Configuration OR *cpe:2.3:a:nghttp2:nghttp2:*:*:*:*:*:*:*:* versions up to (excluding) 1.57.0 Added CPE Configuration OR *cpe:2.3:a:netty:netty:*:*:*:*:*:*:*:* versions up to (excluding) 4.1.100 Added CPE Configuration OR *cpe:2.3:a:envoyproxy:envoy:1.24.10:*:*:*:*:*:*:* *cpe:2.3:a:envoyproxy:envoy:1.25.9:*:*:*:*:*:*:* *cpe:2.3:a:envoyproxy:envoy:1.26.4:*:*:*:*:*:*:* *cpe:2.3:a:envoyproxy:envoy:1.27.0:*:*:*:*:*:*:* Added CPE Configuration OR *cpe:2.3:a:eclipse:jetty:*:*:*:*:*:*:*:* versions up to (excluding) 9.4.53 *cpe:2.3:a:eclipse:jetty:*:*:*:*:*:*:*:* versions from (including) 10.0.0 up to (excluding) 10.0.17 *cpe:2.3:a:eclipse:jetty:*:*:*:*:*:*:*:* versions from (including) 11.0.0 up to (excluding) 11.0.17 *cpe:2.3:a:eclipse:jetty:*:*:*:*:*:*:*:* versions from (including) 12.0.0 up to (excluding) 12.0.2 Added CPE Configuration OR *cpe:2.3:a:caddyserver:caddy:*:*:*:*:*:*:*:* versions up to (excluding) 2.5.7 Added CPE Configuration OR *cpe:2.3:a:golang:go:*:*:*:*:*:*:*:* versions up to (excluding) 1.20.10 *cpe:2.3:a:golang:go:*:*:*:*:*:*:*:* versions from (including) 1.21.0 up to (excluding) 1.21.3 *cpe:2.3:a:golang:http2:*:*:*:*:*:go:*:* versions up to (excluding) 0.17.0 *cpe:2.3:a:golang:networking:*:*:*:*:*:go:*:* versions up to (excluding) 0.17.0 Added CPE Configuration OR *cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:* versions from (including) 13.1.0 up to (including) 13.1.5 *cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:* versions from (including) 14.1.0 up to (including) 14.1.5 *cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:* versions from (including) 15.1.0 up to (including) 15.1.10 *cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:* versions from (including) 16.1.0 up to (including) 16.1.4 *cpe:2.3:a:f5:big-ip_access_policy_manager:17.1.0:*:*:*:*:*:*:* *cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:* versions from (including) 13.1.0 up to (including) 13.1.5 *cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:* versions from (including) 14.1.0 up to (including) 14.1.5 *cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:* versions from (including) 15.1.0 up to (including) 15.1.10 *cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:* versions from (including) 16.1.0 up to (including) 16.1.4 *cpe:2.3:a:f5:big-ip_advanced_firewall_manager:17.1.0:*:*:*:*:*:*:* *cpe:2.3:a:f5:big-ip_advanced_web_application_firewall:*:*:*:*:*:*:*:* versions from (including) 13.1.0 up to (including) 13.1.5 *cpe:2.3:a:f5:big-ip_advanced_web_application_firewall:*:*:*:*:*:*:*:* versions from (including) 14.1.0 up to (including) 14.1.5 *cpe:2.3:a:f5:big-ip_advanced_web_application_firewall:*:*:*:*:*:*:*:* versions from (including) 15.1.0 up to (including) 15.1.10 *cpe:2.3:a:f5:big-ip_advanced_web_application_firewall:*:*:*:*:*:*:*:* versions from (including) 16.1.0 up to (including) 16.1.4 *cpe:2.3:a:f5:big-ip_advanced_web_application_firewall:17.1.0:*:*:*:*:*:*:* *cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:* versions from (including) 13.1.0 up to (including) 13.1.5 *cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:* versions from (including) 14.1.0 up to (including) 14.1.5 *cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:* versions from (including) 15.1.0 up to (including) 15.1.10 *cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:* versions from (including) 16.1.0 up to (including) 16.1.4 *cpe:2.3:a:f5:big-ip_analytics:17.1.0:*:*:*:*:*:*:* *cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:* versions from (including) 13.1.0 up to (including) 13.1.5 *cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:* versions from (including) 14.1.0 up to (including) 14.1.5 *cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:* versions from (including) 15.1.0 up to (including) 15.1.10 *cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:* versions from (including) 16.1.0 up to (including) 16.1.4 *cpe:2.3:a:f5:big-ip_application_acceleration_manager:17.1.0:*:*:*:*:*:*:* *cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:* versions from (including) 13.1.0 up to (including) 13.1.5 *cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:* versions from (including) 14.1.0 up to (including) 14.1.5 *cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:* versions from (including) 15.1.0 up to (including) 15.1.10 *cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:* versions from (including) 16.1.0 up to (including) 16.1.4 *cpe:2.3:a:f5:big-ip_application_security_manager:17.1.0:*:*:*:*:*:*:* *cpe:2.3:a:f5:big-ip_application_visibility_and_reporting:*:*:*:*:*:*:*:* versions from (including) 13.1.0 up to (including) 13.1.5 *cpe:2.3:a:f5:big-ip_application_visibility_and_reporting:*:*:*:*:*:*:*:* versions from (including) 14.1.0 up to (including) 14.1.5 *cpe:2.3:a:f5:big-ip_application_visibility_and_reporting:*:*:*:*:*:*:*:* versions from (including) 15.1.0 up to (including) 15.1.10 *cpe:2.3:a:f5:big-ip_application_visibility_and_reporting:*:*:*:*:*:*:*:* versions from (including) 16.1.0 up to (including) 16.1.4 *cpe:2.3:a:f5:big-ip_application_visibility_and_reporting:17.1.0:*:*:*:*:*:*:* *cpe:2.3:a:f5:big-ip_carrier-grade_nat:*:*:*:*:*:*:*:* versions from (including) 13.1.0 up to (including) 13.1.5 *cpe:2.3:a:f5:big-ip_carrier-grade_nat:*:*:*:*:*:*:*:* versions from (including) 14.1.0 up to (including) 14.1.5 *cpe:2.3:a:f5:big-ip_carrier-grade_nat:*:*:*:*:*:*:*:* versions from (including) 15.1.0 up to (including) 15.1.10 *cpe:2.3:a:f5:big-ip_carrier-grade_nat:*:*:*:*:*:*:*:* versions from (including) 16.1.0 up to (including) 16.1.4 *cpe:2.3:a:f5:big-ip_carrier-grade_nat:17.1.0:*:*:*:*:*:*:* *cpe:2.3:a:f5:big-ip_ddos_hybrid_defender:*:*:*:*:*:*:*:* versions from (including) 13.1.0 up to (including) 