Known Exploited Vulnerability
7.5
HIGH
CVE-2023-44487
HTTP/2 Rapid Reset Attack Vulnerability - [Actively Exploited]
Description

The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.

INFO

Published Date :

Oct. 10, 2023, 2:15 p.m.

Last Modified :

Dec. 20, 2024, 5:40 p.m.

Remotely Exploitable :

Yes !

Impact Score :

3.6

Exploitability Score :

3.9
CISA Notification
CISA KEV (Known Exploited Vulnerabilities)

For the benefit of the cybersecurity community and network defenders—and to help every organization better manage vulnerabilities and keep pace with threat activity—CISA maintains the authoritative source of vulnerabilities that have been exploited in the wild.

Description :

HTTP/2 contains a rapid reset vulnerability that allows for a distributed denial-of-service attack (DDoS).

Required Action :

Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Notes :

This vulnerability affects a common open-source component, third-party library, or a protocol used by different products. Please check with specific vendors for information on patching status. For more information, please see: https://blog.cloudflare.com/technical-breakdown-http2-rapid-reset-ddos-attack/ ; https://nvd.nist.gov/vuln/detail/CVE-2023-44487

Public PoC/Exploit Available at Github

CVE-2023-44487 has a 61 public PoC/Exploit available at Github. Go to the Public Exploits tab to see the list.

Affected Products

The following products are affected by CVE-2023-44487 vulnerability. Even if cvefeed.io is aware of the exact versions of the products that are affected, the information is not represented in the table below.

ID Vendor Product Action
1 Cisco ios_xe
2 Cisco expressway
3 Cisco telepresence_video_communication_server
4 Cisco nx-os
5 Cisco enterprise_chat_and_email
6 Cisco firepower_threat_defense
7 Cisco ios_xr
8 Cisco prime_access_registrar
9 Cisco data_center_network_manager
10 Cisco prime_infrastructure
11 Cisco unified_contact_center_enterprise
12 Cisco iot_field_network_director
13 Cisco prime_network_registrar
14 Cisco connected_mobile_experiences
15 Cisco unified_contact_center_management_portal
16 Cisco crosswork_data_gateway
17 Cisco crosswork_zero_touch_provisioning
18 Cisco nexus_3016q
19 Cisco nexus_3048
20 Cisco nexus_3064t
21 Cisco nexus_3064x
22 Cisco nexus_3548
23 Cisco prime_cable_provisioning
24 Cisco secure_dynamic_attributes_connector
25 Cisco secure_malware_analytics
26 Cisco ultra_cloud_core_-_policy_control_function
27 Cisco ultra_cloud_core_-_serving_gateway_function
28 Cisco ultra_cloud_core_-_session_management_function
29 Cisco unified_attendant_console_advanced
30 Cisco unified_contact_center_domain_manager
31 Cisco unified_contact_center_enterprise_-_live_data_server
32 Cisco fog_director
33 Cisco secure_web_appliance_firmware
34 Cisco secure_web_appliance
35 Cisco nexus_3016
36 Cisco nexus_3064
37 Cisco nexus_3064-32t
38 Cisco nexus_3064-t
39 Cisco nexus_3064-x
40 Cisco nexus_3100
41 Cisco nexus_3100-v
42 Cisco nexus_3100-z
43 Cisco nexus_3100v
44 Cisco nexus_31108pc-v
45 Cisco nexus_31108pv-v
46 Cisco nexus_31108tc-v
47 Cisco nexus_31128pq
48 Cisco nexus_3132c-z
49 Cisco nexus_3132q
50 Cisco nexus_3132q-v
51 Cisco nexus_3132q-x
52 Cisco nexus_3132q-x\/3132q-xl
53 Cisco nexus_3132q-xl
54 Cisco nexus_3164q
55 Cisco nexus_3172
56 Cisco nexus_3172pq
57 Cisco nexus_3172pq-xl
58 Cisco nexus_3172pq\/pq-xl
59 Cisco nexus_3172tq
60 Cisco nexus_3172tq-32t
61 Cisco nexus_3172tq-xl
62 Cisco nexus_3200
63 Cisco nexus_3232
64 Cisco nexus_3232c
65 Cisco nexus_3232c_
66 Cisco nexus_3264c-e
67 Cisco nexus_3264q
68 Cisco nexus_3400
69 Cisco nexus_3408-s
70 Cisco nexus_34180yc
71 Cisco nexus_34200yc-sm
72 Cisco nexus_3432d-s
73 Cisco nexus_3464c
74 Cisco nexus_3500
75 Cisco nexus_3524
76 Cisco nexus_3524-x
77 Cisco nexus_3524-x\/xl
78 Cisco nexus_3524-xl
79 Cisco nexus_3548-x
80 Cisco nexus_3548-x\/xl
81 Cisco nexus_3548-xl
82 Cisco nexus_3600
83 Cisco nexus_36180yc-r
84 Cisco nexus_3636c-r
85 Cisco nexus_9000v
86 Cisco nexus_9200
87 Cisco nexus_9200yc
88 Cisco nexus_92160yc-x
89 Cisco nexus_92160yc_switch
90 Cisco nexus_9221c
91 Cisco nexus_92300yc
92 Cisco nexus_92300yc_switch
93 Cisco nexus_92304qc
94 Cisco nexus_92304qc_switch
95 Cisco nexus_9232e
96 Cisco nexus_92348gc-x
97 Cisco nexus_9236c
98 Cisco nexus_9236c_switch
99 Cisco nexus_9272q
100 Cisco nexus_9272q_switch
101 Cisco nexus_9300
102 Cisco nexus_93108tc-ex
103 Cisco nexus_93108tc-ex-24
104 Cisco nexus_93108tc-ex_switch
105 Cisco nexus_93108tc-fx
106 Cisco nexus_93108tc-fx-24
107 Cisco nexus_93108tc-fx3h
108 Cisco nexus_93108tc-fx3p
109 Cisco nexus_93120tx
110 Cisco nexus_93120tx_switch
111 Cisco nexus_93128
112 Cisco nexus_93128tx
113 Cisco nexus_93128tx_switch
114 Cisco nexus_9316d-gx
115 Cisco nexus_93180lc-ex
116 Cisco nexus_93180lc-ex_switch
117 Cisco nexus_93180tc-ex
118 Cisco nexus_93180yc-ex
119 Cisco nexus_93180yc-ex-24
120 Cisco nexus_93180yc-ex_switch
121 Cisco nexus_93180yc-fx
122 Cisco nexus_93180yc-fx-24
123 Cisco nexus_93180yc-fx3
124 Cisco nexus_93180yc-fx3h
125 Cisco nexus_93180yc-fx3s
126 Cisco nexus_93216tc-fx2
127 Cisco nexus_93240tc-fx2
128 Cisco nexus_93240yc-fx2
129 Cisco nexus_9332c
130 Cisco nexus_9332d-gx2b
131 Cisco nexus_9332d-h2r
132 Cisco nexus_9332pq
133 Cisco nexus_9332pq_switch
134 Cisco nexus_93360yc-fx2
135 Cisco nexus_9336c-fx2
136 Cisco nexus_9336c-fx2-e
137 Cisco nexus_9336pq
138 Cisco nexus_9336pq_aci
139 Cisco nexus_9336pq_aci_spine
140 Cisco nexus_9336pq_aci_spine_switch
141 Cisco nexus_9348d-gx2a
142 Cisco nexus_9348gc-fx3
143 Cisco nexus_9348gc-fxp
144 Cisco nexus_93600cd-gx
145 Cisco nexus_9364c
146 Cisco nexus_9364c-gx
147 Cisco nexus_9364d-gx2a
148 Cisco nexus_9372px
149 Cisco nexus_9372px-e
150 Cisco nexus_9372px-e_switch
151 Cisco nexus_9372px_switch
152 Cisco nexus_9372tx
153 Cisco nexus_9372tx-e
154 Cisco nexus_9372tx-e_switch
155 Cisco nexus_9372tx_switch
156 Cisco nexus_9396px
157 Cisco nexus_9396px_switch
158 Cisco nexus_9396tx
159 Cisco nexus_9396tx_switch
160 Cisco nexus_9408
161 Cisco nexus_9432pq
162 Cisco nexus_9500
163 Cisco nexus_9500_16-slot
164 Cisco nexus_9500_4-slot
165 Cisco nexus_9500_8-slot
166 Cisco nexus_9500_supervisor_a
167 Cisco nexus_9500_supervisor_a\+
168 Cisco nexus_9500_supervisor_b
169 Cisco nexus_9500_supervisor_b\+
170 Cisco nexus_9500r
171 Cisco nexus_9504
172 Cisco nexus_9504_switch
173 Cisco nexus_9508
174 Cisco nexus_9508_switch
175 Cisco nexus_9516
176 Cisco nexus_9516_switch
177 Cisco nexus_9536pq
178 Cisco nexus_9636pq
179 Cisco nexus_9716d-gx
180 Cisco nexus_9736pq
181 Cisco nexus_9800
182 Cisco nexus_9804
183 Cisco nexus_9808
1 Redhat enterprise_linux
2 Redhat openshift_container_platform
3 Redhat satellite
4 Redhat ceph_storage
5 Redhat openshift
6 Redhat jboss_data_grid
7 Redhat jboss_enterprise_application_platform
8 Redhat decision_manager
9 Redhat single_sign-on
10 Redhat jboss_core_services
11 Redhat openstack_platform
12 Redhat openshift_service_mesh
13 Redhat jboss_fuse
14 Redhat jboss_a-mq
15 Redhat process_automation
16 Redhat build_of_quarkus
17 Redhat integration_camel_k
18 Redhat integration_service_registry
19 Redhat advanced_cluster_management_for_kubernetes
20 Redhat quay
21 Redhat openshift_data_science
22 Redhat build_of_optaplanner
23 Redhat openshift_serverless
24 Redhat openshift_virtualization
25 Redhat integration_camel_for_spring_boot
26 Redhat migration_toolkit_for_applications
27 Redhat ansible_automation_platform
28 Redhat 3scale_api_management_platform
29 Redhat advanced_cluster_security
30 Redhat service_interconnect
31 Redhat openshift_gitops
32 Redhat openshift_pipelines
33 Redhat openshift_developer_tools_and_services
34 Redhat openshift_api_for_data_protection
35 Redhat openshift_dev_spaces
36 Redhat cert-manager_operator_for_red_hat_openshift
37 Redhat certification_for_red_hat_enterprise_linux
38 Redhat cost_management
39 Redhat cryostat
40 Redhat fence_agents_remediation_operator
41 Redhat jboss_a-mq_streams
42 Redhat logging_subsystem_for_red_hat_openshift
43 Redhat machine_deletion_remediation_operator
44 Redhat migration_toolkit_for_containers
45 Redhat migration_toolkit_for_virtualization
46 Redhat network_observability_operator
47 Redhat node_healthcheck_operator
48 Redhat node_maintenance_operator
49 Redhat openshift_container_platform_assisted_installer
50 Redhat openshift_distributed_tracing
51 Redhat openshift_sandboxed_containers
52 Redhat openshift_secondary_scheduler_operator
53 Redhat run_once_duration_override_operator
54 Redhat self_node_remediation_operator
55 Redhat support_for_spring_boot
56 Redhat web_terminal
57 Redhat service_telemetry_framework
1 F5 big-ip_access_policy_manager
2 F5 big-ip_advanced_firewall_manager
3 F5 big-ip_analytics
4 F5 big-ip_application_acceleration_manager
5 F5 big-ip_application_security_manager
6 F5 big-ip_domain_name_system
7 F5 big-ip_fraud_protection_service
8 F5 big-ip_global_traffic_manager
9 F5 big-ip_link_controller
10 F5 big-ip_local_traffic_manager
11 F5 big-ip_policy_enforcement_manager
12 F5 big-ip_advanced_web_application_firewall
13 F5 big-ip_ddos_hybrid_defender
14 F5 big-ip_ssl_orchestrator
15 F5 big-ip_websafe
16 F5 big-ip_webaccelerator
17 F5 big-ip_carrier-grade_nat
18 F5 nginx
19 F5 big-ip_application_visibility_and_reporting
20 F5 big-ip_next_service_proxy_for_kubernetes
21 F5 nginx_ingress_controller
22 F5 nginx_plus
23 F5 big-ip_next
1 Microsoft windows_server_2016
2 Microsoft asp.net_core
3 Microsoft windows_server_2019
4 Microsoft windows_10_1607
5 Microsoft windows_10_1809
6 Microsoft windows_10_21h2
7 Microsoft windows_10_22h2
8 Microsoft windows_server_2022
9 Microsoft windows_11_21h2
10 Microsoft windows_11_22h2
11 Microsoft .net
12 Microsoft azure_kubernetes_service
13 Microsoft visual_studio_2022
14 Microsoft cbl-mariner
1 Apache traffic_server
2 Apache solr
3 Apache tomcat
4 Apache apisix
1 Golang go
2 Golang networking
3 Golang http2
1 Netapp oncommand_insight
2 Netapp astra_control_center
1 Netty netty
1 Fedoraproject fedora
1 Debian debian_linux
1 Envoyproxy envoy
1 Istio istio
1 Nodejs node.js
1 Jenkins jenkins
1 Eclipse jetty
1 Varnish_cache_project varnish_cache
1 Grpc grpc
1 Traefik traefik
1 Nghttp2 nghttp2
1 Dena h2o
1 Linecorp armeria
1 Akka http_server
1 Facebook proxygen
1 Projectcontour contour
1 Caddyserver caddy
1 Openresty openresty
1 Konghq kong_gateway
1 Apple swiftnio_http\/2
1 Ietf http
1 Amazon opensearch_data_prepper
1 Kazu-yamamoto http2
1 Linkerd linkerd
References to Advisories, Solutions, and Tools

Here, you will find a curated list of external links that provide in-depth information, practical solutions, and valuable tools related to CVE-2023-44487.