13.1.5 *cpe:2.3:a:f5:big-ip_ddos_hybrid_defender:*:*:*:*:*:*:*:* versions from (including) 14.1.0 up to (including) 14.1.5 *cpe:2.3:a:f5:big-ip_ddos_hybrid_defender:*:*:*:*:*:*:*:* versions from (including) 15.1.0 up to (including) 15.1.10 *cpe:2.3:a:f5:big-ip_ddos_hybrid_defender:*:*:*:*:*:*:*:* versions from (including) 16.1.0 up to (including) 16.1.4 *cpe:2.3:a:f5:big-ip_ddos_hybrid_defender:17.1.0:*:*:*:*:*:*:* *cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:* versions from (including) 13.1.0 up to (including) 13.1.5 *cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:* versions from (including) 14.1.0 up to (including) 14.1.5 *cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:* versions from (including) 15.1.0 up to (including) 15.1.10 *cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:* versions from (including) 16.1.0 up to (including) 16.1.4 *cpe:2.3:a:f5:big-ip_domain_name_system:17.1.0:*:*:*:*:*:*:* *cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:* versions from (including) 13.1.0 up to (including) 13.1.5 *cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:* versions from (including) 14.1.0 up to (including) 14.1.5 *cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:* versions from (including) 15.1.0 up to (including) 15.1.10 *cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:* versions from (including) 16.1.0 up to (including) 16.1.4 *cpe:2.3:a:f5:big-ip_fraud_protection_service:17.1.0:*:*:*:*:*:*:* *cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:* versions from (including) 13.1.0 up to (including) 13.1.5 *cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:* versions from (including) 14.1.0 up to (including) 14.1.5 *cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:* versions from (including) 15.1.0 up to (including) 15.1.10 *cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:* versions from (including) 16.1.0 up to (including) 16.1.4 *cpe:2.3:a:f5:big-ip_global_traffic_manager:17.1.0:*:*:*:*:*:*:* *cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:* versions from (including) 13.1.0 up to (including) 13.1.5 *cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:* versions from (including) 14.1.0 up to (including) 14.1.5 *cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:* versions from (including) 15.1.0 up to (including) 15.1.10 *cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:* versions from (including) 16.1.0 up to (including) 16.1.4 *cpe:2.3:a:f5:big-ip_link_controller:17.1.0:*:*:*:*:*:*:* *cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:* versions from (including) 13.1.0 up to (including) 13.1.5 *cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:* versions from (including) 14.1.0 up to (including) 14.1.5 *cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:* versions from (including) 15.1.0 up to (including) 15.1.10 *cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:* versions from (including) 16.1.0 up to (including) 16.1.4 *cpe:2.3:a:f5:big-ip_local_traffic_manager:17.1.0:*:*:*:*:*:*:* *cpe:2.3:a:f5:big-ip_next:20.0.1:*:*:*:*:*:*:* *cpe:2.3:a:f5:big-ip_next_service_proxy_for_kubernetes:*:*:*:*:*:*:*:* versions from (including) 1.5.0 up to (including) 1.8.2 *cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:* versions from (including) 13.1.0 up to (including) 13.1.5 *cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:* versions from (including) 14.1.0 up to (including) 14.1.5 *cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:* versions from (including) 15.1.0 up to (including) 15.1.10 *cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:* versions from (including) 16.1.0 up to (including) 16.1.4 *cpe:2.3:a:f5:big-ip_policy_enforcement_manager:17.1.0:*:*:*:*:*:*:* *cpe:2.3:a:f5:big-ip_ssl_orchestrator:*:*:*:*:*:*:*:* versions from (including) 13.1.0 up to (including) 13.1.5 *cpe:2.3:a:f5:big-ip_ssl_orchestrator:*:*:*:*:*:*:*:* versions from (including) 14.1.0 up to (including) 14.1.5 *cpe:2.3:a:f5:big-ip_ssl_orchestrator:*:*:*:*:*:*:*:* versions from (including) 15.1.0 up to (including) 15.1.10 *cpe:2.3:a:f5:big-ip_ssl_orchestrator:*:*:*:*:*:*:*:* versions from (including) 16.1.0 up to (including) 16.1.4 *cpe:2.3:a:f5:big-ip_ssl_orchestrator:17.1.0:*:*:*:*:*:*:* *cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:* versions from (including) 13.1.0 up to (including) 13.1.5 *cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:* versions from (including) 14.1.0 up to (including) 14.1.5 *cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:* versions from (including) 15.1.0 up to (including) 15.1.10 *cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:* versions from (including) 16.1.0 up to (including) 16.1.4 *cpe:2.3:a:f5:big-ip_webaccelerator:17.1.0:*:*:*:*:*:*:* *cpe:2.3:a:f5:big-ip_websafe:*:*:*:*:*:*:*:* versions from (including) 13.1.0 up to (including) 13.1.5 *cpe:2.3:a:f5:big-ip_websafe:*:*:*:*:*:*:*:* versions from (including) 14.1.0 up to (including) 14.1.5 *cpe:2.3:a:f5:big-ip_websafe:*:*:*:*:*:*:*:* versions from (including) 15.1.0 up to (including) 15.1.10 *cpe:2.3:a:f5:big-ip_websafe:*:*:*:*:*:*:*:* versions from (including) 16.1.0 up to (including) 16.1.4 *cpe:2.3:a:f5:big-ip_websafe:17.1.0:*:*:*:*:*:*:* *cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:* versions from (including) 1.9.5 up to (including) 1.25.2 *cpe:2.3:a:f5:nginx_ingress_controller:*:*:*:*:*:*:*:* versions from (including) 2.0.0 up to (including) 2.4.2 *cpe:2.3:a:f5:nginx_ingress_controller:*:*:*:*:*:*:*:* versions from (including) 3.0.0 up to (including) 3.3.0 *cpe:2.3:a:f5:nginx_plus:*:*:*:*:*:*:*:* versions from (including) r25 up to (excluding) r29 *cpe:2.3:a:f5:nginx_plus:r29:-:*:*:*:*:*:* *cpe:2.3:a:f5:nginx_plus:r30:-:*:*:*:*:*:* Added