URL Resource
http://www.openwall.com/lists/oss-security/2023/10/13/4 Mailing List Third Party Advisory
http://www.openwall.com/lists/oss-security/2023/10/13/9 Mailing List Third Party Advisory
http://www.openwall.com/lists/oss-security/2023/10/18/4 Mailing List Third Party Advisory
http://www.openwall.com/lists/oss-security/2023/10/18/8 Mailing List Third Party Advisory
http://www.openwall.com/lists/oss-security/2023/10/19/6 Mailing List Third Party Advisory
http://www.openwall.com/lists/oss-security/2023/10/20/8 Mailing List
https://access.redhat.com/security/cve/cve-2023-44487 Vendor Advisory
https://arstechnica.com/security/2023/10/how-ddosers-used-the-http-2-protocol-to-deliver-attacks-of-unprecedented-size/ Press/Media Coverage Third Party Advisory
https://aws.amazon.com/security/security-bulletins/AWS-2023-011/ Third Party Advisory
https://blog.cloudflare.com/technical-breakdown-http2-rapid-reset-ddos-attack/ Technical Description
https://blog.cloudflare.com/zero-day-rapid-reset-http2-record-breaking-ddos-attack/ Third Party Advisory
https://blog.litespeedtech.com/2023/10/11/rapid-reset-http-2-vulnerablilty/ Vendor Advisory
https://blog.qualys.com/vulnerabilities-threat-research/2023/10/10/cve-2023-44487-http-2-rapid-reset-attack Press/Media Coverage Third Party Advisory
https://blog.vespa.ai/cve-2023-44487/ Vendor Advisory
https://bugzilla.proxmox.com/show_bug.cgi?id=4988 Issue Tracking
https://bugzilla.redhat.com/show_bug.cgi?id=2242803 Issue Tracking
https://bugzilla.suse.com/show_bug.cgi?id=1216123 Issue Tracking
https://cgit.freebsd.org/ports/commit/?id=c64c329c2c1752f46b73e3e6ce9f4329be6629f9 Mailing List Patch
https://cloud.google.com/blog/products/identity-security/google-cloud-mitigated-largest-ddos-attack-peaking-above-398-million-rps/ Technical Description
https://cloud.google.com/blog/products/identity-security/how-it-works-the-novel-http2-rapid-reset-ddos-attack Technical Description
https://community.traefik.io/t/is-traefik-vulnerable-to-cve-2023-44487/20125 Vendor Advisory
https://discuss.hashicorp.com/t/hcsec-2023-32-vault-consul-and-boundary-affected-by-http-2-rapid-reset-denial-of-service-vulnerability-cve-2023-44487/59715 Third Party Advisory
https://edg.io/lp/blog/resets-leaks-ddos-and-the-tale-of-a-hidden-cve Technical Description Third Party Advisory
https://forums.swift.org/t/swift-nio-http2-security-update-cve-2023-44487-http-2-dos/67764 Vendor Advisory
https://gist.github.com/adulau/7c2bfb8e9cdbe4b35a5e131c66a0c088 Issue Tracking
https://github.com/Azure/AKS/issues/3947 Issue Tracking
https://github.com/Kong/kong/discussions/11741 Issue Tracking
https://github.com/advisories/GHSA-qppj-fm5r-hxr3 Vendor Advisory
https://github.com/advisories/GHSA-vx74-f528-fxqg Vendor Advisory
https://github.com/advisories/GHSA-xpw8-rcwv-8f8p Patch Vendor Advisory
https://github.com/akka/akka-http/issues/4323 Issue Tracking
https://github.com/alibaba/tengine/issues/1872 Issue Tracking
https://github.com/apache/apisix/issues/10320 Issue Tracking
https://github.com/apache/httpd-site/pull/10 Issue Tracking
https://github.com/apache/httpd/blob/afcdbeebbff4b0c50ea26cdd16e178c0d1f24152/modules/http2/h2_mplx.c#L1101-L1113 Product
https://github.com/apache/tomcat/tree/main/java/org/apache/coyote/http2 Product Third Party Advisory
https://github.com/apache/trafficserver/pull/10564 Issue Tracking Patch
https://github.com/arkrwn/PoC/tree/main/CVE-2023-44487 Vendor Advisory
https://github.com/bcdannyboy/CVE-2023-44487 Third Party Advisory
https://github.com/caddyserver/caddy/issues/5877 Issue Tracking
https://github.com/caddyserver/caddy/releases/tag/v2.7.5 Release Notes
https://github.com/dotnet/announcements/issues/277 Issue Tracking Mitigation
https://github.com/dotnet/core/blob/e4613450ea0da7fd2fc6b61dfb2c1c1dec1ce9ec/release-notes/6.0/6.0.23/6.0.23.md?plain=1#L73 Product Release Notes
https://github.com/eclipse/jetty.project/issues/10679 Issue Tracking
https://github.com/envoyproxy/envoy/pull/30055 Issue Tracking Patch
https://github.com/etcd-io/etcd/issues/16740 Issue Tracking Patch
https://github.com/facebook/proxygen/pull/466 Issue Tracking Patch
https://github.com/golang/go/issues/63417 Issue Tracking
https://github.com/grpc/grpc-go/pull/6703 Issue Tracking Patch
https://github.com/h2o/h2o/pull/3291 Issue Tracking
https://github.com/h2o/h2o/security/advisories/GHSA-2m7v-gc89-fjqf Vendor Advisory
https://github.com/haproxy/haproxy/issues/2312 Issue Tracking
https://github.com/icing/mod_h2/blob/0a864782af0a942aa2ad4ed960a6b32cd35bcf0a/mod_http2/README.md?plain=1#L239-L244 Product
https://github.com/junkurihara/rust-rpxy/issues/97 Issue Tracking
https://github.com/kazu-yamamoto/http2/commit/f61d41a502bd0f60eb24e1ce14edc7b6df6722a1 Patch
https://github.com/kazu-yamamoto/http2/issues/93 Issue Tracking
https://github.com/kubernetes/kubernetes/pull/121120 Patch
https://github.com/line/armeria/pull/5232 Issue Tracking Patch
https://github.com/linkerd/website/pull/1695/commits/4b9c6836471bc8270ab48aae6fd2181bc73fd632 Patch
https://github.com/micrictor/http2-rst-stream Exploit Third Party Advisory
https://github.com/microsoft/CBL-Mariner/pull/6381 Issue Tracking
https://github.com/netty/netty/commit/58f75f665aa81a8cbcf6ffa74820042a285c5e61 Patch
https://github.com/nghttp2/nghttp2/pull/1961 Issue Tracking Patch
https://github.com/nghttp2/nghttp2/releases/tag/v1.57.0 Release Notes
https://github.com/ninenines/cowboy/issues/1615 Issue Tracking
https://github.com/nodejs/node/pull/50121 Issue Tracking
https://github.com/openresty/openresty/issues/930 Issue Tracking
https://github.com/opensearch-project/data-prepper/issues/3474 Issue Tracking Patch
https://github.com/oqtane/oqtane.framework/discussions/3367 Issue Tracking
https://github.com/projectcontour/contour/pull/5826 Issue Tracking Patch
https://github.com/tempesta-tech/tempesta/issues/1986 Issue Tracking
https://github.com/varnishcache/varnish-cache/issues/3996 Issue Tracking
https://groups.google.com/g/golang-announce/c/iNNxDTCjZvo Mailing List Release Notes
https://istio.io/latest/news/security/istio-security-2023-004/ Vendor Advisory
https://linkerd.io/2023/10/12/linkerd-cve-2023-44487/ Vendor Advisory
https://lists.apache.org/thread/5py8h42mxfsn8l1wy6o41xwhsjlsd87q Mailing List
https://lists.debian.org/debian-lts-announce/2023/10/msg00020.html Mailing List Third Party Advisory
https://lists.debian.org/debian-lts-announce/2023/10/msg00023.html Mailing List
https://lists.debian.org/debian-lts-announce/2023/10/msg00024.html Mailing List
https://lists.debian.org/debian-lts-announce/2023/10/msg00045.html Mailing List
https://lists.debian.org/debian-lts-announce/2023/10/msg00047.html Mailing List
https://lists.debian.org/debian-lts-announce/2023/11/msg00001.html Mailing List
https://lists.debian.org/debian-lts-announce/2023/11/msg00012.html Mailing List
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2MBEPPC36UBVOZZNAXFHKLFGSLCMN5LI/ Mailing List
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3N4NJ7FR4X4FPZUGNTQAPSTVB2HB2Y4A/ Mailing List
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BFQD3KUEMFBHPAPBGLWQC34L4OWL5HAZ/ Mailing List
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CLB4TW7KALB3EEQWNWCN7OUIWWVWWCG2/ Mailing List
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/E72T67UPDRXHIDLO3OROR25YAMN4GGW5/ Mailing List
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FNA62Q767CFAFHBCDKYNPBMZWB7TWYVU/ Mailing List
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HT7T2R4MQKLIF4ODV4BDLPARWFPCJ5CZ/ Mailing List
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JIZSEFC3YKCGABA2BZW6ZJRMDZJMB7PJ/ Mailing List
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JMEXY22BFG5Q64HQCM5CK2Q7KDKVV4TY/ Mailing List
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KSEGD2IWKNUO3DWY4KQGUQM5BISRWHQE/ Mailing List
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LKYHSZQFDNR7RSA7LHVLLIAQMVYCUGBG/ Mailing List
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LNMZJCDHGLJJLXO4OXWJMTVQRNWOC7UL/ Mailing List
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VHUHTSXLXGXS7JYKBXTA3VINUPHTNGVU/ Mailing List
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VSRDIV77HNKUSM7SJC5BKE5JSHLHU2NK/ Mailing List
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WE2I52RHNNU42PX6NZ2RBUHSFFJ2LVZX/ Mailing List
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WLPRQ5TWUQQXYWBJM7ECYDAIL2YVKIUH/ Mailing List
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X6QXN4ORIVF6XBW4WWFE7VNPVC74S45Y/ Mailing List
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XFOIBB4YFICHDM7IBOP7PWXW3FX4HLL2/ Mailing List
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZB43REMKRQR62NJEI7I5NQ4FSXNLBKRT/ Mailing List
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZKQSIKIAT5TJ3WSLU3RDBQ35YX4GY4V3/ Mailing List
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZLU6U2R2IC2K64NDPNMV55AUAO65MAF4/ Mailing List Third Party Advisory
https://lists.w3.org/Archives/Public/ietf-http-wg/2023OctDec/0025.html Mailing List Third Party Advisory
https://mailman.nginx.org/pipermail/nginx-devel/2023-October/S36Q5HBXR7CAIMPLLPRSSSYR4PCMWILK.html Mailing List Patch
https://martinthomson.github.io/h2-stream-limits/draft-thomson-httpbis-h2-stream-limits.html Third Party Advisory
https://msrc.microsoft.com/blog/2023/10/microsoft-response-to-distributed-denial-of-service-ddos-attacks-against-http/2/ Patch Vendor Advisory
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-44487 Patch Vendor Advisory
https://my.f5.com/manage/s/article/K000137106 Vendor Advisory
https://netty.io/news/2023/10/10/4-1-100-Final.html Release Notes
https://news.ycombinator.com/item?id=37830987 Issue Tracking
https://news.ycombinator.com/item?id=37830998 Issue Tracking
https://news.ycombinator.com/item?id=37831062 Issue Tracking
https://news.ycombinator.com/item?id=37837043 Issue Tracking
https://openssf.org/blog/2023/10/10/http-2-rapid-reset-vulnerability-highlights-need-for-rapid-response/ Third Party Advisory
https://seanmonstar.com/post/730794151136935936/hyper-http2-rapid-reset-unaffected Third Party Advisory
https://security.gentoo.org/glsa/202311-09 Third Party Advisory
https://security.netapp.com/advisory/ntap-20231016-0001/ Third Party Advisory
https://security.netapp.com/advisory/ntap-20240426-0007/ Third Party Advisory
https://security.netapp.com/advisory/ntap-20240621-0006/ Exploit Third Party Advisory
https://security.netapp.com/advisory/ntap-20240621-0007/ Third Party Advisory
https://security.paloaltonetworks.com/CVE-2023-44487 Vendor Advisory
https://tomcat.apache.org/security-10.html#Fixed_in_Apache_Tomcat_10.1.14 Release Notes
https://ubuntu.com/security/CVE-2023-44487 Vendor Advisory
https://www.bleepingcomputer.com/news/security/new-http-2-rapid-reset-zero-day-attack-breaks-ddos-records/ Third Party Advisory
https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487 Third Party Advisory US Government Resource
https://www.darkreading.com/cloud/internet-wide-zero-day-bug-fuels-largest-ever-ddos-event Press/Media Coverage Third Party Advisory
https://www.debian.org/security/2023/dsa-5521 Mailing List
https://www.debian.org/security/2023/dsa-5522 Mailing List
https://www.debian.org/security/2023/dsa-5540 Mailing List
https://www.debian.org/security/2023/dsa-5549 Mailing List
https://www.debian.org/security/2023/dsa-5558 Mailing List
https://www.debian.org/security/2023/dsa-5570 Third Party Advisory
https://www.haproxy.com/blog/haproxy-is-not-affected-by-the-http-2-rapid-reset-attack-cve-2023-44487 Third Party Advisory
https://www.netlify.com/blog/netlify-successfully-mitigates-cve-2023-44487/ Vendor Advisory
https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/ Mitigation
https://www.openwall.com/lists/oss-security/2023/10/10/6 Mailing List Third Party Advisory
https://www.phoronix.com/news/HTTP2-Rapid-Reset-Attack Press/Media Coverage
https://www.theregister.com/2023/10/10/http2_rapid_reset_zeroday/ Press/Media Coverage Third Party Advisory
http://www.openwall.com/lists/oss-security/2023/10/13/4 Mailing List Third Party Advisory
http://www.openwall.com/lists/oss-security/2023/10/13/9 Mailing List Third Party Advisory
http://www.openwall.com/lists/oss-security/2023/10/18/4 Mailing List Third Party Advisory
http://www.openwall.com/lists/oss-security/2023/10/18/8 Mailing List Third Party Advisory
http://www.openwall.com/lists/oss-security/2023/10/19/6 Mailing List Third Party Advisory
http://www.openwall.com/lists/oss-security/2023/10/20/8 Mailing List
https://access.redhat.com/security/cve/cve-2023-44487 Vendor Advisory
https://arstechnica.com/security/2023/10/how-ddosers-used-the-http-2-protocol-to-deliver-attacks-of-unprecedented-size/ Press/Media Coverage Third Party Advisory
https://aws.amazon.com/security/security-bulletins/AWS-2023-011/ Third Party Advisory
https://blog.cloudflare.com/technical-breakdown-http2-rapid-reset-ddos-attack/ Technical Description Vendor Advisory
https://blog.cloudflare.com/zero-day-rapid-reset-http2-record-breaking-ddos-attack/ Vendor Advisory
https://blog.litespeedtech.com/2023/10/11/rapid-reset-http-2-vulnerablilty/ Vendor Advisory
https://blog.qualys.com/vulnerabilities-threat-research/2023/10/10/cve-2023-44487-http-2-rapid-reset-attack Press/Media Coverage Third Party Advisory
https://blog.vespa.ai/cve-2023-44487/ Vendor Advisory
https://bugzilla.proxmox.com/show_bug.cgi?id=4988 Issue Tracking Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=2242803 Issue Tracking Vendor Advisory
https://bugzilla.suse.com/show_bug.cgi?id=1216123 Issue Tracking Vendor Advisory
https://cgit.freebsd.org/ports/commit/?id=c64c329c2c1752f46b73e3e6ce9f4329be6629f9 Mailing List Patch Vendor Advisory
https://cloud.google.com/blog/products/identity-security/google-cloud-mitigated-largest-ddos-attack-peaking-above-398-million-rps/ Technical Description Vendor Advisory
https://cloud.google.com/blog/products/identity-security/how-it-works-the-novel-http2-rapid-reset-ddos-attack Technical Description Vendor Advisory
https://community.traefik.io/t/is-traefik-vulnerable-to-cve-2023-44487/20125 Vendor Advisory
https://discuss.hashicorp.com/t/hcsec-2023-32-vault-consul-and-boundary-affected-by-http-2-rapid-reset-denial-of-service-vulnerability-cve-2023-44487/59715 Third Party Advisory
https://edg.io/lp/blog/resets-leaks-ddos-and-the-tale-of-a-hidden-cve Technical Description Third Party Advisory
https://forums.swift.org/t/swift-nio-http2-security-update-cve-2023-44487-http-2-dos/67764 Vendor Advisory
https://gist.github.com/adulau/7c2bfb8e9cdbe4b35a5e131c66a0c088 Patch
https://github.com/Azure/AKS/issues/3947 Issue Tracking
https://github.com/Kong/kong/discussions/11741 Issue Tracking
https://github.com/advisories/GHSA-qppj-fm5r-hxr3 Vendor Advisory
https://github.com/advisories/GHSA-vx74-f528-fxqg Mitigation Patch
https://github.com/advisories/GHSA-xpw8-rcwv-8f8p Patch Vendor Advisory
https://github.com/akka/akka-http/issues/4323 Issue Tracking
https://github.com/alibaba/tengine/issues/1872 Issue Tracking
https://github.com/apache/apisix/issues/10320 Issue Tracking
https://github.com/apache/httpd-site/pull/10 Issue Tracking
https://github.com/apache/httpd/blob/afcdbeebbff4b0c50ea26cdd16e178c0d1f24152/modules/http2/h2_mplx.c#L1101-L1113 Product
https://github.com/apache/tomcat/tree/main/java/org/apache/coyote/http2 Product
https://github.com/apache/trafficserver/pull/10564 Issue Tracking Patch
https://github.com/arkrwn/PoC/tree/main/CVE-2023-44487 Vendor Advisory
https://github.com/bcdannyboy/CVE-2023-44487 Third Party Advisory
https://github.com/caddyserver/caddy/issues/5877 Issue Tracking Vendor Advisory
https://github.com/caddyserver/caddy/releases/tag/v2.7.5 Release Notes Third Party Advisory
https://github.com/dotnet/announcements/issues/277 Mitigation Vendor Advisory
https://github.com/dotnet/core/blob/e4613450ea0da7fd2fc6b61dfb2c1c1dec1ce9ec/release-notes/6.0/6.0.23/6.0.23.md?plain=1#L73 Release Notes
https://github.com/eclipse/jetty.project/issues/10679 Issue Tracking
https://github.com/envoyproxy/envoy/pull/30055 Issue Tracking Patch
https://github.com/etcd-io/etcd/issues/16740 Issue Tracking Patch
https://github.com/facebook/proxygen/pull/466 Issue Tracking Patch
https://github.com/golang/go/issues/63417 Issue Tracking
https://github.com/grpc/grpc-go/pull/6703 Issue Tracking Patch
https://github.com/h2o/h2o/pull/3291 Issue Tracking Patch
https://github.com/h2o/h2o/security/advisories/GHSA-2m7v-gc89-fjqf Vendor Advisory
https://github.com/haproxy/haproxy/issues/2312 Issue Tracking
https://github.com/icing/mod_h2/blob/0a864782af0a942aa2ad4ed960a6b32cd35bcf0a/mod_http2/README.md?plain=1#L239-L244 Product
https://github.com/junkurihara/rust-rpxy/issues/97 Issue Tracking
https://github.com/kazu-yamamoto/http2/commit/f61d41a502bd0f60eb24e1ce14edc7b6df6722a1 Patch
https://github.com/kazu-yamamoto/http2/issues/93 Issue Tracking
https://github.com/kubernetes/kubernetes/pull/121120 Issue Tracking Patch
https://github.com/line/armeria/pull/5232 Issue Tracking Patch
https://github.com/linkerd/website/pull/1695/commits/4b9c6836471bc8270ab48aae6fd2181bc73fd632 Patch
https://github.com/micrictor/http2-rst-stream Exploit Third Party Advisory
https://github.com/microsoft/CBL-Mariner/pull/6381 Issue Tracking Patch
https://github.com/netty/netty/commit/58f75f665aa81a8cbcf6ffa74820042a285c5e61 Patch
https://github.com/nghttp2/nghttp2/pull/1961 Issue Tracking Patch
https://github.com/nghttp2/nghttp2/releases/tag/v1.57.0 Release Notes
https://github.com/ninenines/cowboy/issues/1615 Issue Tracking
https://github.com/nodejs/node/pull/50121 Issue Tracking
https://github.com/openresty/openresty/issues/930 Issue Tracking
https://github.com/opensearch-project/data-prepper/issues/3474 Issue Tracking Patch
https://github.com/oqtane/oqtane.framework/discussions/3367 Issue Tracking
https://github.com/projectcontour/contour/pull/5826 Issue Tracking Patch
https://github.com/tempesta-tech/tempesta/issues/1986 Issue Tracking
https://github.com/varnishcache/varnish-cache/issues/3996 Issue Tracking
https://groups.google.com/g/golang-announce/c/iNNxDTCjZvo Mailing List Vendor Advisory
https://istio.io/latest/news/security/istio-security-2023-004/ Vendor Advisory
https://linkerd.io/2023/10/12/linkerd-cve-2023-44487/ Vendor Advisory
https://lists.apache.org/thread/5py8h42mxfsn8l1wy6o41xwhsjlsd87q Mailing List
https://lists.debian.org/debian-lts-announce/2023/10/msg00020.html Mailing List
https://lists.debian.org/debian-lts-announce/2023/10/msg00023.html Mailing List
https://lists.debian.org/debian-lts-announce/2023/10/msg00024.html Mailing List
https://lists.debian.org/debian-lts-announce/2023/10/msg00045.html Mailing List
https://lists.debian.org/debian-lts-announce/2023/10/msg00047.html Mailing List
https://lists.debian.org/debian-lts-announce/2023/11/msg00001.html Mailing List
https://lists.debian.org/debian-lts-announce/2023/11/msg00012.html Mailing List
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2MBEPPC36UBVOZZNAXFHKLFGSLCMN5LI/ Mailing List
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3N4NJ7FR4X4FPZUGNTQAPSTVB2HB2Y4A/ Mailing List
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BFQD3KUEMFBHPAPBGLWQC34L4OWL5HAZ/ Mailing List
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CLB4TW7KALB3EEQWNWCN7OUIWWVWWCG2/ Mailing List
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/E72T67UPDRXHIDLO3OROR25YAMN4GGW5/ Mailing List
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FNA62Q767CFAFHBCDKYNPBMZWB7TWYVU/ Mailing List
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HT7T2R4MQKLIF4ODV4BDLPARWFPCJ5CZ/ Mailing List
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JIZSEFC3YKCGABA2BZW6ZJRMDZJMB7PJ/ Mailing List
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JMEXY22BFG5Q64HQCM5CK2Q7KDKVV4TY/ Mailing List
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KSEGD2IWKNUO3DWY4KQGUQM5BISRWHQE/ Mailing List
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LKYHSZQFDNR7RSA7LHVLLIAQMVYCUGBG/ Mailing List
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LNMZJCDHGLJJLXO4OXWJMTVQRNWOC7UL/ Mailing List
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VHUHTSXLXGXS7JYKBXTA3VINUPHTNGVU/ Mailing List
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VSRDIV77HNKUSM7SJC5BKE5JSHLHU2NK/ Mailing List
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WE2I52RHNNU42PX6NZ2RBUHSFFJ2LVZX/ Mailing List
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WLPRQ5TWUQQXYWBJM7ECYDAIL2YVKIUH/ Mailing List
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X6QXN4ORIVF6XBW4WWFE7VNPVC74S45Y/ Mailing List
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XFOIBB4YFICHDM7IBOP7PWXW3FX4HLL2/ Mailing List
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZB43REMKRQR62NJEI7I5NQ4FSXNLBKRT/ Mailing List
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZKQSIKIAT5TJ3WSLU3RDBQ35YX4GY4V3/ Mailing List
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZLU6U2R2IC2K64NDPNMV55AUAO65MAF4/ Mailing List
https://lists.w3.org/Archives/Public/ietf-http-wg/2023OctDec/0025.html Mailing List Third Party Advisory
https://mailman.nginx.org/pipermail/nginx-devel/2023-October/S36Q5HBXR7CAIMPLLPRSSSYR4PCMWILK.html Mailing List Patch Third Party Advisory
https://martinthomson.github.io/h2-stream-limits/draft-thomson-httpbis-h2-stream-limits.html Third Party Advisory
https://msrc.microsoft.com/blog/2023/10/microsoft-response-to-distributed-denial-of-service-ddos-attacks-against-http/2/ Patch Vendor Advisory
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-44487 Mitigation Patch Vendor Advisory
https://my.f5.com/manage/s/article/K000137106 Vendor Advisory
https://netty.io/news/2023/10/10/4-1-100-Final.html Release Notes Vendor Advisory
https://news.ycombinator.com/item?id=37830987 Issue Tracking
https://news.ycombinator.com/item?id=37830998 Issue Tracking Press/Media Coverage
https://news.ycombinator.com/item?id=37831062 Issue Tracking
https://news.ycombinator.com/item?id=37837043 Issue Tracking
https://openssf.org/blog/2023/10/10/http-2-rapid-reset-vulnerability-highlights-need-for-rapid-response/ Third Party Advisory
https://seanmonstar.com/post/730794151136935936/hyper-http2-rapid-reset-unaffected Third Party Advisory
https://security.gentoo.org/glsa/202311-09 Third Party Advisory
https://security.netapp.com/advisory/ntap-20231016-0001/ Third Party Advisory
https://security.netapp.com/advisory/ntap-20240426-0007/ Third Party Advisory
https://security.netapp.com/advisory/ntap-20240621-0006/ Third Party Advisory
https://security.netapp.com/advisory/ntap-20240621-0007/ Third Party Advisory
https://security.paloaltonetworks.com/CVE-2023-44487 Vendor Advisory
https://tomcat.apache.org/security-10.html#Fixed_in_Apache_Tomcat_10.1.14 Release Notes
https://ubuntu.com/security/CVE-2023-44487 Vendor Advisory
https://www.bleepingcomputer.com/news/security/new-http-2-rapid-reset-zero-day-attack-breaks-ddos-records/ Third Party Advisory
https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487 Third Party Advisory US Government Resource
https://www.darkreading.com/cloud/internet-wide-zero-day-bug-fuels-largest-ever-ddos-event Press/Media Coverage Third Party Advisory
https://www.debian.org/security/2023/dsa-5521 Vendor Advisory
https://www.debian.org/security/2023/dsa-5522 Vendor Advisory
https://www.debian.org/security/2023/dsa-5540 Third Party Advisory
https://www.debian.org/security/2023/dsa-5549 Third Party Advisory
https://www.debian.org/security/2023/dsa-5558 Third Party Advisory
https://www.debian.org/security/2023/dsa-5570 Third Party Advisory
https://www.haproxy.com/blog/haproxy-is-not-affected-by-the-http-2-rapid-reset-attack-cve-2023-44487 Vendor Advisory
https://www.netlify.com/blog/netlify-successfully-mitigates-cve-2023-44487/ Vendor Advisory
https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/ Mitigation Vendor Advisory
https://www.openwall.com/lists/oss-security/2023/10/10/6 Mailing List Third Party Advisory
https://www.phoronix.com/news/HTTP2-Rapid-Reset-Attack Press/Media Coverage
https://www.theregister.com/2023/10/10/http2_rapid_reset_zeroday/ Press/Media Coverage Third Party Advisory
https://www.vicarius.io/vsociety/posts/rapid-reset-cve-2023-44487-dos-in-http2-understanding-the-root-cause Third Party Advisory

We scan GitHub repositories to detect new proof-of-concept exploits. Following list is a collection of public exploits and proof-of-concepts, which have been published on GitHub (sorted by the most recently updated).

H2-Rapid Reset Client for stress testing.

JavaScript

Updated: 1 week, 4 days ago
0 stars 0 fork 0 watcher
Born at : Dec. 19, 2024, 2:33 p.m. This repo has been linked 1 different CVEs too.

None

Python

Updated: 3 weeks, 6 days ago
0 stars 0 fork 0 watcher
Born at : Dec. 3, 2024, 2:54 p.m. This repo has been linked 1 different CVEs too.

None

Updated: 1 month ago
0 stars 0 fork 0 watcher
Born at : Nov. 25, 2024, 11:44 a.m. This repo has been linked 1 different CVEs too.

Задание по DevSecOps второе задание

Updated: 1 month, 3 weeks ago
0 stars 0 fork 0 watcher
Born at : Nov. 5, 2024, 8:20 p.m. This repo has been linked 92 different CVEs too.

Indra is a powerful, versatile, and user-friendly Python-based network scanning and vulnerability assessment tool.

Python

Updated: 2 months ago
0 stars 0 fork 0 watcher
Born at : Oct. 23, 2024, 1:10 p.m. This repo has been linked 3 different CVEs too.

Learn about 'How to check and prevent Docker's security vulnerability'

Dockerfile Java

Updated: 3 months ago
0 stars 1 fork 1 watcher
Born at : Sept. 25, 2024, 2:31 a.m. This repo has been linked 19 different CVEs too.

None

Makefile Dockerfile Go

Updated: 3 months ago
0 stars 0 fork 0 watcher
Born at : Sept. 24, 2024, 1:37 p.m. This repo has been linked 3 different CVEs too.

None

Shell

Updated: 1 month ago
0 stars 0 fork 0 watcher
Born at : Aug. 2, 2024, 7:36 p.m. This repo has been linked 1 different CVEs too.

практика

Updated: 4 months, 2 weeks ago
0 stars 0 fork 0 watcher
Born at : Aug. 1, 2024, 11:31 a.m. This repo has been linked 1 different CVEs too.

Some information about the process of CVE recurrence

Updated: 4 months, 3 weeks ago
1 stars 0 fork 0 watcher
Born at : July 19, 2024, 12:30 p.m. This repo has been linked 4 different CVEs too.

None

Updated: 4 months, 1 week ago
0 stars 0 fork 0 watcher
Born at : July 5, 2024, 2:18 p.m. This repo has been linked 41 different CVEs too.

None

Python JavaScript

Updated: 7 months ago
0 stars 0 fork 0 watcher
Born at : May 29, 2024, 8:03 p.m. This repo has been linked 1 different CVEs too.

None

Dockerfile Go

Updated: 7 months ago
0 stars 0 fork 0 watcher
Born at : May 29, 2024, 6:54 p.m. This repo has been linked 78 different CVEs too.

None

Updated: 7 months ago
0 stars 0 fork 0 watcher
Born at : May 26, 2024, 1:01 p.m. This repo has been linked 1 different CVEs too.

Latest CVEs with their Proof of Concept exploits.

Python

Updated: 3 weeks, 3 days ago
11 stars 2 fork 2 watcher
Born at : May 24, 2024, 11:02 a.m. This repo has been linked 77 different CVEs too.

Results are limited to the first 15 repositories due to potential performance issues.

The following list is the news that have been mention CVE-2023-44487 vulnerability anywhere in the article.

  • security.nl
VS publiceert overzicht van meest misbruikte kwetsbaarheden in 2023

De Amerikaanse autoriteiten hebben samen met cyberagentschappen uit Australië, Canada, Nieuw-Zeeland en het Verenigd Koninkrijk een overzicht van de meest misbruikte kwetsbaarheden in 2023 opgesteld. ... Read more

Published Date: Nov 12, 2024 (1 month, 2 weeks ago)

The following table lists the changes that have been made to the CVE-2023-44487 vulnerability over time.

Vulnerability history details can be useful for understanding the evolution of a vulnerability, and for identifying the most recent changes that may impact the vulnerability's severity, exploitability, or other characteristics.

  • Modified Analysis by [email protected]