CPE Configuration OR *cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:* versions from (including) 8.5.0 up to (including) 8.5.93 *cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:* versions from (including) 9.0.0 up to (including) 9.0.80 *cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:* versions from (including) 10.1.0 up to (including) 10.1.13 *cpe:2.3:a:apache:tomcat:11.0.0:milestone1:*:*:*:*:*:* *cpe:2.3:a:apache:tomcat:11.0.0:milestone10:*:*:*:*:*:* *cpe:2.3:a:apache:tomcat:11.0.0:milestone11:*:*:*:*:*:* *cpe:2.3:a:apache:tomcat:11.0.0:milestone2:*:*:*:*:*:* *cpe:2.3:a:apache:tomcat:11.0.0:milestone3:*:*:*:*:*:* *cpe:2.3:a:apache:tomcat:11.0.0:milestone4:*:*:*:*:*:* *cpe:2.3:a:apache:tomcat:11.0.0:milestone5:*:*:*:*:*:* *cpe:2.3:a:apache:tomcat:11.0.0:milestone6:*:*:*:*:*:* *cpe:2.3:a:apache:tomcat:11.0.0:milestone7:*:*:*:*:*:* *cpe:2.3:a:apache:tomcat:11.0.0:milestone8:*:*:*:*:*:* *cpe:2.3:a:apache:tomcat:11.0.0:milestone9:*:*:*:*:*:* Added CPE Configuration OR *cpe:2.3:a:apple:swiftnio_http\/2:*:*:*:*:*:swift:*:* versions up to (excluding) 1.28.0 Added CPE Configuration OR *cpe:2.3:a:grpc:grpc:*:*:*:*:*:go:*:* versions up to (excluding) 1.56.3 *cpe:2.3:a:grpc:grpc:1.57.0:-:*:*:*:go:*:* *cpe:2.3:a:grpc:grpc:*:*:*:*:*:go:*:* versions from (including) 1.58.0 up to (excluding) 1.58.3 Added CPE Configuration OR *cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:* versions from (including) 6.0.0 up to (excluding) 6.0.23 *cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:* versions from (including) 7.0.0 up to (excluding) 7.0.12 *cpe:2.3:a:microsoft:asp.net_core:*:*:*:*:*:*:*:* versions from (including) 6.0.0 up to (excluding) 6.0.23 *cpe:2.3:a:microsoft:asp.net_core:*:*:*:*:*:*:*:* versions from (including) 7.0.0 up to (excluding) 7.0.12 *cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:* versions from (including) 17.0 up to (excluding) 17.2.20 *cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:* versions from (including) 17.4 up to (excluding) 17.4.12 *cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:* versions from (including) 17.6 up to (excluding) 17.6.8 *cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:* versions from (including) 17.7 up to (excluding) 17.7.5 *cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x64:* versions up to (excluding) 10.0.14393.6351 *cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x86:* versions up to (excluding) 10.0.14393.6351 *cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:*:* versions up to (excluding) 10.0.17763.4974 *cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:*:* versions up to (excluding) 10.0.19044.3570 *cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:*:* versions up to (excluding) 10.0.19045.3570 *cpe:2.3:o:microsoft:windows_11_21h2:*:*:*:*:*:*:*:* versions up to (excluding) 10.0.22000.2538 *cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:*:* versions up to (excluding) 10.0.22621.2428 *cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:* *cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:* *cpe:2.3:o:microsoft:windows_server_2022:-:*:*:*:*:*:*:* Added CPE Configuration OR *cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:* versions up to (excluding) 21.0.0 Added CPE Configuration OR *cpe:2.3:a:microsoft:cbl-mariner:*:*:*:*:*:*:*:* versions up to (excluding) 2023-10-11 Added CPE Configuration OR *cpe:2.3:a:dena:h2o:*:*:*:*:*:*:*:* versions up to (excluding) 2023-10-10 Added CPE Configuration OR *cpe:2.3:a:facebook:proxygen:*:*:*:*:*:*:*:* versions up to (excluding) 2023.10.16.00 Added CPE Configuration OR *cpe:2.3:a:apache:traffic_server:*:*:*:*:*:*:*:* versions from (including) 8.0.0 up to (excluding) 8.1.9 *cpe:2.3:a:apache:traffic_server:*:*:*:*:*:*:*:* versions from (including) 9.0.0 up to (excluding) 9.2.3 Added CPE Configuration OR *cpe:2.3:a:amazon:opensearch_data_prepper:*:*:*:*:*:*:*:* versions up to (excluding) 2.5.0 -
CVE Modified by [email protected]
Oct. 17, 2023
Action Type Old Value New Value Added Reference https://lists.debian.org/debian-lts-announce/2023/10/msg00024.html [No Types Assigned] -
CVE Modified by [email protected]
Oct. 16, 2023
Action Type Old Value New Value Added Reference https://security.netapp.com/advisory/ntap-20231016-0001/ [No Types Assigned] -
CVE Modified by [email protected]
Oct. 16, 2023
Action Type Old Value New Value Added Reference https://lists.debian.org/debian-lts-announce/2023/10/msg00023.html [No Types Assigned] -
CVE Modified by [email protected]
Oct. 15, 2023
Action Type Old Value New Value Added Reference https://linkerd.io/2023/10/12/linkerd-cve-2023-44487/ [No Types Assigned] -
CVE Modified by [email protected]
Oct. 15, 2023
Action Type Old Value New Value Added Reference https://lists.fedoraproject.org/archives/list/[email protected]/message/JMEXY22BFG5Q64HQCM5CK2Q7KDKVV4TY/ [No Types Assigned] -
CVE Modified by [email protected]
Oct. 14, 2023
Action Type Old Value New Value Added Reference https://lists.w3.org/Archives/Public/ietf-http-wg/2023OctDec/0025.html [No Types Assigned] Added Reference https://arstechnica.com/security/2023/10/how-ddosers-used-the-http-2-protocol-to-deliver-attacks-of-unprecedented-size/ [No Types Assigned] -
CVE Modified by [email protected]
Oct. 13, 2023
Action Type Old Value New Value Added Reference http://www.openwall.com/lists/oss-security/2023/10/13/9 [No Types Assigned] -
Initial Analysis by [email protected]
Oct. 13, 2023
Action Type Old Value New Value Added CVSS V3.1 NIST AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Changed Reference Type http://www.openwall.com/lists/oss-security/2023/10/13/4 No Types Assigned http://www.openwall.com/lists/oss-security/2023/10/13/4 Mailing List, Third Party Advisory Changed Reference Type https://access.redhat.com/security/cve/cve-2023-44487 No Types Assigned https://access.redhat.com/security/cve/cve-2023-44487 Vendor Advisory Changed Reference Type https://aws.amazon.com/security/security-bulletins/AWS-2023-011/ No Types Assigned https://aws.amazon.com/security/security-bulletins/AWS-2023-011/ Vendor Advisory Changed Reference Type https://blog.cloudflare.com/technical-breakdown-http2-rapid-reset-ddos-attack/ No Types Assigned https://blog.cloudflare.com/technical-breakdown-http2-rapid-reset-ddos-attack/ Technical Description, Vendor Advisory Changed Reference Type https://blog.cloudflare.com/zero-day-rapid-reset-http2-record-breaking-ddos-attack/ No Types Assigned https://blog.cloudflare.com/zero-day-rapid-reset-http2-record-breaking-ddos-attack/ Vendor Advisory Changed Reference Type https://blog.litespeedtech.com/2023/10/11/rapid-reset-http-2-vulnerablilty/ No Types Assigned https://blog.litespeedtech.com/2023/10/11/rapid-reset-http-2-vulnerablilty/ Vendor Advisory Changed Reference Type https://blog.qualys.com/vulnerabilities-threat-research/2023/10/10/cve-2023-44487-http-2-rapid-reset-attack No Types Assigned https://blog.qualys.com/vulnerabilities-threat-research/2023/10/10/cve-2023-44487-http-2-rapid-reset-attack Vendor Advisory Changed Reference Type https://blog.vespa.ai/cve-2023-44487/ No Types Assigned https://blog.vespa.ai/cve-2023-44487/ Vendor Advisory Changed Reference Type https://bugzilla.proxmox.com/show_bug.cgi?id=4988 No Types Assigned https://bugzilla.proxmox.com/show_bug.cgi?id=4988 Issue Tracking Changed Reference Type https://bugzilla.redhat.com/show_bug.cgi?id=2242803 No Types Assigned https://bugzilla.redhat.com/show_bug.cgi?id=2242803 Issue Tracking, Vendor Advisory Changed Reference Type https://bugzilla.suse.com/show_bug.cgi?id=1216123 No Types Assigned https://bugzilla.suse.com/show_bug.cgi?id=1216123 Issue Tracking Changed Reference Type https://cgit.freebsd.org/ports/commit/?id=c64c329c2c1752f46b73e3e6ce9f4329be6629f9 No Types Assigned https://cgit.freebsd.org/ports/commit/?id=c64c329c2c1752f46b73e3e6ce9f4329be6629f9 Patch Changed Reference Type https://cloud.google.com/blog/products/identity-security/google-cloud-mitigated-largest-ddos-attack-peaking-above-398-million-rps/ No Types Assigned https://cloud.google.com/blog/products/identity-security/google-cloud-mitigated-largest-ddos-attack-peaking-above-398-million-rps/ Technical Description, Vendor Advisory Changed Reference Type https://cloud.google.com/blog/products/identity-security/how-it-works-the-novel-http2-rapid-reset-ddos-attack No Types Assigned https://cloud.google.com/blog/products/identity-security/how-it-works-the-novel-http2-rapid-reset-ddos-attack Technical Description, Vendor Advisory Changed Reference Type https://community.traefik.io/t/is-traefik-vulnerable-to-cve-2023-44487/20125 No Types Assigned https://community.traefik.io/t/is-traefik-vulnerable-to-cve-2023-44487/20125 Vendor Advisory Changed Reference Type https://edg.io/lp/blog/resets-leaks-ddos-and-the-tale-of-a-hidden-cve No Types Assigned https://edg.io/lp/blog/resets-leaks-ddos-and-the-tale-of-a-hidden-cve Technical Description, Vendor Advisory Changed Reference Type https://forums.swift.org/t/swift-nio-http2-security-update-cve-2023-44487-http-2-dos/67764 No Types Assigned https://forums.swift.org/t/swift-nio-http2-security-update-cve-2023-44487-http-2-dos/67764 Vendor Advisory Changed Reference Type https://gist.github.com/adulau/7c2bfb8e9cdbe4b35a5e131c66a0c088 No Types Assigned https://gist.github.com/adulau/7c2bfb8e9cdbe4b35a5e131c66a0c088 Vendor Advisory Changed Reference Type https://github.com/advisories/GHSA-qppj-fm5r-hxr3 No Types Assigned https://github.com/advisories/GHSA-qppj-fm5r-hxr3 Issue Tracking, Vendor Advisory Changed Reference Type https://github.com/advisories/GHSA-vx74-f528-fxqg No Types Assigned https://github.com/advisories/GHSA-vx74-f528-fxqg Vendor Advisory Changed Reference Type https://github.com/advisories/GHSA-xpw8-rcwv-8f8p No Types Assigned https://github.com/advisories/GHSA-xpw8-rcwv-8f8p Vendor Advisory Changed Reference Type https://github.com/akka/akka-http/issues/4323 No Types Assigned https://github.com/akka/akka-http/issues/4323 Issue Tracking, Vendor Advisory Changed Reference Type https://github.com/alibaba/tengine/issues/1872 No Types Assigned https://github.com/alibaba/tengine/issues/1872 Vendor Advisory Changed Reference Type https://github.com/apache/apisix/issues/10320 No Types Assigned https://github.com/apache/apisix/issues/10320 Issue Tracking, Vendor Advisory Changed Reference Type https://github.com/apache/httpd/blob/afcdbeebbff4b0c50ea26cdd16e178c0d1f24152/modules/http2/h2_mplx.c#L1101-L1113 No Types Assigned https://github.com/apache/httpd/blob/afcdbeebbff4b0c50ea26cdd16e178c0d1f24152/modules/http2/h2_mplx.c#L1101-L1113 Vendor Advisory Changed Reference Type https://github.com/apache/httpd-site/pull/10 No Types Assigned https://github.com/apache/httpd-site/pull/10 Issue Tracking, Vendor Advisory Changed Reference Type https://github.com/apache/tomcat/tree/main/java/org/apache/coyote/http2 No Types Assigned https://github.com/apache/tomcat/tree/main/java/org/apache/coyote/http2 Vendor Advisory Changed Reference Type https://github.com/apache/trafficserver/pull/10564 No Types Assigned https://github.com/apache/trafficserver/pull/10564 Vendor Advisory Changed Reference Type https://github.com/arkrwn/PoC/tree/main/CVE-2023-44487 No Types Assigned https://github.com/arkrwn/PoC/tree/main/CVE-2023-44487 Issue Tracking, Vendor Advisory Changed Reference Type https://github.com/Azure/AKS/issues/3947 No Types Assigned https://github.com/Azure/AKS/issues/3947 Issue Tracking, Vendor Advisory Changed Reference Type