    Dec. 20, 2024

    Action Type Old Value New Value
    Changed Reference Type https://gist.github.com/adulau/7c2bfb8e9cdbe4b35a5e131c66a0c088 Third Party Advisory https://gist.github.com/adulau/7c2bfb8e9cdbe4b35a5e131c66a0c088 Patch
    Changed Reference Type https://gist.github.com/adulau/7c2bfb8e9cdbe4b35a5e131c66a0c088 Third Party Advisory https://gist.github.com/adulau/7c2bfb8e9cdbe4b35a5e131c66a0c088 Patch
    Changed Reference Type https://github.com/advisories/GHSA-vx74-f528-fxqg Mitigation, Patch, Vendor Advisory https://github.com/advisories/GHSA-vx74-f528-fxqg Mitigation, Patch
    Changed Reference Type https://github.com/advisories/GHSA-vx74-f528-fxqg Mitigation, Patch, Vendor Advisory https://github.com/advisories/GHSA-vx74-f528-fxqg Mitigation, Patch
    Changed Reference Type https://github.com/akka/akka-http/issues/4323 Issue Tracking, Vendor Advisory https://github.com/akka/akka-http/issues/4323 Issue Tracking
    Changed Reference Type https://github.com/akka/akka-http/issues/4323 Issue Tracking, Vendor Advisory https://github.com/akka/akka-http/issues/4323 Issue Tracking
    Changed Reference Type https://github.com/alibaba/tengine/issues/1872 Issue Tracking, Vendor Advisory https://github.com/alibaba/tengine/issues/1872 Issue Tracking
    Changed Reference Type https://github.com/alibaba/tengine/issues/1872 Issue Tracking, Vendor Advisory https://github.com/alibaba/tengine/issues/1872 Issue Tracking
    Changed Reference Type https://github.com/apache/apisix/issues/10320 Issue Tracking, Vendor Advisory https://github.com/apache/apisix/issues/10320 Issue Tracking
    Changed Reference Type https://github.com/apache/apisix/issues/10320 Issue Tracking, Vendor Advisory https://github.com/apache/apisix/issues/10320 Issue Tracking
    Changed Reference Type https://github.com/apache/httpd-site/pull/10 Issue Tracking, Vendor Advisory https://github.com/apache/httpd-site/pull/10 Issue Tracking
    Changed Reference Type https://github.com/apache/httpd-site/pull/10 Issue Tracking, Vendor Advisory https://github.com/apache/httpd-site/pull/10 Issue Tracking
    Changed Reference Type https://github.com/apache/httpd/blob/afcdbeebbff4b0c50ea26cdd16e178c0d1f24152/modules/http2/h2_mplx.c#L1101-L1113 Product, Third Party Advisory https://github.com/apache/httpd/blob/afcdbeebbff4b0c50ea26cdd16e178c0d1f24152/modules/http2/h2_mplx.c#L1101-L1113 Product
    Changed Reference Type https://github.com/apache/httpd/blob/afcdbeebbff4b0c50ea26cdd16e178c0d1f24152/modules/http2/h2_mplx.c#L1101-L1113 Product, Third Party Advisory https://github.com/apache/httpd/blob/afcdbeebbff4b0c50ea26cdd16e178c0d1f24152/modules/http2/h2_mplx.c#L1101-L1113 Product
    Changed Reference Type https://github.com/apache/tomcat/tree/main/java/org/apache/coyote/http2 Product, Third Party Advisory https://github.com/apache/tomcat/tree/main/java/org/apache/coyote/http2 Product
    Changed Reference Type https://github.com/apache/tomcat/tree/main/java/org/apache/coyote/http2 Product, Third Party Advisory https://github.com/apache/tomcat/tree/main/java/org/apache/coyote/http2 Product
    Changed Reference Type https://github.com/apache/trafficserver/pull/10564 Patch, Vendor Advisory https://github.com/apache/trafficserver/pull/10564 Issue Tracking, Patch
    Changed Reference Type https://github.com/apache/trafficserver/pull/10564 Patch, Vendor Advisory https://github.com/apache/trafficserver/pull/10564 Issue Tracking, Patch
    Changed Reference Type https://github.com/Azure/AKS/issues/3947 Issue Tracking, Vendor Advisory https://github.com/Azure/AKS/issues/3947 Issue Tracking
    Changed Reference Type https://github.com/Azure/AKS/issues/3947 Issue Tracking, Vendor Advisory https://github.com/Azure/AKS/issues/3947 Issue Tracking
    Changed Reference Type https://github.com/dotnet/core/blob/e4613450ea0da7fd2fc6b61dfb2c1c1dec1ce9ec/release-notes/6.0/6.0.23/6.0.23.md?plain=1#L73 Product, Release Notes, Vendor Advisory https://github.com/dotnet/core/blob/e4613450ea0da7fd2fc6b61dfb2c1c1dec1ce9ec/release-notes/6.0/6.0.23/6.0.23.md?plain=1#L73 Release Notes
    Changed Reference Type https://github.com/dotnet/core/blob/e4613450ea0da7fd2fc6b61dfb2c1c1dec1ce9ec/release-notes/6.0/6.0.23/6.0.23.md?plain=1#L73 Product, Release Notes, Vendor Advisory https://github.com/dotnet/core/blob/e4613450ea0da7fd2fc6b61dfb2c1c1dec1ce9ec/release-notes/6.0/6.0.23/6.0.23.md?plain=1#L73 Release Notes
    Changed Reference Type https://github.com/eclipse/jetty.project/issues/10679 Issue Tracking, Vendor Advisory https://github.com/eclipse/jetty.project/issues/10679 Issue Tracking
    Changed Reference Type https://github.com/eclipse/jetty.project/issues/10679 Issue Tracking, Vendor Advisory https://github.com/eclipse/jetty.project/issues/10679 Issue Tracking
    Changed Reference Type https://github.com/envoyproxy/envoy/pull/30055 Patch, Vendor Advisory https://github.com/envoyproxy/envoy/pull/30055 Issue Tracking, Patch
    Changed Reference Type https://github.com/envoyproxy/envoy/pull/30055 Patch, Vendor Advisory https://github.com/envoyproxy/envoy/pull/30055 Issue Tracking, Patch
    Changed Reference Type https://github.com/etcd-io/etcd/issues/16740 Issue Tracking, Patch, Vendor Advisory https://github.com/etcd-io/etcd/issues/16740 Issue Tracking, Patch
    Changed Reference Type https://github.com/etcd-io/etcd/issues/16740 Issue Tracking, Patch, Vendor Advisory https://github.com/etcd-io/etcd/issues/16740 Issue Tracking, Patch
    Changed Reference Type https://github.com/facebook/proxygen/pull/466 Patch, Vendor Advisory https://github.com/facebook/proxygen/pull/466 Issue Tracking, Patch
    Changed Reference Type https://github.com/facebook/proxygen/pull/466 Patch, Vendor Advisory https://github.com/facebook/proxygen/pull/466 Issue Tracking, Patch
    Changed Reference Type https://github.com/golang/go/issues/63417 Issue Tracking, Vendor Advisory https://github.com/golang/go/issues/63417 Issue Tracking
    Changed Reference Type https://github.com/golang/go/issues/63417 Issue Tracking, Vendor Advisory https://github.com/golang/go/issues/63417 Issue Tracking
    Changed Reference Type https://github.com/grpc/grpc-go/pull/6703 Patch, Vendor Advisory https://github.com/grpc/grpc-go/pull/6703 Issue Tracking, Patch
    Changed Reference Type https://github.com/grpc/grpc-go/pull/6703 Patch, Vendor Advisory https://github.com/grpc/grpc-go/pull/6703 Issue Tracking, Patch
    Changed Reference Type https://github.com/h2o/h2o/pull/3291 Patch, Third Party Advisory https://github.com/h2o/h2o/pull/3291 Issue Tracking, Patch
    Changed Reference Type https://github.com/h2o/h2o/pull/3291 Patch, Third Party Advisory https://github.com/h2o/h2o/pull/3291 Issue Tracking, Patch
    Changed Reference Type https://github.com/haproxy/haproxy/issues/2312 Issue Tracking, Vendor Advisory https://github.com/haproxy/haproxy/issues/2312 Issue Tracking
    Changed Reference Type https://github.com/haproxy/haproxy/issues/2312 Issue Tracking, Vendor Advisory https://github.com/haproxy/haproxy/issues/2312 Issue Tracking
    Changed Reference Type https://github.com/icing/mod_h2/blob/0a864782af0a942aa2ad4ed960a6b32cd35bcf0a/mod_http2/README.md?plain=1#L239-L244 Product, Vendor Advisory https://github.com/icing/mod_h2/blob/0a864782af0a942aa2ad4ed960a6b32cd35bcf0a/mod_http2/README.md?plain=1#L239-L244 Product
    Changed Reference Type https://github.com/icing/mod_h2/blob/0a864782af0a942aa2ad4ed960a6b32cd35bcf0a/mod_http2/README.md?plain=1#L239-L244 Product, Vendor Advisory https://github.com/icing/mod_h2/blob/0a864782af0a942aa2ad4ed960a6b32cd35bcf0a/mod_http2/README.md?plain=1#L239-L244 Product
    Changed Reference Type https://github.com/junkurihara/rust-rpxy/issues/97 Issue Tracking, Vendor Advisory https://github.com/junkurihara/rust-rpxy/issues/97 Issue Tracking
    Changed Reference Type https://github.com/junkurihara/rust-rpxy/issues/97 Issue Tracking, Vendor Advisory https://github.com/junkurihara/rust-rpxy/issues/97 Issue Tracking
    Changed Reference Type https://github.com/kazu-yamamoto/http2/commit/f61d41a502bd0f60eb24e1ce14edc7b6df6722a1 Patch, Third Party Advisory https://github.com/kazu-yamamoto/http2/commit/f61d41a502bd0f60eb24e1ce14edc7b6df6722a1 Patch
    Changed Reference Type https://github.com/kazu-yamamoto/http2/commit/f61d41a502bd0f60eb24e1ce14edc7b6df6722a1 Patch, Third Party Advisory https://github.com/kazu-yamamoto/http2/commit/f61d41a502bd0f60eb24e1ce14edc7b6df6722a1 Patch
    Changed Reference Type https://github.com/kazu-yamamoto/http2/issues/93 Issue Tracking, Third Party Advisory https://github.com/kazu-yamamoto/http2/issues/93 Issue Tracking
    Changed Reference Type https://github.com/kazu-yamamoto/http2/issues/93 Issue Tracking, Third Party Advisory https://github.com/kazu-yamamoto/http2/issues/93 Issue Tracking
    Changed Reference Type https://github.com/Kong/kong/discussions/11741 Issue Tracking, Vendor Advisory https://github.com/Kong/kong/discussions/11741 Issue Tracking
    Changed Reference Type https://github.com/Kong/kong/discussions/11741 Issue Tracking, Vendor Advisory https://github.com/Kong/kong/discussions/11741 Issue Tracking
    Changed Reference Type https://github.com/kubernetes/kubernetes/pull/121120 Patch, Vendor Advisory https://github.com/kubernetes/kubernetes/pull/121120 Issue Tracking, Patch
    Changed Reference Type https://github.com/kubernetes/kubernetes/pull/121120 Patch, Vendor Advisory https://github.com/kubernetes/kubernetes/pull/121120 Issue Tracking, Patch
    Changed Reference Type https://github.com/line/armeria/pull/5232 Issue Tracking, Patch, Vendor Advisory https://github.com/line/armeria/pull/5232 Issue Tracking, Patch
    Changed Reference Type https://github.com/line/armeria/pull/5232 Issue Tracking, Patch, Vendor Advisory https://github.com/line/armeria/pull/5232 Issue Tracking, Patch
    Changed Reference Type https://github.com/linkerd/website/pull/1695/commits/4b9c6836471bc8270ab48aae6fd2181bc73fd632 Vendor Advisory https://github.com/linkerd/website/pull/1695/commits/4b9c6836471bc8270ab48aae6fd2181bc73fd632 Patch
    Changed Reference Type https://github.com/linkerd/website/pull/1695/commits/4b9c6836471bc8270ab48aae6fd2181bc73fd632 Vendor Advisory https://github.com/linkerd/website/pull/1695/commits/4b9c6836471bc8270ab48aae6fd2181bc73fd632 Patch
    Changed Reference Type https://github.com/microsoft/CBL-Mariner/pull/6381 Patch, Vendor Advisory https://github.com/microsoft/CBL-Mariner/pull/6381 Issue Tracking, Patch
    Changed Reference Type https://github.com/microsoft/CBL-Mariner/pull/6381 Patch, Vendor Advisory https://github.com/microsoft/CBL-Mariner/pull/6381 Issue Tracking, Patch
    Changed Reference Type https://github.com/netty/netty/commit/58f75f665aa81a8cbcf6ffa74820042a285c5e61 Patch, Vendor Advisory https://github.com/netty/netty/commit/58f75f665aa81a8cbcf6ffa74820042a285c5e61 Patch
    Changed Reference Type https://github.com/netty/netty/commit/58f75f665aa81a8cbcf6ffa74820042a285c5e61 Patch, Vendor Advisory https://github.com/netty/netty/commit/58f75f665aa81a8cbcf6ffa74820042a285c5e61 Patch
    Changed Reference Type https://github.com/nghttp2/nghttp2/pull/1961 Patch, Vendor Advisory https://github.com/nghttp2/nghttp2/pull/1961 Issue Tracking, Patch
    Changed Reference Type https://github.com/nghttp2/nghttp2/pull/1961 Patch, Vendor Advisory https://github.com/nghttp2/nghttp2/pull/1961 Issue Tracking, Patch
    Changed Reference Type https://github.com/nghttp2/nghttp2/releases/tag/v1.57.0 Release Notes, Third Party Advisory https://github.com/nghttp2/nghttp2/releases/tag/v1.57.0 Release Notes
    Changed Reference Type https://github.com/nghttp2/nghttp2/releases/tag/v1.57.0 Release Notes, Third Party Advisory https://github.com/nghttp2/nghttp2/releases/tag/v1.57.0 Release Notes
    Changed Reference Type https://github.com/ninenines/cowboy/issues/1615 Issue Tracking, Vendor Advisory https://github.com/ninenines/cowboy/issues/1615 Issue Tracking
    Changed Reference Type https://github.com/ninenines/cowboy/issues/1615 Issue Tracking, Vendor Advisory https://github.com/ninenines/cowboy/issues/1615 Issue Tracking
    Changed Reference Type https://github.com/nodejs/node/pull/50121 Vendor Advisory https://github.com/nodejs/node/pull/50121 Issue Tracking
    Changed Reference Type https://github.com/nodejs/node/pull/50121 Vendor Advisory https://github.com/nodejs/node/pull/50121 Issue Tracking
    Changed Reference Type https://github.com/openresty/openresty/issues/930 Issue Tracking, Vendor Advisory https://github.com/openresty/openresty/issues/930 Issue Tracking
    Changed Reference Type https://github.com/openresty/openresty/issues/930 Issue Tracking, Vendor Advisory https://github.com/openresty/openresty/issues/930 Issue Tracking
    Changed Reference Type https://github.com/opensearch-project/data-prepper/issues/3474 Issue Tracking, Patch, Vendor Advisory https://github.com/opensearch-project/data-prepper/issues/3474 Issue Tracking, Patch
    Changed Reference Type https://github.com/opensearch-project/data-prepper/issues/3474 Issue Tracking, Patch, Vendor Advisory https://github.com/opensearch-project/data-prepper/issues/3474 Issue Tracking, Patch
    Changed Reference Type https://github.com/oqtane/oqtane.framework/discussions/3367 Issue Tracking, Vendor Advisory https://github.com/oqtane/oqtane.framework/discussions/3367 Issue Tracking
    Changed Reference Type https://github.com/oqtane/oqtane.framework/discussions/3367 Issue Tracking, Vendor Advisory https://github.com/oqtane/oqtane.framework/discussions/3367 Issue Tracking
    Changed Reference Type https://github.com/projectcontour/contour/pull/5826 Issue Tracking, Patch, Vendor Advisory https://github.com/projectcontour/contour/pull/5826 Issue Tracking, Patch
    Changed Reference Type https://github.com/projectcontour/contour/pull/5826 Issue Tracking, Patch, Vendor Advisory https://github.com/projectcontour/contour/pull/5826 Issue Tracking, Patch
    Changed Reference Type https://github.com/tempesta-tech/tempesta/issues/1986 Issue Tracking, Vendor Advisory https://github.com/tempesta-tech/tempesta/issues/1986 Issue Tracking
    Changed Reference Type https://github.com/tempesta-tech/tempesta/issues/1986 Issue Tracking, Vendor Advisory https://github.com/tempesta-tech/tempesta/issues/1986 Issue Tracking
    Changed Reference Type https://github.com/varnishcache/varnish-cache/issues/3996 Issue Tracking, Vendor Advisory https://github.com/varnishcache/varnish-cache/issues/3996 Issue Tracking
    Changed Reference Type https://github.com/varnishcache/varnish-cache/issues/3996 Issue Tracking, Vendor Advisory https://github.com/varnishcache/varnish-cache/issues/3996 Issue Tracking
    Changed Reference Type https://lists.apache.org/thread/5py8h42mxfsn8l1wy6o41xwhsjlsd87q Mailing List, Vendor Advisory https://lists.apache.org/thread/5py8h42mxfsn8l1wy6o41xwhsjlsd87q Mailing List
    Changed Reference Type https://lists.apache.org/thread/5py8h42mxfsn8l1wy6o41xwhsjlsd87q Mailing List, Vendor Advisory https://lists.apache.org/thread/5py8h42mxfsn8l1wy6o41xwhsjlsd87q Mailing List
    Changed Reference Type https://lists.debian.org/debian-lts-announce/2023/10/msg00020.html Mailing List, Third Party Advisory https://lists.debian.org/debian-lts-announce/2023/10/msg00020.html Mailing List
    Changed Reference Type https://lists.debian.org/debian-lts-announce/2023/10/msg00020.html Mailing List, Third Party Advisory https://lists.debian.org/debian-lts-announce/2023/10/msg00020.html Mailing List
    Changed Reference Type https://lists.debian.org/debian-lts-announce/2023/10/msg00023.html Mailing List, Third Party Advisory https://lists.debian.org/debian-lts-announce/2023/10/msg00023.html Mailing List
    Changed Reference Type https://lists.debian.org/debian-lts-announce/2023/10/msg00023.html Mailing List, Third Party Advisory https://lists.debian.org/debian-lts-announce/2023/10/msg00023.html Mailing List
    Changed Reference Type https://lists.debian.org/debian-lts-announce/2023/10/msg00024.html Mailing List, Third Party Advisory https://lists.debian.org/debian-lts-announce/2023/10/msg00024.html Mailing List
    Changed Reference Type https://lists.debian.org/debian-lts-announce/2023/10/msg00024.html Mailing List, Third Party Advisory https://lists.debian.org/debian-lts-announce/2023/10/msg00024.html Mailing List
    Changed Reference Type https://lists.debian.org/debian-lts-announce/2023/10/msg00045.html Third Party Advisory https://lists.debian.org/debian-lts-announce/2023/10/msg00045.html Mailing List
    Changed Reference Type https://lists.debian.org/debian-lts-announce/2023/10/msg00045.html Third Party Advisory https://lists.debian.org/debian-lts-announce/2023/10/msg00045.html Mailing List
    Changed Reference Type https://lists.debian.org/debian-lts-announce/2023/10/msg00047.html Third Party Advisory https://lists.debian.org/debian-lts-announce/2023/10/msg00047.html Mailing List
    Changed Reference Type https://lists.debian.org/debian-lts-announce/2023/10/msg00047.html Third Party Advisory https://lists.debian.org/debian-lts-announce/2023/10/msg00047.html Mailing List
    Changed Reference Type https://lists.debian.org/debian-lts-announce/2023/11/msg00001.html Mailing List, Third Party Advisory https://lists.debian.org/debian-lts-announce/2023/11/msg00001.html Mailing List
    Changed Reference Type https://lists.debian.org/debian-lts-announce/2023/11/msg00001.html Mailing List, Third Party Advisory https://lists.debian.org/debian-lts-announce/2023/11/msg00001.html Mailing List
    Changed Reference Type https://lists.debian.org/debian-lts-announce/2023/11/msg00012.html Mailing List, Third Party Advisory https://lists.debian.org/debian-lts-announce/2023/11/msg00012.html Mailing List
    Changed Reference Type https://lists.debian.org/debian-lts-announce/2023/11/msg00012.html Mailing List, Third Party Advisory https://lists.debian.org/debian-lts-announce/2023/11/msg00012.html Mailing List
    Changed Reference Type https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2MBEPPC36UBVOZZNAXFHKLFGSLCMN5LI/ Mailing List, Third Party Advisory https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2MBEPPC36UBVOZZNAXFHKLFGSLCMN5LI/ Mailing List
    Changed Reference Type https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2MBEPPC36UBVOZZNAXFHKLFGSLCMN5LI/ Mailing List, Third Party Advisory https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2MBEPPC36UBVOZZNAXFHKLFGSLCMN5LI/ Mailing List
    Changed Reference Type https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3N4NJ7FR4X4FPZUGNTQAPSTVB2HB2Y4A/ Mailing List, Third Party Advisory https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3N4NJ7FR4X4FPZUGNTQAPSTVB2HB2Y4A/ Mailing List
    Changed Reference Type https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3N4NJ7FR4X4FPZUGNTQAPSTVB2HB2Y4A/ Mailing List, Third Party Advisory https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3N4NJ7FR4X4FPZUGNTQAPSTVB2HB2Y4A/ Mailing List
    Changed Reference Type https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BFQD3KUEMFBHPAPBGLWQC34L4OWL5HAZ/ Mailing List, Third Party Advisory https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BFQD3KUEMFBHPAPBGLWQC34L4OWL5HAZ/ Mailing List
    Changed Reference Type https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BFQD3KUEMFBHPAPBGLWQC34L4OWL5HAZ/ Mailing List, Third Party Advisory https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BFQD3KUEMFBHPAPBGLWQC34L4OWL5HAZ/ Mailing List
    Changed Reference Type https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CLB4TW7KALB3EEQWNWCN7OUIWWVWWCG2/ Mailing List, Third Party Advisory https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CLB4TW7KALB3EEQWNWCN7OUIWWVWWCG2/ Mailing List
    Changed Reference Type https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CLB4TW7KALB3EEQWNWCN7OUIWWVWWCG2/ Mailing List, Third Party Advisory https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CLB4TW7KALB3EEQWNWCN7OUIWWVWWCG2/ Mailing List
    Changed Reference Type https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/E72T67UPDRXHIDLO3OROR25YAMN4GGW5/ Mailing List, Third Party Advisory https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/E72T67UPDRXHIDLO3OROR25YAMN4GGW5/ Mailing List
    Changed Reference Type https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/E72T67UPDRXHIDLO3OROR25YAMN4GGW5/ Mailing List, Third Party Advisory https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/E72T67UPDRXHIDLO3OROR25YAMN4GGW5/ Mailing List
    Changed Reference Type https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FNA62Q767CFAFHBCDKYNPBMZWB7TWYVU/ Mailing List, Third Party Advisory https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FNA62Q767CFAFHBCDKYNPBMZWB7TWYVU/ Mailing List
    Changed Reference Type https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FNA62Q767CFAFHBCDKYNPBMZWB7TWYVU/ Mailing List, Third Party Advisory https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FNA62Q767CFAFHBCDKYNPBMZWB7TWYVU/ Mailing List
    Changed Reference Type https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HT7T2R4MQKLIF4ODV4BDLPARWFPCJ5CZ/ Mailing List, Third Party Advisory https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HT7T2R4MQKLIF4ODV4BDLPARWFPCJ5CZ/ Mailing List
    Changed Reference Type https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HT7T2R4MQKLIF4ODV4BDLPARWFPCJ5CZ/ Mailing List, Third Party Advisory https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HT7T2R4MQKLIF4ODV4BDLPARWFPCJ5CZ/ Mailing List
    Changed Reference Type https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JIZSEFC3YKCGABA2BZW6ZJRMDZJMB7PJ/ Mailing List, Third Party Advisory https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JIZSEFC3YKCGABA2BZW6ZJRMDZJMB7PJ/ Mailing List
    Changed Reference Type https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JIZSEFC3YKCGABA2BZW6ZJRMDZJMB7PJ/ Mailing List, Third Party Advisory https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JIZSEFC3YKCGABA2BZW6ZJRMDZJMB7PJ/ Mailing List
    Changed Reference Type https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JMEXY22BFG5Q64HQCM5CK2Q7KDKVV4TY/ Mailing List, Third Party Advisory https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JMEXY22BFG5Q64HQCM5CK2Q7KDKVV4TY/ Mailing List
    Changed Reference Type https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JMEXY22BFG5Q64HQCM5CK2Q7KDKVV4TY/ Mailing List, Third Party Advisory https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JMEXY22BFG5Q64HQCM5CK2Q7KDKVV4TY/ Mailing List
    Changed Reference Type https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KSEGD2IWKNUO3DWY4KQGUQM5BISRWHQE/ Mailing List, Third Party Advisory https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KSEGD2IWKNUO3DWY4KQGUQM5BISRWHQE/ Mailing List
    Changed Reference Type https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KSEGD2IWKNUO3DWY4KQGUQM5BISRWHQE/ Mailing List, Third Party Advisory https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KSEGD2IWKNUO3DWY4KQGUQM5BISRWHQE/ Mailing List
    Changed Reference Type https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LKYHSZQFDNR7RSA7LHVLLIAQMVYCUGBG/ Mailing List, Third Party Advisory https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LKYHSZQFDNR7RSA7LHVLLIAQMVYCUGBG/ Mailing List
    Changed Reference Type https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LKYHSZQFDNR7RSA7LHVLLIAQMVYCUGBG/ Mailing List, Third Party Advisory https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LKYHSZQFDNR7RSA7LHVLLIAQMVYCUGBG/ Mailing List
    Changed Reference Type https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LNMZJCDHGLJJLXO4OXWJMTVQRNWOC7UL/ Mailing List, Third Party Advisory https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LNMZJCDHGLJJLXO4OXWJMTVQRNWOC7UL/ Mailing List
    Changed Reference Type https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LNMZJCDHGLJJLXO4OXWJMTVQRNWOC7UL/ Mailing List, Third Party Advisory https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LNMZJCDHGLJJLXO4OXWJMTVQRNWOC7UL/ Mailing List
    Changed Reference Type https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VHUHTSXLXGXS7JYKBXTA3VINUPHTNGVU/ Mailing List, Third Party Advisory https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VHUHTSXLXGXS7JYKBXTA3VINUPHTNGVU/ Mailing List
    Changed Reference Type https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VHUHTSXLXGXS7JYKBXTA3VINUPHTNGVU/ Mailing List, Third Party Advisory https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VHUHTSXLXGXS7JYKBXTA3VINUPHTNGVU/ Mailing List
    Changed Reference Type https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VSRDIV77HNKUSM7SJC5BKE5JSHLHU2NK/ Mailing List, Third Party Advisory https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VSRDIV77HNKUSM7SJC5BKE5JSHLHU2NK/ Mailing List
    Changed Reference Type https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VSRDIV77HNKUSM7SJC5BKE5JSHLHU2NK/ Mailing List, Third Party Advisory https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VSRDIV77HNKUSM7SJC5BKE5JSHLHU2NK/ Mailing List
    Changed Reference Type https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WE2I52RHNNU42PX6NZ2RBUHSFFJ2LVZX/ Mailing List, Third Party Advisory https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WE2I52RHNNU42PX6NZ2RBUHSFFJ2LVZX/ Mailing List
    Changed Reference Type https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WE2I52RHNNU42PX6NZ2RBUHSFFJ2LVZX/ Mailing List, Third Party Advisory https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WE2I52RHNNU42PX6NZ2RBUHSFFJ2LVZX/ Mailing List
    Changed Reference Type https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WLPRQ5TWUQQXYWBJM7ECYDAIL2YVKIUH/ Mailing List, Third Party Advisory https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WLPRQ5TWUQQXYWBJM7ECYDAIL2YVKIUH/ Mailing List
    Changed Reference Type https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WLPRQ5TWUQQXYWBJM7ECYDAIL2YVKIUH/ Mailing List, Third Party Advisory https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WLPRQ5TWUQQXYWBJM7ECYDAIL2YVKIUH/ Mailing List
    Changed Reference Type https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X6QXN4ORIVF6XBW4WWFE7VNPVC74S45Y/ Mailing List, Third Party Advisory https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X6QXN4ORIVF6XBW4WWFE7VNPVC74S45Y/ Mailing List
    Changed Reference Type https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X6QXN4ORIVF6XBW4WWFE7VNPVC74S45Y/ Mailing List, Third Party Advisory https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X6QXN4ORIVF6XBW4WWFE7VNPVC74S45Y/ Mailing List
    Changed Reference Type https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XFOIBB4YFICHDM7IBOP7PWXW3FX4HLL2/ Mailing List, Third Party Advisory https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XFOIBB4YFICHDM7IBOP7PWXW3FX4HLL2/ Mailing List
    Changed Reference Type https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XFOIBB4YFICHDM7IBOP7PWXW3FX4HLL2/ Mailing List, Third Party Advisory https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XFOIBB4YFICHDM7IBOP7PWXW3FX4HLL2/ Mailing List
    Changed Reference Type https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZB43REMKRQR62NJEI7I5NQ4FSXNLBKRT/ Mailing List, Third Party Advisory https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZB43REMKRQR62NJEI7I5NQ4FSXNLBKRT/ Mailing List
    Changed Reference Type https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZB43REMKRQR62NJEI7I5NQ4FSXNLBKRT/ Mailing List, Third Party Advisory https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZB43REMKRQR62NJEI7I5NQ4FSXNLBKRT/ Mailing List
    Changed Reference Type https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZKQSIKIAT5TJ3WSLU3RDBQ35YX4GY4V3/ Mailing List, Third Party Advisory https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZKQSIKIAT5TJ3WSLU3RDBQ35YX4GY4V3/ Mailing List
    Changed Reference Type https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZKQSIKIAT5TJ3WSLU3RDBQ35YX4GY4V3/ Mailing List, Third Party Advisory https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZKQSIKIAT5TJ3WSLU3RDBQ35YX4GY4V3/ Mailing List
    Changed Reference Type https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZLU6U2R2IC2K64NDPNMV55AUAO65MAF4/ Mailing List, Third Party Advisory https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZLU6U2R2IC2K64NDPNMV55AUAO65MAF4/ Mailing List
    Changed Reference Type https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZLU6U2R2IC2K64NDPNMV55AUAO65MAF4/ Mailing List, Third Party Advisory https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZLU6U2R2IC2K64NDPNMV55AUAO65MAF4/ Mailing List
    Changed Reference Type https://news.ycombinator.com/item?id=37830987 Issue Tracking, Third Party Advisory https://news.ycombinator.com/item?id=37830987 Issue Tracking
    Changed Reference Type https://news.ycombinator.com/item?id=37830987 Issue Tracking, Third Party Advisory https://news.ycombinator.com/item?id=37830987 Issue Tracking
    Changed Reference Type https://news.ycombinator.com/item?id=37831062 Issue Tracking, Third Party Advisory https://news.ycombinator.com/item?id=37831062 Issue Tracking
    Changed Reference Type https://news.ycombinator.com/item?id=37831062 Issue Tracking, Third Party Advisory https://news.ycombinator.com/item?id=37831062 Issue Tracking
    Changed Reference Type https://tomcat.apache.org/security-10.html#Fixed_in_Apache_Tomcat_10.1.14 Release Notes, Vendor Advisory https://tomcat.apache.org/security-10.html#Fixed_in_Apache_Tomcat_10.1.14 Release Notes
    Changed Reference Type https://tomcat.apache.org/security-10.html#Fixed_in_Apache_Tomcat_10.1.14 Release Notes, Vendor Advisory https://tomcat.apache.org/security-10.html#Fixed_in_Apache_Tomcat_10.1.14 Release Notes
    Changed Reference Type https://www.vicarius.io/vsociety/posts/rapid-reset-cve-2023-44487-dos-in-http2-understanding-the-root-cause No Types Assigned https://www.vicarius.io/vsociety/posts/rapid-reset-cve-2023-44487-dos-in-http2-understanding-the-root-cause Third Party Advisory
  • CVE Modified by af854a3a-2127-422b-91ae-364da2661108