https://github.com/bcdannyboy/CVE-2023-44487 No Types Assigned https://github.com/bcdannyboy/CVE-2023-44487 Vendor Advisory Changed Reference Type https://github.com/caddyserver/caddy/issues/5877 No Types Assigned https://github.com/caddyserver/caddy/issues/5877 Vendor Advisory Changed Reference Type https://github.com/caddyserver/caddy/releases/tag/v2.7.5 No Types Assigned https://github.com/caddyserver/caddy/releases/tag/v2.7.5 Issue Tracking, Vendor Advisory Changed Reference Type https://github.com/dotnet/announcements/issues/277 No Types Assigned https://github.com/dotnet/announcements/issues/277 Vendor Advisory Changed Reference Type https://github.com/dotnet/core/blob/e4613450ea0da7fd2fc6b61dfb2c1c1dec1ce9ec/release-notes/6.0/6.0.23/6.0.23.md?plain=1#L73 No Types Assigned https://github.com/dotnet/core/blob/e4613450ea0da7fd2fc6b61dfb2c1c1dec1ce9ec/release-notes/6.0/6.0.23/6.0.23.md?plain=1#L73 Vendor Advisory Changed Reference Type https://github.com/eclipse/jetty.project/issues/10679 No Types Assigned https://github.com/eclipse/jetty.project/issues/10679 Vendor Advisory Changed Reference Type https://github.com/envoyproxy/envoy/pull/30055 No Types Assigned https://github.com/envoyproxy/envoy/pull/30055 Vendor Advisory Changed Reference Type https://github.com/etcd-io/etcd/issues/16740 No Types Assigned https://github.com/etcd-io/etcd/issues/16740 Issue Tracking, Vendor Advisory Changed Reference Type https://github.com/facebook/proxygen/pull/466 No Types Assigned https://github.com/facebook/proxygen/pull/466 Vendor Advisory Changed Reference Type https://github.com/golang/go/issues/63417 No Types Assigned https://github.com/golang/go/issues/63417 Vendor Advisory Changed Reference Type https://github.com/grpc/grpc-go/pull/6703 No Types Assigned https://github.com/grpc/grpc-go/pull/6703 Vendor Advisory Changed Reference Type https://github.com/h2o/h2o/pull/3291 No Types Assigned https://github.com/h2o/h2o/pull/3291 Vendor Advisory Changed Reference Type https://github.com/h2o/h2o/security/advisories/GHSA-2m7v-gc89-fjqf No Types Assigned https://github.com/h2o/h2o/security/advisories/GHSA-2m7v-gc89-fjqf Vendor Advisory Changed Reference Type https://github.com/haproxy/haproxy/issues/2312 No Types Assigned https://github.com/haproxy/haproxy/issues/2312 Vendor Advisory Changed Reference Type https://github.com/icing/mod_h2/blob/0a864782af0a942aa2ad4ed960a6b32cd35bcf0a/mod_http2/README.md?plain=1#L239-L244 No Types Assigned https://github.com/icing/mod_h2/blob/0a864782af0a942aa2ad4ed960a6b32cd35bcf0a/mod_http2/README.md?plain=1#L239-L244 Vendor Advisory Changed Reference Type https://github.com/junkurihara/rust-rpxy/issues/97 No Types Assigned https://github.com/junkurihara/rust-rpxy/issues/97 Issue Tracking, Vendor Advisory Changed Reference Type https://github.com/kazu-yamamoto/http2/commit/f61d41a502bd0f60eb24e1ce14edc7b6df6722a1 No Types Assigned https://github.com/kazu-yamamoto/http2/commit/f61d41a502bd0f60eb24e1ce14edc7b6df6722a1 Patch Changed Reference Type https://github.com/kazu-yamamoto/http2/issues/93 No Types Assigned https://github.com/kazu-yamamoto/http2/issues/93 Vendor Advisory Changed Reference Type https://github.com/Kong/kong/discussions/11741 No Types Assigned https://github.com/Kong/kong/discussions/11741 Issue Tracking, Vendor Advisory Changed Reference Type https://github.com/kubernetes/kubernetes/pull/121120 No Types Assigned https://github.com/kubernetes/kubernetes/pull/121120 Vendor Advisory Changed Reference Type https://github.com/line/armeria/pull/5232 No Types Assigned https://github.com/line/armeria/pull/5232 Issue Tracking, Vendor Advisory Changed Reference Type https://github.com/linkerd/website/pull/1695/commits/4b9c6836471bc8270ab48aae6fd2181bc73fd632 No Types Assigned https://github.com/linkerd/website/pull/1695/commits/4b9c6836471bc8270ab48aae6fd2181bc73fd632 Vendor Advisory Changed Reference Type https://github.com/micrictor/http2-rst-stream No Types Assigned https://github.com/micrictor/http2-rst-stream Vendor Advisory Changed Reference Type https://github.com/microsoft/CBL-Mariner/pull/6381 No Types Assigned https://github.com/microsoft/CBL-Mariner/pull/6381 Vendor Advisory Changed Reference Type https://github.com/netty/netty/commit/58f75f665aa81a8cbcf6ffa74820042a285c5e61 No Types Assigned https://github.com/netty/netty/commit/58f75f665aa81a8cbcf6ffa74820042a285c5e61 Vendor Advisory Changed Reference Type https://github.com/nghttp2/nghttp2/pull/1961 No Types Assigned https://github.com/nghttp2/nghttp2/pull/1961 Vendor Advisory Changed Reference Type https://github.com/nghttp2/nghttp2/releases/tag/v1.57.0 No Types Assigned https://github.com/nghttp2/nghttp2/releases/tag/v1.57.0 Vendor Advisory Changed Reference Type https://github.com/ninenines/cowboy/issues/1615 No Types Assigned https://github.com/ninenines/cowboy/issues/1615 Issue Tracking, Vendor Advisory Changed Reference Type https://github.com/nodejs/node/pull/50121 No Types Assigned https://github.com/nodejs/node/pull/50121 Vendor Advisory Changed Reference Type https://github.com/openresty/openresty/issues/930 No Types Assigned https://github.com/openresty/openresty/issues/930 Issue Tracking, Vendor Advisory Changed Reference Type https://github.com/opensearch-project/data-prepper/issues/3474 No Types Assigned https://github.com/opensearch-project/data-prepper/issues/3474 Vendor Advisory Changed Reference Type https://github.com/oqtane/oqtane.framework/discussions/3367 No Types Assigned https://github.com/oqtane/oqtane.framework/discussions/3367 Vendor Advisory Changed Reference Type https://github.com/projectcontour/contour/pull/5826 No Types Assigned https://github.com/projectcontour/contour/pull/5826 Issue Tracking, Vendor Advisory Changed Reference Type