    Nov. 21, 2024

    Action Type Old Value New Value
    Added Reference http://www.openwall.com/lists/oss-security/2023/10/13/4
    Added Reference http://www.openwall.com/lists/oss-security/2023/10/13/9
    Added Reference http://www.openwall.com/lists/oss-security/2023/10/18/4
    Added Reference http://www.openwall.com/lists/oss-security/2023/10/18/8
    Added Reference http://www.openwall.com/lists/oss-security/2023/10/19/6
    Added Reference http://www.openwall.com/lists/oss-security/2023/10/20/8
    Added Reference https://access.redhat.com/security/cve/cve-2023-44487
    Added Reference https://arstechnica.com/security/2023/10/how-ddosers-used-the-http-2-protocol-to-deliver-attacks-of-unprecedented-size/
    Added Reference https://aws.amazon.com/security/security-bulletins/AWS-2023-011/
    Added Reference https://blog.cloudflare.com/technical-breakdown-http2-rapid-reset-ddos-attack/
    Added Reference https://blog.cloudflare.com/zero-day-rapid-reset-http2-record-breaking-ddos-attack/
    Added Reference https://blog.litespeedtech.com/2023/10/11/rapid-reset-http-2-vulnerablilty/
    Added Reference https://blog.qualys.com/vulnerabilities-threat-research/2023/10/10/cve-2023-44487-http-2-rapid-reset-attack
    Added Reference https://blog.vespa.ai/cve-2023-44487/
    Added Reference https://bugzilla.proxmox.com/show_bug.cgi?id=4988
    Added Reference https://bugzilla.redhat.com/show_bug.cgi?id=2242803
    Added Reference https://bugzilla.suse.com/show_bug.cgi?id=1216123
    Added Reference https://cgit.freebsd.org/ports/commit/?id=c64c329c2c1752f46b73e3e6ce9f4329be6629f9
    Added Reference https://cloud.google.com/blog/products/identity-security/google-cloud-mitigated-largest-ddos-attack-peaking-above-398-million-rps/
    Added Reference https://cloud.google.com/blog/products/identity-security/how-it-works-the-novel-http2-rapid-reset-ddos-attack
    Added Reference https://community.traefik.io/t/is-traefik-vulnerable-to-cve-2023-44487/20125
    Added Reference https://discuss.hashicorp.com/t/hcsec-2023-32-vault-consul-and-boundary-affected-by-http-2-rapid-reset-denial-of-service-vulnerability-cve-2023-44487/59715
    Added Reference https://edg.io/lp/blog/resets-leaks-ddos-and-the-tale-of-a-hidden-cve
    Added Reference https://forums.swift.org/t/swift-nio-http2-security-update-cve-2023-44487-http-2-dos/67764
    Added Reference https://gist.github.com/adulau/7c2bfb8e9cdbe4b35a5e131c66a0c088
    Added Reference https://github.com/advisories/GHSA-qppj-fm5r-hxr3
    Added Reference https://github.com/advisories/GHSA-vx74-f528-fxqg
    Added Reference https://github.com/advisories/GHSA-xpw8-rcwv-8f8p
    Added Reference https://github.com/akka/akka-http/issues/4323
    Added Reference https://github.com/alibaba/tengine/issues/1872
    Added Reference https://github.com/apache/apisix/issues/10320
    Added Reference https://github.com/apache/httpd/blob/afcdbeebbff4b0c50ea26cdd16e178c0d1f24152/modules/http2/h2_mplx.c#L1101-L1113
    Added Reference https://github.com/apache/httpd-site/pull/10
    Added Reference https://github.com/apache/tomcat/tree/main/java/org/apache/coyote/http2
    Added Reference https://github.com/apache/trafficserver/pull/10564
    Added Reference https://github.com/arkrwn/PoC/tree/main/CVE-2023-44487
    Added Reference https://github.com/Azure/AKS/issues/3947
    Added Reference https://github.com/bcdannyboy/CVE-2023-44487
    Added Reference https://github.com/caddyserver/caddy/issues/5877
    Added Reference https://github.com/caddyserver/caddy/releases/tag/v2.7.5
    Added Reference https://github.com/dotnet/announcements/issues/277
    Added Reference https://github.com/dotnet/core/blob/e4613450ea0da7fd2fc6b61dfb2c1c1dec1ce9ec/release-notes/6.0/6.0.23/6.0.23.md?plain=1#L73
    Added Reference https://github.com/eclipse/jetty.project/issues/10679
    Added Reference https://github.com/envoyproxy/envoy/pull/30055
    Added Reference https://github.com/etcd-io/etcd/issues/16740
    Added Reference https://github.com/facebook/proxygen/pull/466
    Added Reference https://github.com/golang/go/issues/63417
    Added Reference https://github.com/grpc/grpc-go/pull/6703
    Added Reference https://github.com/h2o/h2o/pull/3291
    Added Reference https://github.com/h2o/h2o/security/advisories/GHSA-2m7v-gc89-fjqf
    Added Reference https://github.com/haproxy/haproxy/issues/2312
    Added Reference https://github.com/icing/mod_h2/blob/0a864782af0a942aa2ad4ed960a6b32cd35bcf0a/mod_http2/README.md?plain=1#L239-L244
    Added Reference https://github.com/junkurihara/rust-rpxy/issues/97
    Added Reference https://github.com/kazu-yamamoto/http2/commit/f61d41a502bd0f60eb24e1ce14edc7b6df6722a1
    Added Reference https://github.com/kazu-yamamoto/http2/issues/93
    Added Reference https://github.com/Kong/kong/discussions/11741
    Added Reference https://github.com/kubernetes/kubernetes/pull/121120
    Added Reference https://github.com/line/armeria/pull/5232
    Added Reference https://github.com/linkerd/website/pull/1695/commits/4b9c6836471bc8270ab48aae6fd2181bc73fd632
    Added Reference https://github.com/micrictor/http2-rst-stream
    Added Reference https://github.com/microsoft/CBL-Mariner/pull/6381
    Added Reference https://github.com/netty/netty/commit/58f75f665aa81a8cbcf6ffa74820042a285c5e61
    Added Reference https://github.com/nghttp2/nghttp2/pull/1961
    Added Reference https://github.com/nghttp2/nghttp2/releases/tag/v1.57.0
    Added Reference https://github.com/ninenines/cowboy/issues/1615
    Added Reference https://github.com/nodejs/node/pull/50121
    Added Reference https://github.com/openresty/openresty/issues/930
    Added Reference https://github.com/opensearch-project/data-prepper/issues/3474
    Added Reference https://github.com/oqtane/oqtane.framework/discussions/3367
    Added Reference https://github.com/projectcontour/contour/pull/5826
    Added Reference https://github.com/tempesta-tech/tempesta/issues/1986
    Added Reference https://github.com/varnishcache/varnish-cache/issues/3996
    Added Reference https://groups.google.com/g/golang-announce/c/iNNxDTCjZvo
    Added Reference https://istio.io/latest/news/security/istio-security-2023-004/
    Added Reference https://linkerd.io/2023/10/12/linkerd-cve-2023-44487/
    Added Reference https://lists.apache.org/thread/5py8h42mxfsn8l1wy6o41xwhsjlsd87q
    Added Reference https://lists.debian.org/debian-lts-announce/2023/10/msg00020.html
    Added Reference https://lists.debian.org/debian-lts-announce/2023/10/msg00023.html
    Added Reference https://lists.debian.org/debian-lts-announce/2023/10/msg00024.html
    Added Reference https://lists.debian.org/debian-lts-announce/2023/10/msg00045.html
    Added Reference https://lists.debian.org/debian-lts-announce/2023/10/msg00047.html
    Added Reference https://lists.debian.org/debian-lts-announce/2023/11/msg00001.html
    Added Reference https://lists.debian.org/debian-lts-announce/2023/11/msg00012.html
    Added Reference https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2MBEPPC36UBVOZZNAXFHKLFGSLCMN5LI/
    Added Reference https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3N4NJ7FR4X4FPZUGNTQAPSTVB2HB2Y4A/
    Added Reference https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BFQD3KUEMFBHPAPBGLWQC34L4OWL5HAZ/
    Added Reference https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CLB4TW7KALB3EEQWNWCN7OUIWWVWWCG2/
    Added Reference https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/E72T67UPDRXHIDLO3OROR25YAMN4GGW5/
    Added Reference https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FNA62Q767CFAFHBCDKYNPBMZWB7TWYVU/
    Added Reference https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HT7T2R4MQKLIF4ODV4BDLPARWFPCJ5CZ/
    Added Reference https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JIZSEFC3YKCGABA2BZW6ZJRMDZJMB7PJ/
    Added Reference https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JMEXY22BFG5Q64HQCM5CK2Q7KDKVV4TY/
    Added Reference https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KSEGD2IWKNUO3DWY4KQGUQM5BISRWHQE/
    Added Reference https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LKYHSZQFDNR7RSA7LHVLLIAQMVYCUGBG/
    Added Reference https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LNMZJCDHGLJJLXO4OXWJMTVQRNWOC7UL/
    Added Reference https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VHUHTSXLXGXS7JYKBXTA3VINUPHTNGVU/
    Added Reference https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VSRDIV77HNKUSM7SJC5BKE5JSHLHU2NK/
    Added Reference https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WE2I52RHNNU42PX6NZ2RBUHSFFJ2LVZX/
    Added Reference https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WLPRQ5TWUQQXYWBJM7ECYDAIL2YVKIUH/
    Added Reference https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X6QXN4ORIVF6XBW4WWFE7VNPVC74S45Y/
    Added Reference https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XFOIBB4YFICHDM7IBOP7PWXW3FX4HLL2/
    Added Reference https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZB43REMKRQR62NJEI7I5NQ4FSXNLBKRT/
    Added Reference https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZKQSIKIAT5TJ3WSLU3RDBQ35YX4GY4V3/
    Added Reference https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZLU6U2R2IC2K64NDPNMV55AUAO65MAF4/
    Added Reference https://lists.w3.org/Archives/Public/ietf-http-wg/2023OctDec/0025.html
    Added Reference https://mailman.nginx.org/pipermail/nginx-devel/2023-October/S36Q5HBXR7CAIMPLLPRSSSYR4PCMWILK.html
    Added Reference https://martinthomson.github.io/h2-stream-limits/draft-thomson-httpbis-h2-stream-limits.html
    Added Reference https://msrc.microsoft.com/blog/2023/10/microsoft-response-to-distributed-denial-of-service-ddos-attacks-against-http/2/
    Added Reference https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-44487
    Added Reference https://my.f5.com/manage/s/article/K000137106
    Added Reference https://netty.io/news/2023/10/10/4-1-100-Final.html
    Added Reference https://news.ycombinator.com/item?id=37830987
    Added Reference https://news.ycombinator.com/item?id=37830998
    Added Reference https://news.ycombinator.com/item?id=37831062
    Added Reference https://news.ycombinator.com/item?id=37837043
    Added Reference https://openssf.org/blog/2023/10/10/http-2-rapid-reset-vulnerability-highlights-need-for-rapid-response/
    Added Reference https://seanmonstar.com/post/730794151136935936/hyper-http2-rapid-reset-unaffected
    Added Reference https://security.gentoo.org/glsa/202311-09
    Added Reference https://security.netapp.com/advisory/ntap-20231016-0001/
    Added Reference https://security.netapp.com/advisory/ntap-20240426-0007/
    Added Reference https://security.netapp.com/advisory/ntap-20240621-0006/
    Added Reference https://security.netapp.com/advisory/ntap-20240621-0007/
    Added Reference https://security.paloaltonetworks.com/CVE-2023-44487
    Added Reference https://tomcat.apache.org/security-10.html#Fixed_in_Apache_Tomcat_10.1.14
    Added Reference https://ubuntu.com/security/CVE-2023-44487
    Added Reference https://www.bleepingcomputer.com/news/security/new-http-2-rapid-reset-zero-day-attack-breaks-ddos-records/
    Added Reference https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487
    Added Reference https://www.darkreading.com/cloud/internet-wide-zero-day-bug-fuels-largest-ever-ddos-event
    Added Reference https://www.debian.org/security/2023/dsa-5521
    Added Reference https://www.debian.org/security/2023/dsa-5522
    Added Reference https://www.debian.org/security/2023/dsa-5540
    Added Reference https://www.debian.org/security/2023/dsa-5549
    Added Reference https://www.debian.org/security/2023/dsa-5558
    Added Reference https://www.debian.org/security/2023/dsa-5570
    Added Reference https://www.haproxy.com/blog/haproxy-is-not-affected-by-the-http-2-rapid-reset-attack-cve-2023-44487
    Added Reference https://www.netlify.com/blog/netlify-successfully-mitigates-cve-2023-44487/
    Added Reference https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/
    Added Reference https://www.openwall.com/lists/oss-security/2023/10/10/6
    Added Reference https://www.phoronix.com/news/HTTP2-Rapid-Reset-Attack
    Added Reference https://www.theregister.com/2023/10/10/http2_rapid_reset_zeroday/
    Added Reference https://www.vicarius.io/vsociety/posts/rapid-reset-cve-2023-44487-dos-in-http2-understanding-the-root-cause
  • Modified Analysis by [email protected]

    Aug. 14, 2024

    Action Type Old Value New Value
    Removed CWE NIST CWE-400
    Added CWE NIST NVD-CWE-noinfo
  • CVE Modified by 134c704f-9b21-4f2e-91b3-4a467353bcc0

    Aug. 01, 2024

    Action Type Old Value New Value
    Added CWE CISA-ADP CWE-400
    Added CVSS V3.1 CISA-ADP AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
  • Modified Analysis by [email protected]

    Jun. 27, 2024

    Action Type Old Value New Value
    Changed Reference Type https://aws.amazon.com/security/security-bulletins/AWS-2023-011/ Vendor Advisory https://aws.amazon.com/security/security-bulletins/AWS-2023-011/ Third Party Advisory
    Changed Reference Type https://security.netapp.com/advisory/ntap-20240426-0007/ No Types Assigned https://security.netapp.com/advisory/ntap-20240426-0007/ Third Party Advisory
    Changed Reference Type https://security.netapp.com/advisory/ntap-20240621-0006/ No Types Assigned https://security.netapp.com/advisory/ntap-20240621-0006/ Third Party Advisory
    Changed Reference Type https://security.netapp.com/advisory/ntap-20240621-0007/ No Types Assigned https://security.netapp.com/advisory/ntap-20240621-0007/ Third Party Advisory
    Changed CPE Configuration OR *cpe:2.3:a:netapp:astra_control_center:-:*:*:*:*:*:*:* OR *cpe:2.3:a:netapp:astra_control_center:-:*:*:*:*:*:*:* *cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*
  • CVE Modified by [email protected]

    Jun. 21, 2024

    Action Type Old Value New Value
    Added Reference MITRE https://security.netapp.com/advisory/ntap-20240621-0006/ [No types assigned]
    Added Reference MITRE https://security.netapp.com/advisory/ntap-20240621-0007/ [No types assigned]
  • CVE Modified by [email protected]

    May. 14, 2024

    Action Type Old Value New Value
  • CVE Modified by [email protected]

    Apr. 26, 2024

    Action Type Old Value New Value
    Added Reference MITRE https://security.netapp.com/advisory/ntap-20240426-0007/ [No types assigned]
  • Reanalysis by [email protected]

    Feb. 02, 2024

    Action Type Old Value New Value
    Added CPE Configuration OR *cpe:2.3:a:cisco:connected_mobile_experiences:*:*:*:*:*:*:*:* versions up to (excluding) 11.1 *cpe:2.3:a:cisco:crosswork_data_gateway:*:*:*:*:*:*:*:* versions up to (excluding) 4.1.3 *cpe:2.3:a:cisco:crosswork_data_gateway:5.0:*:*:*:*:*:*:* *cpe:2.3:a:cisco:crosswork_zero_touch_provisioning:*:*:*:*:*:*:*:* versions up to (excluding) 6.0.0 *cpe:2.3:a:cisco:data_center_network_manager:-:*:*:*:*:*:*:* *cpe:2.3:a:cisco:enterprise_chat_and_email:-:*:*:*:*:*:*:* *cpe:2.3:a:cisco:expressway:*:*:*:*:*:*:*:* versions up to (excluding) x14.3.3 *cpe:2.3:a:cisco:firepower_threat_defense:*:*:*:*:*:*:*:* versions up to (excluding) 7.4.2 *cpe:2.3:a:cisco:iot_field_network_director:*:*:*:*:*:*:*:* versions up to (excluding) 4.11.0 *cpe:2.3:a:cisco:prime_access_registrar:*:*:*:*:*:*:*:* versions up to (excluding) 9.3.3 *cpe:2.3:a:cisco:prime_cable_provisioning:*:*:*:*:*:*:*:* versions up to (excluding) 7.2.1 *cpe:2.3:a:cisco:prime_infrastructure:*:*:*:*:*:*:*:* versions up to (excluding) 3.10.4 *cpe:2.3:a:cisco:prime_network_registrar:*:*:*:*:*:*:*:* versions up to (excluding) 11.2 *cpe:2.3:a:cisco:secure_dynamic_attributes_connector:*:*:*:*:*:*:*:* versions up to (excluding) 2.2.0 *cpe:2.3:a:cisco:secure_malware_analytics:*:*:*:*:*:*:*:* versions up to (excluding) 2.19.2 *cpe:2.3:a:cisco:telepresence_video_communication_server:*:*:*:*:*:*:*:* versions up to (excluding) x14.3.3 *cpe:2.3:a:cisco:ultra_cloud_core_-_policy_control_function:*:*:*:*:*:*:*:* versions up to (excluding) 2024.01.0 *cpe:2.3:a:cisco:ultra_cloud_core_-_policy_control_function:2024.01.0:*:*:*:*:*:*:* *cpe:2.3:a:cisco:ultra_cloud_core_-_serving_gateway_function:*:*:*:*:*:*:*:* versions up to (excluding) 2024.02.0 *cpe:2.3:a:cisco:ultra_cloud_core_-_session_management_function:*:*:*:*:*:*:*:* versions up to (excluding) 2024.02.0 *cpe:2.3:a:cisco:unified_attendant_console_advanced:-:*:*:*:*:*:*:* *cpe:2.3:a:cisco:unified_contact_center_domain_manager:-:*:*:*:*:*:*:* *cpe:2.3:a:cisco:unified_contact_center_enterprise:-:*:*:*:*:*:*:* *cpe:2.3:a:cisco:unified_contact_center_enterprise_-_live_data_server:*:*:*:*:*:*:*:* versions up to (excluding) 12.6.2 *cpe:2.3:a:cisco:unified_contact_center_management_portal:-:*:*:*:*:*:*:* *cpe:2.3:o:cisco:fog_director:*:*:*:*:*:*:*:* versions up to (excluding) 1.22 *cpe:2.3:o:cisco:ios_xe:*:*:*:*:*:*:*:* versions up to (excluding) 17.15.1 *cpe:2.3:o:cisco:ios_xr:*:*:*:*:*:*:*:* versions up to (excluding) 7.11.2
    Added CPE Configuration AND OR *cpe:2.3:o:cisco:secure_web_appliance_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 15.1.0 OR cpe:2.3:h:cisco:secure_web_appliance:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:cisco:nx-os:*:*:*:*:*:*:*:* versions up to (excluding) 10.2\(7\) *cpe:2.3:o:cisco:nx-os:*:*:*:*:*:*:*:* versions from (including) 10.3\(1\) up to (excluding) 10.3\(5\) OR cpe:2.3:h:cisco:nexus_3016:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:nexus_3016q:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:nexus_3048:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:nexus_3064:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:nexus_3064-32t:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:nexus_3064-t:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:nexus_3064-x:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:nexus_3064t:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:nexus_3064x:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:nexus_3100:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:nexus_3100-v:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:nexus_3100-z:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:nexus_3100v:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:nexus_31108pc-v:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:nexus_31108pv-v:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:nexus_31108tc-v:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:nexus_31128pq:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:nexus_3132c-z:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:nexus_3132q:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:nexus_3132q-v:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:nexus_3132q-x:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:nexus_3132q-x\/3132q-xl:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:nexus_3132q-xl:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:nexus_3164q:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:nexus_3172:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:nexus_3172pq:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:nexus_3172pq-xl:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:nexus_3172pq\/pq-xl:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:nexus_3172tq:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:nexus_3172tq-32t:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:nexus_3172tq-xl:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:nexus_3200:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:nexus_3232:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:nexus_3232c:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:nexus_3232c_:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:nexus_3264c-e:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:nexus_3264q:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:nexus_3400:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:nexus_3408-s:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:nexus_34180yc:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:nexus_34200yc-sm:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:nexus_3432d-s:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:nexus_3464c:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:nexus_3500:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:nexus_3524:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:nexus_3524-x:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:nexus_3524-x\/xl:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:nexus_3524-xl:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:nexus_3548:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:nexus_3548-x:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:nexus_3548-x\/xl:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:nexus_3548-xl:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:nexus_3600:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:nexus_36180yc-r:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:nexus_3636c-r:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:cisco:nx-os:*:*:*:*:*:*:*:* versions up to (excluding) 10.2\(7\) *cpe:2.3:o:cisco:nx-os:*:*:*:*:*:*:*:* versions from (including) 10.3\(1\) up to (excluding) 10.3\(5\) OR cpe:2.3:h:cisco:nexus_9000v:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:nexus_9200:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:nexus_9200yc:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:nexus_92160yc-x:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:nexus_92160yc_switch:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:nexus_9221c:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:nexus_92300yc:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:nexus_92300yc_switch:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:nexus_92304qc:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:nexus_92304qc_switch:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:nexus_9232e:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:nexus_92348gc-x:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:nexus_9236c:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:nexus_9236c_switch:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:nexus_9272q:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:nexus_9272q_switch:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:nexus_9300:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:nexus_93108tc-ex:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:nexus_93108tc-ex-24:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:nexus_93108tc-ex_switch:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:nexus_93108tc-fx:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:nexus_93108tc-fx-24:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:nexus_93108tc-fx3h:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:nexus_93108tc-fx3p:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:nexus_93120tx:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:nexus_93120tx_switch:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:nexus_93128:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:nexus_93128tx:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:nexus_93128tx_switch:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:nexus_9316d-gx:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:nexus_93180lc-ex:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:nexus_93180lc-ex_switch:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:nexus_93180tc-ex:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:nexus_93180yc-ex:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:nexus_93180yc-ex-24:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:nexus_93180yc-ex_switch:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:nexus_93180yc-fx:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:nexus_93180yc-fx-24:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:nexus_93180yc-fx3:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:nexus_93180yc-fx3h:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:nexus_93180yc-fx3s:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:nexus_93216tc-fx2:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:nexus_93240tc-fx2:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:nexus_93240yc-fx2:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:nexus_9332c:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:nexus_9332d-gx2b:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:nexus_9332d-h2r:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:nexus_9332pq:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:nexus_9332pq_switch:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:nexus_93360yc-fx2:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:nexus_9336c-fx2:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:nexus_9336c-fx2-e:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:nexus_9336pq:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:nexus_9336pq_aci:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:nexus_9336pq_aci_spine:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:nexus_9336pq_aci_spine_switch:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:nexus_9348d-gx2a:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:nexus_9348gc-fx3:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:nexus_9348gc-fxp:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:nexus_93600cd-gx:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:nexus_9364c:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:nexus_9364c-gx:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:nexus_9364d-gx2a:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:nexus_9372px:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:nexus_9372px-e:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:nexus_9372px-e_switch:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:nexus_9372px_switch:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:nexus_9372tx:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:nexus_9372tx-e:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:nexus_9372tx-e_switch:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:nexus_9372tx_switch:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:nexus_9396px:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:nexus_9396px_switch:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:nexus_9396tx:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:nexus_9396tx_switch:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:nexus_9408:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:nexus_9432pq:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:nexus_9500:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:nexus_9500_16-slot:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:nexus_9500_4-slot:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:nexus_9500_8-slot:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:nexus_9500_supervisor_a:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:nexus_9500_supervisor_a\+:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:nexus_9500_supervisor_b:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:nexus_9500_supervisor_b\+:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:nexus_9500r:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:nexus_9504:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:nexus_9504_switch:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:nexus_9508:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:nexus_9508_switch:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:nexus_9516:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:nexus_9516_switch:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:nexus_9536pq:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:nexus_9636pq:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:nexus_9716d-gx:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:nexus_9736pq:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:nexus_9800:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:nexus_9804:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:nexus_9808:-:*:*:*:*:*:*:*
  • Modified Analysis by [email protected]

    Dec. 20, 2023

    Action Type Old Value New Value
    Changed Reference Type https://www.debian.org/security/2023/dsa-5570 No Types Assigned https://www.debian.org/security/2023/dsa-5570 Third Party Advisory
    Added CPE Configuration OR *cpe:2.3:a:openresty:openresty:*:*:*:*:*:*:*:* versions up to (excluding) 1.21.4.3
  • CVE Modified by [email protected]

    Dec. 02, 2023

    Action Type Old Value New Value
    Added Reference MITRE https://www.debian.org/security/2023/dsa-5570 [No types assigned]
  • Modified Analysis by [email protected]