https://github.com/tempesta-tech/tempesta/issues/1986 No Types Assigned https://github.com/tempesta-tech/tempesta/issues/1986 Issue Tracking, Vendor Advisory Changed Reference Type https://github.com/varnishcache/varnish-cache/issues/3996 No Types Assigned https://github.com/varnishcache/varnish-cache/issues/3996 Issue Tracking, Vendor Advisory Changed Reference Type https://groups.google.com/g/golang-announce/c/iNNxDTCjZvo No Types Assigned https://groups.google.com/g/golang-announce/c/iNNxDTCjZvo Vendor Advisory Changed Reference Type https://istio.io/latest/news/security/istio-security-2023-004/ No Types Assigned https://istio.io/latest/news/security/istio-security-2023-004/ Vendor Advisory Changed Reference Type https://lists.apache.org/thread/5py8h42mxfsn8l1wy6o41xwhsjlsd87q No Types Assigned https://lists.apache.org/thread/5py8h42mxfsn8l1wy6o41xwhsjlsd87q Vendor Advisory Changed Reference Type https://lists.debian.org/debian-lts-announce/2023/10/msg00020.html No Types Assigned https://lists.debian.org/debian-lts-announce/2023/10/msg00020.html Vendor Advisory Changed Reference Type https://mailman.nginx.org/pipermail/nginx-devel/2023-October/S36Q5HBXR7CAIMPLLPRSSSYR4PCMWILK.html No Types Assigned https://mailman.nginx.org/pipermail/nginx-devel/2023-October/S36Q5HBXR7CAIMPLLPRSSSYR4PCMWILK.html Mailing List Changed Reference Type https://martinthomson.github.io/h2-stream-limits/draft-thomson-httpbis-h2-stream-limits.html No Types Assigned https://martinthomson.github.io/h2-stream-limits/draft-thomson-httpbis-h2-stream-limits.html Vendor Advisory Changed Reference Type https://msrc.microsoft.com/blog/2023/10/microsoft-response-to-distributed-denial-of-service-ddos-attacks-against-http/2/ No Types Assigned https://msrc.microsoft.com/blog/2023/10/microsoft-response-to-distributed-denial-of-service-ddos-attacks-against-http/2/ Vendor Advisory Changed Reference Type https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-44487 No Types Assigned https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-44487 Patch, Vendor Advisory Changed Reference Type https://my.f5.com/manage/s/article/K000137106 No Types Assigned https://my.f5.com/manage/s/article/K000137106 Vendor Advisory Changed Reference Type https://netty.io/news/2023/10/10/4-1-100-Final.html No Types Assigned https://netty.io/news/2023/10/10/4-1-100-Final.html Vendor Advisory Changed Reference Type https://news.ycombinator.com/item?id=37830987 No Types Assigned https://news.ycombinator.com/item?id=37830987 Third Party Advisory Changed Reference Type https://news.ycombinator.com/item?id=37830998 No Types Assigned https://news.ycombinator.com/item?id=37830998 Press/Media Coverage Changed Reference Type https://news.ycombinator.com/item?id=37831062 No Types Assigned https://news.ycombinator.com/item?id=37831062 Third Party Advisory Changed Reference Type https://news.ycombinator.com/item?id=37837043 No Types Assigned https://news.ycombinator.com/item?id=37837043 Third Party Advisory Changed Reference Type https://openssf.org/blog/2023/10/10/http-2-rapid-reset-vulnerability-highlights-need-for-rapid-response/ No Types Assigned https://openssf.org/blog/2023/10/10/http-2-rapid-reset-vulnerability-highlights-need-for-rapid-response/ Third Party Advisory Changed Reference Type https://seanmonstar.com/post/730794151136935936/hyper-http2-rapid-reset-unaffected No Types Assigned https://seanmonstar.com/post/730794151136935936/hyper-http2-rapid-reset-unaffected Third Party Advisory Changed Reference Type https://security.paloaltonetworks.com/CVE-2023-44487 No Types Assigned https://security.paloaltonetworks.com/CVE-2023-44487 Vendor Advisory Changed Reference Type https://tomcat.apache.org/security-10.html#Fixed_in_Apache_Tomcat_10.1.14 No Types Assigned https://tomcat.apache.org/security-10.html#Fixed_in_Apache_Tomcat_10.1.14 Vendor Advisory Changed Reference Type https://ubuntu.com/security/CVE-2023-44487 No Types Assigned https://ubuntu.com/security/CVE-2023-44487 Vendor Advisory Changed Reference Type https://www.bleepingcomputer.com/news/security/new-http-2-rapid-reset-zero-day-attack-breaks-ddos-records/ No Types Assigned https://www.bleepingcomputer.com/news/security/new-http-2-rapid-reset-zero-day-attack-breaks-ddos-records/ Third Party Advisory Changed Reference Type https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487 No Types Assigned https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487 Third Party Advisory, US Government Resource Changed Reference Type https://www.darkreading.com/cloud/internet-wide-zero-day-bug-fuels-largest-ever-ddos-event No Types Assigned https://www.darkreading.com/cloud/internet-wide-zero-day-bug-fuels-largest-ever-ddos-event Press/Media Coverage Changed Reference Type https://www.debian.org/security/2023/dsa-5521 No Types Assigned https://www.debian.org/security/2023/dsa-5521 Vendor Advisory Changed Reference Type https://www.debian.org/security/2023/dsa-5522 No Types Assigned https://www.debian.org/security/2023/dsa-5522 Vendor Advisory Changed Reference Type https://www.haproxy.com/blog/haproxy-is-not-affected-by-the-http-2-rapid-reset-attack-cve-2023-44487 No Types Assigned https://www.haproxy.com/blog/haproxy-is-not-affected-by-the-http-2-rapid-reset-attack-cve-2023-44487 Vendor Advisory Changed Reference Type https://www.netlify.com/blog/netlify-successfully-mitigates-cve-2023-44487/ No Types Assigned https://www.netlify.com/blog/netlify-successfully-mitigates-cve-2023-44487/ Vendor Advisory Changed Reference Type https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/ No Types Assigned https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/ Vendor Advisory Changed Reference Type https://www.openwall.com/lists/oss-security/2023/10/10/6 No Types Assigned https://www.openwall.com/lists/oss-security/2023/10/10/6 Mailing List, Third Party Advisory Changed Reference Type https://www.phoronix.com/news/HTTP2-Rapid-Reset-Attack No Types Assigned https://www.phoronix.com/news/HTTP2-Rapid-Reset-Attack Press/Media Coverage Changed Reference Type https://www.theregister.com/2023/10/10/http2_rapid_reset_zeroday/ No Types Assigned https://www.theregister.com/2023/10/10/http2_rapid_reset_zeroday/ Press/Media Coverage Added CWE NIST CWE-400 Added CPE Configuration OR *cpe:2.3:a:ietf:http:2.0:*:*:*:*:*:*:* -