    Dec. 01, 2023

    Action Type Old Value New Value
    Changed Reference Type https://blog.qualys.com/vulnerabilities-threat-research/2023/10/10/cve-2023-44487-http-2-rapid-reset-attack Press/Media Coverage https://blog.qualys.com/vulnerabilities-threat-research/2023/10/10/cve-2023-44487-http-2-rapid-reset-attack Press/Media Coverage, Third Party Advisory
    Changed Reference Type https://bugzilla.proxmox.com/show_bug.cgi?id=4988 Issue Tracking https://bugzilla.proxmox.com/show_bug.cgi?id=4988 Issue Tracking, Third Party Advisory
    Changed Reference Type https://cgit.freebsd.org/ports/commit/?id=c64c329c2c1752f46b73e3e6ce9f4329be6629f9 Mailing List, Patch https://cgit.freebsd.org/ports/commit/?id=c64c329c2c1752f46b73e3e6ce9f4329be6629f9 Mailing List, Patch, Vendor Advisory
    Changed Reference Type https://discuss.hashicorp.com/t/hcsec-2023-32-vault-consul-and-boundary-affected-by-http-2-rapid-reset-denial-of-service-vulnerability-cve-2023-44487/59715 No Types Assigned https://discuss.hashicorp.com/t/hcsec-2023-32-vault-consul-and-boundary-affected-by-http-2-rapid-reset-denial-of-service-vulnerability-cve-2023-44487/59715 Third Party Advisory
    Changed Reference Type https://github.com/apache/httpd/blob/afcdbeebbff4b0c50ea26cdd16e178c0d1f24152/modules/http2/h2_mplx.c#L1101-L1113 Product https://github.com/apache/httpd/blob/afcdbeebbff4b0c50ea26cdd16e178c0d1f24152/modules/http2/h2_mplx.c#L1101-L1113 Product, Third Party Advisory
    Changed Reference Type https://github.com/apache/tomcat/tree/main/java/org/apache/coyote/http2 Product https://github.com/apache/tomcat/tree/main/java/org/apache/coyote/http2 Product, Third Party Advisory
    Changed Reference Type https://github.com/caddyserver/caddy/releases/tag/v2.7.5 Release Notes https://github.com/caddyserver/caddy/releases/tag/v2.7.5 Release Notes, Third Party Advisory
    Changed Reference Type https://github.com/h2o/h2o/pull/3291 Patch https://github.com/h2o/h2o/pull/3291 Patch, Third Party Advisory
    Changed Reference Type https://github.com/kazu-yamamoto/http2/commit/f61d41a502bd0f60eb24e1ce14edc7b6df6722a1 Patch https://github.com/kazu-yamamoto/http2/commit/f61d41a502bd0f60eb24e1ce14edc7b6df6722a1 Patch, Third Party Advisory
    Changed Reference Type https://github.com/kazu-yamamoto/http2/issues/93 Issue Tracking https://github.com/kazu-yamamoto/http2/issues/93 Issue Tracking, Third Party Advisory
    Changed Reference Type https://github.com/nghttp2/nghttp2/releases/tag/v1.57.0 Release Notes https://github.com/nghttp2/nghttp2/releases/tag/v1.57.0 Release Notes, Third Party Advisory
    Changed Reference Type https://groups.google.com/g/golang-announce/c/iNNxDTCjZvo Vendor Advisory https://groups.google.com/g/golang-announce/c/iNNxDTCjZvo Mailing List, Vendor Advisory
    Changed Reference Type https://lists.debian.org/debian-lts-announce/2023/10/msg00020.html Mailing List https://lists.debian.org/debian-lts-announce/2023/10/msg00020.html Mailing List, Third Party Advisory
    Changed Reference Type https://lists.debian.org/debian-lts-announce/2023/10/msg00045.html No Types Assigned https://lists.debian.org/debian-lts-announce/2023/10/msg00045.html Third Party Advisory
    Changed Reference Type https://lists.debian.org/debian-lts-announce/2023/10/msg00047.html No Types Assigned https://lists.debian.org/debian-lts-announce/2023/10/msg00047.html Third Party Advisory
    Changed Reference Type https://lists.debian.org/debian-lts-announce/2023/11/msg00001.html No Types Assigned https://lists.debian.org/debian-lts-announce/2023/11/msg00001.html Mailing List, Third Party Advisory
    Changed Reference Type https://lists.debian.org/debian-lts-announce/2023/11/msg00012.html No Types Assigned https://lists.debian.org/debian-lts-announce/2023/11/msg00012.html Mailing List, Third Party Advisory
    Changed Reference Type https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2MBEPPC36UBVOZZNAXFHKLFGSLCMN5LI/ No Types Assigned https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2MBEPPC36UBVOZZNAXFHKLFGSLCMN5LI/ Mailing List, Third Party Advisory
    Changed Reference Type https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3N4NJ7FR4X4FPZUGNTQAPSTVB2HB2Y4A/ No Types Assigned https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3N4NJ7FR4X4FPZUGNTQAPSTVB2HB2Y4A/ Mailing List, Third Party Advisory
    Changed Reference Type https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BFQD3KUEMFBHPAPBGLWQC34L4OWL5HAZ/ No Types Assigned https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BFQD3KUEMFBHPAPBGLWQC34L4OWL5HAZ/ Mailing List, Third Party Advisory
    Changed Reference Type https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CLB4TW7KALB3EEQWNWCN7OUIWWVWWCG2/ No Types Assigned https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CLB4TW7KALB3EEQWNWCN7OUIWWVWWCG2/ Mailing List, Third Party Advisory
    Changed Reference Type https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/E72T67UPDRXHIDLO3OROR25YAMN4GGW5/ No Types Assigned https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/E72T67UPDRXHIDLO3OROR25YAMN4GGW5/ Mailing List, Third Party Advisory
    Changed Reference Type https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FNA62Q767CFAFHBCDKYNPBMZWB7TWYVU/ No Types Assigned https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FNA62Q767CFAFHBCDKYNPBMZWB7TWYVU/ Mailing List, Third Party Advisory
    Changed Reference Type https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HT7T2R4MQKLIF4ODV4BDLPARWFPCJ5CZ/ No Types Assigned https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HT7T2R4MQKLIF4ODV4BDLPARWFPCJ5CZ/ Mailing List, Third Party Advisory
    Changed Reference Type https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JIZSEFC3YKCGABA2BZW6ZJRMDZJMB7PJ/ No Types Assigned https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JIZSEFC3YKCGABA2BZW6ZJRMDZJMB7PJ/ Mailing List, Third Party Advisory
    Changed Reference Type https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JMEXY22BFG5Q64HQCM5CK2Q7KDKVV4TY/ No Types Assigned https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JMEXY22BFG5Q64HQCM5CK2Q7KDKVV4TY/ Mailing List, Third Party Advisory
    Changed Reference Type https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KSEGD2IWKNUO3DWY4KQGUQM5BISRWHQE/ No Types Assigned https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KSEGD2IWKNUO3DWY4KQGUQM5BISRWHQE/ Mailing List, Third Party Advisory
    Changed Reference Type https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LKYHSZQFDNR7RSA7LHVLLIAQMVYCUGBG/ No Types Assigned https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LKYHSZQFDNR7RSA7LHVLLIAQMVYCUGBG/ Mailing List, Third Party Advisory
    Changed Reference Type https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LNMZJCDHGLJJLXO4OXWJMTVQRNWOC7UL/ No Types Assigned https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LNMZJCDHGLJJLXO4OXWJMTVQRNWOC7UL/ Mailing List, Third Party Advisory
    Changed Reference Type https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VHUHTSXLXGXS7JYKBXTA3VINUPHTNGVU/ No Types Assigned https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VHUHTSXLXGXS7JYKBXTA3VINUPHTNGVU/ Mailing List, Third Party Advisory
    Changed Reference Type https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VSRDIV77HNKUSM7SJC5BKE5JSHLHU2NK/ No Types Assigned https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VSRDIV77HNKUSM7SJC5BKE5JSHLHU2NK/ Mailing List, Third Party Advisory
    Changed Reference Type https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WE2I52RHNNU42PX6NZ2RBUHSFFJ2LVZX/ No Types Assigned https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WE2I52RHNNU42PX6NZ2RBUHSFFJ2LVZX/ Mailing List, Third Party Advisory
    Changed Reference Type https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WLPRQ5TWUQQXYWBJM7ECYDAIL2YVKIUH/ No Types Assigned https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WLPRQ5TWUQQXYWBJM7ECYDAIL2YVKIUH/ Mailing List, Third Party Advisory
    Changed Reference Type https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X6QXN4ORIVF6XBW4WWFE7VNPVC74S45Y/ No Types Assigned https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X6QXN4ORIVF6XBW4WWFE7VNPVC74S45Y/ Mailing List, Third Party Advisory
    Changed Reference Type https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XFOIBB4YFICHDM7IBOP7PWXW3FX4HLL2/ No Types Assigned https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XFOIBB4YFICHDM7IBOP7PWXW3FX4HLL2/ Mailing List, Third Party Advisory
    Changed Reference Type https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZB43REMKRQR62NJEI7I5NQ4FSXNLBKRT/ No Types Assigned https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZB43REMKRQR62NJEI7I5NQ4FSXNLBKRT/ Mailing List, Third Party Advisory
    Changed Reference Type https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZKQSIKIAT5TJ3WSLU3RDBQ35YX4GY4V3/ No Types Assigned https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZKQSIKIAT5TJ3WSLU3RDBQ35YX4GY4V3/ Mailing List, Third Party Advisory
    Changed Reference Type https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZLU6U2R2IC2K64NDPNMV55AUAO65MAF4/ No Types Assigned https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZLU6U2R2IC2K64NDPNMV55AUAO65MAF4/ Mailing List, Third Party Advisory
    Changed Reference Type https://lists.w3.org/Archives/Public/ietf-http-wg/2023OctDec/0025.html Mailing List https://lists.w3.org/Archives/Public/ietf-http-wg/2023OctDec/0025.html Mailing List, Third Party Advisory
    Changed Reference Type https://mailman.nginx.org/pipermail/nginx-devel/2023-October/S36Q5HBXR7CAIMPLLPRSSSYR4PCMWILK.html Mailing List, Patch https://mailman.nginx.org/pipermail/nginx-devel/2023-October/S36Q5HBXR7CAIMPLLPRSSSYR4PCMWILK.html Mailing List, Patch, Third Party Advisory
    Changed Reference Type https://security.gentoo.org/glsa/202311-09 No Types Assigned https://security.gentoo.org/glsa/202311-09 Third Party Advisory
    Changed Reference Type https://www.darkreading.com/cloud/internet-wide-zero-day-bug-fuels-largest-ever-ddos-event Press/Media Coverage https://www.darkreading.com/cloud/internet-wide-zero-day-bug-fuels-largest-ever-ddos-event Press/Media Coverage, Third Party Advisory
    Changed Reference Type https://www.debian.org/security/2023/dsa-5540 No Types Assigned https://www.debian.org/security/2023/dsa-5540 Third Party Advisory
    Changed Reference Type https://www.debian.org/security/2023/dsa-5549 No Types Assigned https://www.debian.org/security/2023/dsa-5549 Third Party Advisory
    Changed Reference Type https://www.debian.org/security/2023/dsa-5558 No Types Assigned https://www.debian.org/security/2023/dsa-5558 Third Party Advisory
    Changed Reference Type https://www.theregister.com/2023/10/10/http2_rapid_reset_zeroday/ Press/Media Coverage https://www.theregister.com/2023/10/10/http2_rapid_reset_zeroday/ Press/Media Coverage, Third Party Advisory
    Changed CPE Configuration OR *cpe:2.3:a:grpc:grpc:*:*:*:*:*:go:*:* versions up to (excluding) 1.56.3 *cpe:2.3:a:grpc:grpc:1.57.0:-:*:*:*:go:*:* *cpe:2.3:a:grpc:grpc:*:*:*:*:*:go:*:* versions from (including) 1.58.0 up to (excluding) 1.58.3 OR *cpe:2.3:a:grpc:grpc:*:*:*:*:*:go:*:* versions up to (excluding) 1.56.3 *cpe:2.3:a:grpc:grpc:1.57.0:-:*:*:*:go:*:* *cpe:2.3:a:grpc:grpc:*:*:*:*:*:go:*:* versions from (including) 1.58.0 up to (excluding) 1.58.3 *cpe:2.3:a:grpc:grpc:*:*:*:*:*:-:*:* versions up to (including) 1.59.2
  • CVE Modified by [email protected]

    Nov. 25, 2023

    Action Type Old Value New Value
    Added Reference MITRE https://security.gentoo.org/glsa/202311-09 [No types assigned]
  • CVE Modified by [email protected]

    Nov. 19, 2023

    Action Type Old Value New Value
    Added Reference MITRE https://lists.debian.org/debian-lts-announce/2023/11/msg00012.html [No types assigned]
  • CVE Modified by [email protected]

    Nov. 18, 2023

    Action Type Old Value New Value
    Added Reference MITRE https://www.debian.org/security/2023/dsa-5558 [No types assigned]
  • CVE Modified by [email protected]

    Nov. 07, 2023

    Action Type Old Value New Value
    Added Reference MITRE https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2MBEPPC36UBVOZZNAXFHKLFGSLCMN5LI/ [No types assigned]
    Added Reference MITRE https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WE2I52RHNNU42PX6NZ2RBUHSFFJ2LVZX/ [No types assigned]
  • CVE Modified by [email protected]

    Nov. 07, 2023

    Action Type Old Value New Value
    Added Reference MITRE https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JMEXY22BFG5Q64HQCM5CK2Q7KDKVV4TY/ [No types assigned]
    Added Reference MITRE https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZKQSIKIAT5TJ3WSLU3RDBQ35YX4GY4V3/ [No types assigned]
    Added Reference MITRE https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JIZSEFC3YKCGABA2BZW6ZJRMDZJMB7PJ/ [No types assigned]
    Added Reference MITRE https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WLPRQ5TWUQQXYWBJM7ECYDAIL2YVKIUH/ [No types assigned]
    Added Reference MITRE https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/E72T67UPDRXHIDLO3OROR25YAMN4GGW5/ [No types assigned]
    Added Reference MITRE https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BFQD3KUEMFBHPAPBGLWQC34L4OWL5HAZ/ [No types assigned]
    Added Reference MITRE https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZLU6U2R2IC2K64NDPNMV55AUAO65MAF4/ [No types assigned]
    Added Reference MITRE https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X6QXN4ORIVF6XBW4WWFE7VNPVC74S45Y/ [No types assigned]
    Added Reference MITRE https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LKYHSZQFDNR7RSA7LHVLLIAQMVYCUGBG/ [No types assigned]
    Added Reference MITRE https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FNA62Q767CFAFHBCDKYNPBMZWB7TWYVU/ [No types assigned]
    Added Reference MITRE https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LNMZJCDHGLJJLXO4OXWJMTVQRNWOC7UL/ [No types assigned]
    Added Reference MITRE https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KSEGD2IWKNUO3DWY4KQGUQM5BISRWHQE/ [No types assigned]
    Added Reference MITRE https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CLB4TW7KALB3EEQWNWCN7OUIWWVWWCG2/ [No types assigned]
    Added Reference MITRE https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VHUHTSXLXGXS7JYKBXTA3VINUPHTNGVU/ [No types assigned]
    Added Reference MITRE https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VSRDIV77HNKUSM7SJC5BKE5JSHLHU2NK/ [No types assigned]
    Added Reference MITRE https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3N4NJ7FR4X4FPZUGNTQAPSTVB2HB2Y4A/ [No types assigned]
    Added Reference MITRE https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZB43REMKRQR62NJEI7I5NQ4FSXNLBKRT/ [No types assigned]
    Added Reference MITRE https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HT7T2R4MQKLIF4ODV4BDLPARWFPCJ5CZ/ [No types assigned]
    Added Reference MITRE https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XFOIBB4YFICHDM7IBOP7PWXW3FX4HLL2/ [No types assigned]
    Removed Reference MITRE https://lists.fedoraproject.org/archives/list/[email protected]/message/JMEXY22BFG5Q64HQCM5CK2Q7KDKVV4TY/
    Removed Reference MITRE https://lists.fedoraproject.org/archives/list/[email protected]/message/JIZSEFC3YKCGABA2BZW6ZJRMDZJMB7PJ/
    Removed Reference MITRE https://lists.fedoraproject.org/archives/list/[email protected]/message/ZKQSIKIAT5TJ3WSLU3RDBQ35YX4GY4V3/
    Removed Reference MITRE https://lists.fedoraproject.org/archives/list/[email protected]/message/ZLU6U2R2IC2K64NDPNMV55AUAO65MAF4/
    Removed Reference MITRE https://lists.fedoraproject.org/archives/list/[email protected]/message/BFQD3KUEMFBHPAPBGLWQC34L4OWL5HAZ/
    Removed Reference MITRE https://lists.fedoraproject.org/archives/list/[email protected]/message/WLPRQ5TWUQQXYWBJM7ECYDAIL2YVKIUH/
    Removed Reference MITRE https://lists.fedoraproject.org/archives/list/[email protected]/message/E72T67UPDRXHIDLO3OROR25YAMN4GGW5/
    Removed Reference MITRE https://lists.fedoraproject.org/archives/list/[email protected]/message/LKYHSZQFDNR7RSA7LHVLLIAQMVYCUGBG/
    Removed Reference MITRE https://lists.fedoraproject.org/archives/list/[email protected]/message/X6QXN4ORIVF6XBW4WWFE7VNPVC74S45Y/
    Removed Reference MITRE https://lists.fedoraproject.org/archives/list/[email protected]/message/FNA62Q767CFAFHBCDKYNPBMZWB7TWYVU/
    Removed Reference MITRE https://lists.fedoraproject.org/archives/list/[email protected]/message/LNMZJCDHGLJJLXO4OXWJMTVQRNWOC7UL/
    Removed Reference MITRE https://lists.fedoraproject.org/archives/list/[email protected]/message/KSEGD2IWKNUO3DWY4KQGUQM5BISRWHQE/
    Removed Reference MITRE https://lists.fedoraproject.org/archives/list/[email protected]/message/CLB4TW7KALB3EEQWNWCN7OUIWWVWWCG2/
    Removed Reference MITRE https://lists.fedoraproject.org/archives/list/[email protected]/message/VHUHTSXLXGXS7JYKBXTA3VINUPHTNGVU/
    Removed Reference MITRE https://lists.fedoraproject.org/archives/list/[email protected]/message/ZB43REMKRQR62NJEI7I5NQ4FSXNLBKRT/
    Removed Reference MITRE https://lists.fedoraproject.org/archives/list/[email protected]/message/3N4NJ7FR4X4FPZUGNTQAPSTVB2HB2Y4A/
    Removed Reference MITRE https://lists.fedoraproject.org/archives/list/[email protected]/message/VSRDIV77HNKUSM7SJC5BKE5JSHLHU2NK/
    Removed Reference MITRE https://lists.fedoraproject.org/archives/list/[email protected]/message/HT7T2R4MQKLIF4ODV4BDLPARWFPCJ5CZ/
    Removed Reference MITRE https://lists.fedoraproject.org/archives/list/[email protected]/message/XFOIBB4YFICHDM7IBOP7PWXW3FX4HLL2/
  • CVE Modified by [email protected]

    Nov. 06, 2023

    Action Type Old Value New Value
    Added Reference https://www.debian.org/security/2023/dsa-5549 [No Types Assigned]
  • CVE Modified by [email protected]

    Nov. 06, 2023

    Action Type Old Value New Value
    Added Reference https://lists.debian.org/debian-lts-announce/2023/11/msg00001.html [No Types Assigned]
  • CVE Modified by [email protected]

    Nov. 03, 2023

    Action Type Old Value New Value
    Added Reference https://lists.fedoraproject.org/archives/list/[email protected]/message/ZB43REMKRQR62NJEI7I5NQ4FSXNLBKRT/ [No Types Assigned]
    Added Reference https://lists.fedoraproject.org/archives/list/[email protected]/message/3N4NJ7FR4X4FPZUGNTQAPSTVB2HB2Y4A/ [No Types Assigned]
    Added Reference https://lists.fedoraproject.org/archives/list/[email protected]/message/VSRDIV77HNKUSM7SJC5BKE5JSHLHU2NK/ [No Types Assigned]
    Added Reference https://lists.fedoraproject.org/archives/list/[email protected]/message/HT7T2R4MQKLIF4ODV4BDLPARWFPCJ5CZ/ [No Types Assigned]
    Added Reference https://lists.fedoraproject.org/archives/list/[email protected]/message/XFOIBB4YFICHDM7IBOP7PWXW3FX4HLL2/ [No Types Assigned]
  • CVE Modified by [email protected]

    Nov. 03, 2023

    Action Type Old Value New Value
    Added Reference https://lists.fedoraproject.org/archives/list/[email protected]/message/VHUHTSXLXGXS7JYKBXTA3VINUPHTNGVU/ [No Types Assigned]
  • CVE Modified by [email protected]