CVE Modified by [email protected]
Oct. 13, 2023
Action Type Old Value New Value Added Reference http://www.openwall.com/lists/oss-security/2023/10/13/4 [No Types Assigned] -
CVE Modified by [email protected]
Oct. 13, 2023
Action Type Old Value New Value Added Reference https://lists.debian.org/debian-lts-announce/2023/10/msg00020.html [No Types Assigned] -
CVE Modified by [email protected]
Oct. 13, 2023
Action Type Old Value New Value Added Reference https://github.com/caddyserver/caddy/releases/tag/v2.7.5 [No Types Assigned] -
CVE Modified by [email protected]
Oct. 12, 2023
Action Type Old Value New Value Added Reference https://github.com/akka/akka-http/issues/4323 [No Types Assigned] Added Reference https://github.com/apache/apisix/issues/10320 [No Types Assigned] Added Reference https://github.com/openresty/openresty/issues/930 [No Types Assigned] Added Reference https://github.com/Azure/AKS/issues/3947 [No Types Assigned] Added Reference https://github.com/arkrwn/PoC/tree/main/CVE-2023-44487 [No Types Assigned] Added Reference https://security.paloaltonetworks.com/CVE-2023-44487 [No Types Assigned] Added Reference https://www.netlify.com/blog/netlify-successfully-mitigates-cve-2023-44487/ [No Types Assigned] Added Reference https://github.com/Kong/kong/discussions/11741 [No Types Assigned] -
CVE Modified by [email protected]
Oct. 11, 2023
Action Type Old Value New Value Added Reference https://blog.litespeedtech.com/2023/10/11/rapid-reset-http-2-vulnerablilty/ [No Types Assigned] -
CVE Modified by [email protected]
Oct. 11, 2023
Action Type Old Value New Value Added Reference https://github.com/apache/httpd-site/pull/10 [No Types Assigned] Added Reference https://github.com/line/armeria/pull/5232 [No Types Assigned] Added Reference https://github.com/projectcontour/contour/pull/5826 [No Types Assigned] Added Reference https://github.com/linkerd/website/pull/1695/commits/4b9c6836471bc8270ab48aae6fd2181bc73fd632 [No Types Assigned] -
CVE Modified by [email protected]
Oct. 11, 2023
Action Type Old Value New Value Added Reference https://blog.vespa.ai/cve-2023-44487/ [No Types Assigned] Added Reference https://github.com/tempesta-tech/tempesta/issues/1986 [No Types Assigned] Added Reference https://ubuntu.com/security/CVE-2023-44487 [No Types Assigned] Added Reference https://access.redhat.com/security/cve/cve-2023-44487 [No Types Assigned] Added Reference https://github.com/junkurihara/rust-rpxy/issues/97 [No Types Assigned] Added Reference https://istio.io/latest/news/security/istio-security-2023-004/ [No Types Assigned] Added Reference https://bugzilla.redhat.com/show_bug.cgi?id=2242803 [No Types Assigned] Added Reference https://github.com/etcd-io/etcd/issues/16740 [No Types Assigned] Added Reference https://community.traefik.io/t/is-traefik-vulnerable-to-cve-2023-44487/20125 [No Types Assigned] Added Reference https://www.darkreading.com/cloud/internet-wide-zero-day-bug-fuels-largest-ever-ddos-event [No Types Assigned] Added Reference https://github.com/advisories/GHSA-qppj-fm5r-hxr3 [No Types Assigned] Added Reference https://bugzilla.suse.com/show_bug.cgi?id=1216123 [No Types Assigned] Added Reference https://github.com/ninenines/cowboy/issues/1615 [No Types Assigned] Added Reference https://github.com/varnishcache/varnish-cache/issues/3996 [No Types Assigned] -
CVE Modified by [email protected]
Oct. 11, 2023
Action Type Old Value New Value Added Reference https://www.debian.org/security/2023/dsa-5522 [No Types Assigned] Added Reference https://www.debian.org/security/2023/dsa-5521 [No Types Assigned] -
CVE Modified by [email protected]
Oct. 11, 2023
Action Type Old Value New Value Added Reference https://github.com/apache/httpd/blob/afcdbeebbff4b0c50ea26cdd16e178c0d1f24152/modules/http2/h2_mplx.c#L1101-L1113 [No Types Assigned] Added Reference https://github.com/kazu-yamamoto/http2/issues/93 [No Types Assigned] Added Reference https://martinthomson.github.io/h2-stream-limits/draft-thomson-httpbis-h2-stream-limits.html [No Types Assigned] Added Reference https://github.com/kazu-yamamoto/http2/commit/f61d41a502bd0f60eb24e1ce14edc7b6df6722a1 [No Types Assigned] -
CVE Modified by [email protected]
Oct. 11, 2023
Action Type Old Value New Value Added Reference https://blog.qualys.com/vulnerabilities-threat-research/2023/10/10/cve-2023-44487-http-2-rapid-reset-attack [No Types Assigned] Added Reference https://www.theregister.com/2023/10/10/http2_rapid_reset_zeroday/ [No Types Assigned] Added Reference https://news.ycombinator.com/item?id=37837043 [No Types Assigned] Added Reference https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487 [No Types Assigned] -
CVE Modified by [email protected]
Oct. 11, 2023
Action Type Old Value New Value Added Reference https://github.com/kubernetes/kubernetes/pull/121120 [No Types Assigned] Added Reference https://github.com/oqtane/oqtane.framework/discussions/3367 [No Types Assigned] Added Reference https://github.com/opensearch-project/data-prepper/issues/3474 [No Types Assigned] Added Reference https://github.com/advisories/GHSA-xpw8-rcwv-8f8p [No Types Assigned] Added Reference https://www.haproxy.com/blog/haproxy-is-not-affected-by-the-http-2-rapid-reset-attack-cve-2023-44487 [No Types Assigned] Added Reference https://netty.io/news/2023/10/10/4-1-100-Final.html [No Types Assigned] -
CVE Modified by [email protected]
Oct. 10, 2023
Action Type Old Value New Value Added Reference https://github.com/dotnet/core/blob/e4613450ea0da7fd2fc6b61dfb2c1c1dec1ce9ec/release-notes/6.0/6.0.23/6.0.23.md?plain=1#L73 [No Types Assigned] -
CVE Modified by [email protected]
Oct. 10, 2023
Action Type Old Value New Value Removed Reference https://github.com/hyperium/hyper/issues/3337 [No Types Assigned] Added Reference https://lists.apache.org/thread/5py8h42mxfsn8l1wy6o41xwhsjlsd87q [No Types Assigned] Added Reference https://www.openwall.com/lists/oss-security/2023/10/10/6 [No Types Assigned] Added Reference https://tomcat.apache.org/security-10.html#Fixed_in_Apache_Tomcat_10.1.14 [No Types Assigned] Added Reference https://seanmonstar.com/post/730794151136935936/hyper-http2-rapid-reset-unaffected [No Types Assigned] -
CVE Modified by [email protected]
Oct. 10, 2023
Action Type Old Value New Value Added Reference https://gist.github.com/adulau/7c2bfb8e9cdbe4b35a5e131c66a0c088 [No Types Assigned] Added Reference https://edg.io/lp/blog/resets-leaks-ddos-and-the-tale-of-a-hidden-cve [No Types Assigned] Added Reference https://github.com/micrictor/http2-rst-stream [No Types Assigned] Added Reference https://github.com/h2o/h2o/security/advisories/GHSA-2m7v-gc89-fjqf [No Types Assigned] Added Reference https://github.com/dotnet/announcements/issues/277 [No Types Assigned] Added Reference https://github.com/apache/trafficserver/pull/10564 [No Types Assigned] Added Reference https://github.com/facebook/proxygen/pull/466 [No Types Assigned] Added Reference https://github.com/microsoft/CBL-Mariner/pull/6381 [No Types Assigned] Added Reference https://groups.google.com/g/golang-announce/c/iNNxDTCjZvo [No Types Assigned] Added Reference https://github.com/nodejs/node/pull/50121 [No Types Assigned] Added Reference https://github.com/h2o/h2o/pull/3291 [No Types Assigned] Added Reference https://github.com/advisories/GHSA-vx74-f528-fxqg [No Types Assigned] Added Reference https://openssf.org/blog/2023/10/10/http-2-rapid-reset-vulnerability-highlights-need-for-rapid-response/ [No Types Assigned] Added Reference https://github.com/golang/go/issues/63417 [No Types Assigned] Added Reference https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-44487 [No Types Assigned] -
CVE Modified by [email protected]
Oct. 10, 2023
Action Type Old Value New Value Added Reference https://bugzilla.proxmox.com/show_bug.cgi?id=4988 [No Types Assigned] Added Reference https://msrc.microsoft.com/blog/2023/10/microsoft-response-to-distributed-denial-of-service-ddos-attacks-against-http/2/ [No Types Assigned] Added Reference https://cgit.freebsd.org/ports/commit/?id=c64c329c2c1752f46b73e3e6ce9f4329be6629f9 [No Types Assigned] -
CVE Modified by [email protected]
Oct. 10, 2023
Action Type Old Value New Value Added Reference https://github.com/nghttp2/nghttp2/releases/tag/v1.57.0 [No Types Assigned] Added Reference https://mailman.nginx.org/pipermail/nginx-devel/2023-October/S36Q5HBXR7CAIMPLLPRSSSYR4PCMWILK.html [No Types Assigned] Added Reference https://my.f5.com/manage/s/article/K000137106 [No Types Assigned] -
CVE Modified by [email protected]
Oct. 10, 2023
Action Type Old Value New Value Removed Reference https://chaos.social/@icing/111210915918780532 [No Types Assigned] Added Reference https://github.com/grpc/grpc-go/pull/6703 [No Types Assigned] Added Reference https://github.com/icing/mod_h2/blob/0a864782af0a942aa2ad4ed960a6b32cd35bcf0a/mod_http2/README.md?plain=1#L239-L244 [No Types Assigned] -
CVE Modified by [email protected]
Oct. 10, 2023
Action Type Old Value New Value Added Reference https://github.com/bcdannyboy/CVE-2023-44487 [No Types Assigned] Added Reference https://www.bleepingcomputer.com/news/security/new-http-2-rapid-reset-zero-day-attack-breaks-ddos-records/ [No Types Assigned] Added Reference https://github.com/eclipse/jetty.project/issues/10679 [No Types Assigned] Added Reference https://github.com/alibaba/tengine/issues/1872 [No Types Assigned] Added Reference https://forums.swift.org/t/swift-nio-http2-security-update-cve-2023-44487-http-2-dos/67764 [No Types Assigned] Added Reference https://github.com/netty/netty/commit/58f75f665aa81a8cbcf6ffa74820042a285c5e61 [No Types Assigned] Added Reference https://github.com/nghttp2/nghttp2/pull/1961 [No Types Assigned] Added Reference https://news.ycombinator.com/item?id=37830987 [No Types Assigned] Added Reference https://news.ycombinator.com/item?id=37830998 [No Types Assigned] Added Reference https://github.com/envoyproxy/envoy/pull/30055 [No Types Assigned] Added Reference https://github.com/apache/tomcat/tree/main/java/org/apache/coyote/http2 [No Types Assigned] Added Reference https://github.com/caddyserver/caddy/issues/5877 [No Types Assigned] Added Reference https://github.com/haproxy/haproxy/issues/2312 [No Types Assigned] Added Reference https://github.com/hyperium/hyper/issues/3337 [No Types Assigned] Added Reference https://chaos.social/@icing/111210915918780532 [No Types Assigned]
CWE - Common Weakness Enumeration
While CVE identifies
specific instances of vulnerabilities, CWE categorizes the common flaws or
weaknesses that can lead to vulnerabilities. CVE-2023-44487
is
associated with the following CWEs:
Common Attack Pattern Enumeration and Classification (CAPEC)
Common Attack Pattern Enumeration and Classification
(CAPEC)
stores attack patterns, which are descriptions of the common attributes and
approaches employed by adversaries to exploit the CVE-2023-44487
weaknesses.
Exploit Prediction
EPSS is a daily estimate of the probability of exploitation activity being observed over the next 30 days.
80.09 }} -1.30%
score
0.98547
percentile