    Nov. 03, 2023

    Action Type Old Value New Value
    Added Reference https://discuss.hashicorp.com/t/hcsec-2023-32-vault-consul-and-boundary-affected-by-http-2-rapid-reset-denial-of-service-vulnerability-cve-2023-44487/59715 [No Types Assigned]
  • CVE Modified by [email protected]

    Oct. 31, 2023

    Action Type Old Value New Value
    Added Reference https://lists.debian.org/debian-lts-announce/2023/10/msg00047.html [No Types Assigned]
  • CVE Modified by [email protected]

    Oct. 31, 2023

    Action Type Old Value New Value
    Added Reference https://www.debian.org/security/2023/dsa-5540 [No Types Assigned]
  • CVE Modified by [email protected]

    Oct. 30, 2023

    Action Type Old Value New Value
    Added Reference https://lists.debian.org/debian-lts-announce/2023/10/msg00045.html [No Types Assigned]
  • CVE Modified by [email protected]

    Oct. 29, 2023

    Action Type Old Value New Value
    Added Reference https://lists.fedoraproject.org/archives/list/[email protected]/message/CLB4TW7KALB3EEQWNWCN7OUIWWVWWCG2/ [No Types Assigned]
  • CVE Modified by [email protected]

    Oct. 29, 2023

    Action Type Old Value New Value
    Added Reference https://lists.fedoraproject.org/archives/list/[email protected]/message/KSEGD2IWKNUO3DWY4KQGUQM5BISRWHQE/ [No Types Assigned]
  • CVE Modified by [email protected]

    Oct. 28, 2023

    Action Type Old Value New Value
    Added Reference https://lists.fedoraproject.org/archives/list/[email protected]/message/LNMZJCDHGLJJLXO4OXWJMTVQRNWOC7UL/ [No Types Assigned]
  • CVE Modified by [email protected]

    Oct. 26, 2023

    Action Type Old Value New Value
    Added Reference https://lists.fedoraproject.org/archives/list/[email protected]/message/FNA62Q767CFAFHBCDKYNPBMZWB7TWYVU/ [No Types Assigned]
  • CVE Modified by [email protected]

    Oct. 26, 2023

    Action Type Old Value New Value
    Added Reference https://lists.fedoraproject.org/archives/list/[email protected]/message/LKYHSZQFDNR7RSA7LHVLLIAQMVYCUGBG/ [No Types Assigned]
    Added Reference https://lists.fedoraproject.org/archives/list/[email protected]/message/X6QXN4ORIVF6XBW4WWFE7VNPVC74S45Y/ [No Types Assigned]
  • CVE Modified by [email protected]

    Oct. 25, 2023

    Action Type Old Value New Value
    Added Reference https://lists.fedoraproject.org/archives/list/[email protected]/message/ZLU6U2R2IC2K64NDPNMV55AUAO65MAF4/ [No Types Assigned]
    Added Reference https://lists.fedoraproject.org/archives/list/[email protected]/message/BFQD3KUEMFBHPAPBGLWQC34L4OWL5HAZ/ [No Types Assigned]
    Added Reference https://lists.fedoraproject.org/archives/list/[email protected]/message/WLPRQ5TWUQQXYWBJM7ECYDAIL2YVKIUH/ [No Types Assigned]
    Added Reference https://lists.fedoraproject.org/archives/list/[email protected]/message/E72T67UPDRXHIDLO3OROR25YAMN4GGW5/ [No Types Assigned]
  • Reanalysis by [email protected]

    Oct. 25, 2023

    Action Type Old Value New Value
    Changed CPE Configuration OR *cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:* versions up to (excluding) 21.0.0 OR *cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:* versions from (including) 18.0.0 up to (excluding) 18.18.2 *cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:* versions from (including) 20.0.0 up to (excluding) 20.8.1
  • Modified Analysis by [email protected]

    Oct. 24, 2023

    Action Type Old Value New Value
    Changed Reference Type http://www.openwall.com/lists/oss-security/2023/10/18/4 No Types Assigned http://www.openwall.com/lists/oss-security/2023/10/18/4 Mailing List, Third Party Advisory
    Changed Reference Type http://www.openwall.com/lists/oss-security/2023/10/18/8 No Types Assigned http://www.openwall.com/lists/oss-security/2023/10/18/8 Mailing List, Third Party Advisory
    Changed Reference Type http://www.openwall.com/lists/oss-security/2023/10/19/6 No Types Assigned http://www.openwall.com/lists/oss-security/2023/10/19/6 Mailing List, Third Party Advisory
    Changed Reference Type http://www.openwall.com/lists/oss-security/2023/10/20/8 No Types Assigned http://www.openwall.com/lists/oss-security/2023/10/20/8 Mailing List
    Changed Reference Type https://lists.fedoraproject.org/archives/list/[email protected]/message/JIZSEFC3YKCGABA2BZW6ZJRMDZJMB7PJ/ No Types Assigned https://lists.fedoraproject.org/archives/list/[email protected]/message/JIZSEFC3YKCGABA2BZW6ZJRMDZJMB7PJ/ Mailing List
    Changed Reference Type https://lists.fedoraproject.org/archives/list/[email protected]/message/ZKQSIKIAT5TJ3WSLU3RDBQ35YX4GY4V3/ No Types Assigned https://lists.fedoraproject.org/archives/list/[email protected]/message/ZKQSIKIAT5TJ3WSLU3RDBQ35YX4GY4V3/ Mailing List
    Changed CPE Configuration OR *cpe:2.3:a:linkerd:linkerd:*:*:*:*:*:*:*:* versions from (including) 2.12.0 up to (including) 2.12.5 *cpe:2.3:a:linkerd:linkerd:2.13.0:*:*:*:*:*:*:* *cpe:2.3:a:linkerd:linkerd:2.13.1:*:*:*:*:*:*:* *cpe:2.3:a:linkerd:linkerd:2.14.0:*:*:*:*:*:*:* *cpe:2.3:a:linkerd:linkerd:2.14.1:*:*:*:*:*:*:* OR *cpe:2.3:a:linkerd:linkerd:*:*:*:*:stable:kubernetes:*:* versions from (including) 2.12.0 up to (including) 2.12.5 *cpe:2.3:a:linkerd:linkerd:2.13.0:*:*:*:stable:kubernetes:*:* *cpe:2.3:a:linkerd:linkerd:2.13.1:*:*:*:stable:kubernetes:*:* *cpe:2.3:a:linkerd:linkerd:2.14.0:*:*:*:stable:kubernetes:*:* *cpe:2.3:a:linkerd:linkerd:2.14.1:*:*:*:stable:kubernetes:*:*
    Changed CPE Configuration OR *cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:* OR *cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:* *cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*
    Added CPE Configuration OR *cpe:2.3:a:jenkins:jenkins:*:*:*:*:lts:*:*:* versions up to (including) 2.414.2 *cpe:2.3:a:jenkins:jenkins:*:*:*:*:-:*:*:* versions up to (including) 2.427
    Added CPE Configuration OR *cpe:2.3:a:apache:solr:*:*:*:*:*:*:*:* versions up to (excluding) 9.4.0
  • CVE Modified by [email protected]

    Oct. 20, 2023

    Action Type Old Value New Value
    Added Reference http://www.openwall.com/lists/oss-security/2023/10/20/8 [No Types Assigned]
  • CVE Modified by [email protected]

    Oct. 20, 2023

    Action Type Old Value New Value
    Added Reference https://lists.fedoraproject.org/archives/list/[email protected]/message/JIZSEFC3YKCGABA2BZW6ZJRMDZJMB7PJ/ [No Types Assigned]
    Added Reference https://lists.fedoraproject.org/archives/list/[email protected]/message/ZKQSIKIAT5TJ3WSLU3RDBQ35YX4GY4V3/ [No Types Assigned]
  • CVE Modified by [email protected]

    Oct. 19, 2023

    Action Type Old Value New Value
    Added Reference http://www.openwall.com/lists/oss-security/2023/10/19/6 [No Types Assigned]
  • CVE Modified by [email protected]

    Oct. 19, 2023

    Action Type Old Value New Value
    Added Reference http://www.openwall.com/lists/oss-security/2023/10/18/8 [No Types Assigned]
  • CVE Modified by [email protected]

    Oct. 18, 2023

    Action Type Old Value New Value
    Added Reference http://www.openwall.com/lists/oss-security/2023/10/18/4 [No Types Assigned]
  • Reanalysis by [email protected]

    Oct. 18, 2023

    Action Type Old Value New Value
    Changed Reference Type https://arstechnica.com/security/2023/10/how-ddosers-used-the-http-2-protocol-to-deliver-attacks-of-unprecedented-size/ Third Party Advisory https://arstechnica.com/security/2023/10/how-ddosers-used-the-http-2-protocol-to-deliver-attacks-of-unprecedented-size/ Press/Media Coverage, Third Party Advisory
    Changed Reference Type https://blog.qualys.com/vulnerabilities-threat-research/2023/10/10/cve-2023-44487-http-2-rapid-reset-attack Vendor Advisory https://blog.qualys.com/vulnerabilities-threat-research/2023/10/10/cve-2023-44487-http-2-rapid-reset-attack Press/Media Coverage
    Changed Reference Type https://bugzilla.suse.com/show_bug.cgi?id=1216123 Issue Tracking https://bugzilla.suse.com/show_bug.cgi?id=1216123 Issue Tracking, Vendor Advisory
    Changed Reference Type https://github.com/advisories/GHSA-qppj-fm5r-hxr3 Issue Tracking, Vendor Advisory https://github.com/advisories/GHSA-qppj-fm5r-hxr3 Vendor Advisory
    Changed Reference Type https://github.com/apache/httpd/blob/afcdbeebbff4b0c50ea26cdd16e178c0d1f24152/modules/http2/h2_mplx.c#L1101-L1113 Vendor Advisory https://github.com/apache/httpd/blob/afcdbeebbff4b0c50ea26cdd16e178c0d1f24152/modules/http2/h2_mplx.c#L1101-L1113 Product
    Changed Reference Type https://github.com/arkrwn/PoC/tree/main/CVE-2023-44487 Issue Tracking, Vendor Advisory https://github.com/arkrwn/PoC/tree/main/CVE-2023-44487 Vendor Advisory
    Changed Reference Type https://github.com/caddyserver/caddy/releases/tag/v2.7.5 Issue Tracking, Vendor Advisory https://github.com/caddyserver/caddy/releases/tag/v2.7.5 Release Notes
    Changed Reference Type https://github.com/etcd-io/etcd/issues/16740 Issue Tracking, Vendor Advisory https://github.com/etcd-io/etcd/issues/16740 Issue Tracking, Patch, Vendor Advisory
    Changed Reference Type https://github.com/kazu-yamamoto/http2/issues/93 Vendor Advisory https://github.com/kazu-yamamoto/http2/issues/93 Issue Tracking
    Changed Reference Type https://github.com/line/armeria/pull/5232 Issue Tracking, Vendor Advisory https://github.com/line/armeria/pull/5232 Issue Tracking, Patch, Vendor Advisory
    Changed Reference Type https://github.com/projectcontour/contour/pull/5826 Issue Tracking, Vendor Advisory https://github.com/projectcontour/contour/pull/5826 Issue Tracking, Patch, Vendor Advisory
    Changed Reference Type https://linkerd.io/2023/10/12/linkerd-cve-2023-44487/ Third Party Advisory https://linkerd.io/2023/10/12/linkerd-cve-2023-44487/ Vendor Advisory
    Changed Reference Type https://lists.debian.org/debian-lts-announce/2023/10/msg00020.html Vendor Advisory https://lists.debian.org/debian-lts-announce/2023/10/msg00020.html Mailing List
    Changed Reference Type https://lists.debian.org/debian-lts-announce/2023/10/msg00023.html Third Party Advisory https://lists.debian.org/debian-lts-announce/2023/10/msg00023.html Mailing List, Third Party Advisory
    Changed Reference Type https://lists.debian.org/debian-lts-announce/2023/10/msg00024.html Third Party Advisory https://lists.debian.org/debian-lts-announce/2023/10/msg00024.html Mailing List, Third Party Advisory
    Changed Reference Type https://lists.fedoraproject.org/archives/list/[email protected]/message/JMEXY22BFG5Q64HQCM5CK2Q7KDKVV4TY/ Third Party Advisory https://lists.fedoraproject.org/archives/list/[email protected]/message/JMEXY22BFG5Q64HQCM5CK2Q7KDKVV4TY/ Mailing List, Third Party Advisory
    Changed Reference Type https://lists.w3.org/Archives/Public/ietf-http-wg/2023OctDec/0025.html Third Party Advisory https://lists.w3.org/Archives/Public/ietf-http-wg/2023OctDec/0025.html Mailing List
    Changed Reference Type https://martinthomson.github.io/h2-stream-limits/draft-thomson-httpbis-h2-stream-limits.html Vendor Advisory https://martinthomson.github.io/h2-stream-limits/draft-thomson-httpbis-h2-stream-limits.html Third Party Advisory
    Changed Reference Type https://news.ycombinator.com/item?id=37837043 Third Party Advisory https://news.ycombinator.com/item?id=37837043 Issue Tracking
    Changed CPE Configuration OR *cpe:2.3:a:caddyserver:caddy:*:*:*:*:*:*:*:* versions up to (excluding) 2.5.7 OR *cpe:2.3:a:caddyserver:caddy:*:*:*:*:*:*:*:* versions up to (excluding) 2.7.5
    Changed CPE Configuration OR *cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:* versions from (including) 6.0.0 up to (excluding) 6.0.23 *cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:* versions from (including) 7.0.0 up to (excluding) 7.0.12 *cpe:2.3:a:microsoft:asp.net_core:*:*:*:*:*:*:*:* versions from (including) 6.0.0 up to (excluding) 6.0.23 *cpe:2.3:a:microsoft:asp.net_core:*:*:*:*:*:*:*:* versions from (including) 7.0.0 up to (excluding) 7.0.12 *cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:* versions from (including) 17.0 up to (excluding) 17.2.20 *cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:* versions from (including) 17.4 up to (excluding) 17.4.12 *cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:* versions from (including) 17.6 up to (excluding) 17.6.8 *cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:* versions from (including) 17.7 up to (excluding) 17.7.5 *cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x64:* versions up to (excluding) 10.0.14393.6351 *cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x86:* versions up to (excluding) 10.0.14393.6351 *cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:*:* versions up to (excluding) 10.0.17763.4974 *cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:*:* versions up to (excluding) 10.0.19044.3570 *cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:*:* versions up to (excluding) 10.0.19045.3570 *cpe:2.3:o:microsoft:windows_11_21h2:*:*:*:*:*:*:*:* versions up to (excluding) 10.0.22000.2538 *cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:*:* versions up to (excluding) 10.0.22621.2428 *cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:* *cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:* *cpe:2.3:o:microsoft:windows_server_2022:-:*:*:*:*:*:*:* OR *cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:* versions from (including) 6.0.0 up to (excluding) 6.0.23 *cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:* versions from (including) 7.0.0 up to (excluding) 7.0.12 *cpe:2.3:a:microsoft:asp.net_core:*:*:*:*:*:*:*:* versions from (including) 6.0.0 up to (excluding) 6.0.23 *cpe:2.3:a:microsoft:asp.net_core:*:*:*:*:*:*:*:* versions from (including) 7.0.0 up to (excluding) 7.0.12 *cpe:2.3:a:microsoft:azure_kubernetes_service:*:*:*:*:*:*:*:* versions up to (excluding) 2023-10-08 *cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:* versions from (including) 17.0 up to (excluding) 17.2.20 *cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:* versions from (including) 17.4 up to (excluding) 17.4.12 *cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:* versions from (including) 17.6 up to (excluding) 17.6.8 *cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:* versions from (including) 17.7 up to (excluding) 17.7.5 *cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x64:* versions up to (excluding) 10.0.14393.6351 *cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x86:* versions up to (excluding) 10.0.14393.6351 *cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:*:* versions up to (excluding) 10.0.17763.4974 *cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:*:* versions up to (excluding) 10.0.19044.3570 *cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:*:* versions up to (excluding) 10.0.19045.3570 *cpe:2.3:o:microsoft:windows_11_21h2:*:*:*:*:*:*:*:* versions up to (excluding) 10.0.22000.2538 *cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:*:* versions up to (excluding) 10.0.22621.2428 *cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:* *cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:* *cpe:2.3:o:microsoft:windows_server_2022:-:*:*:*:*:*:*:*
    Changed CPE Configuration OR *cpe:2.3:a:apache:traffic_server:*:*:*:*:*:*:*:* versions from (including) 8.0.0 up to (excluding) 8.1.9 *cpe:2.3:a:apache:traffic_server:*:*:*:*:*:*:*:* versions from (including) 9.0.0 up to (excluding) 9.2.3 OR *cpe:2.3:a:apache:apisix:*:*:*:*:*:*:*:* versions up to (excluding) 3.6.1 *cpe:2.3:a:apache:traffic_server:*:*:*:*:*:*:*:* versions from (including) 8.0.0 up to (excluding) 8.1.9 *cpe:2.3:a:apache:traffic_server:*:*:*:*:*:*:*:* versions from (including) 9.0.0 up to (excluding) 9.2.3
    Added CPE Configuration OR *cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:* *cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:* *cpe:2.3:o:debian:debian_linux:12.0:*:*:*:*:*:*:*
    Added CPE Configuration OR *cpe:2.3:a:kazu-yamamoto:http2:*:*:*:*:*:*:*:* versions up to (excluding) 4.2.2
    Added CPE Configuration OR *cpe:2.3:a:istio:istio:*:*:*:*:*:*:*:* versions up to (excluding) 1.17.6 *cpe:2.3:a:istio:istio:*:*:*:*:*:*:*:* versions from (including) 1.18.0 up to (excluding) 1.18.3 *cpe:2.3:a:istio:istio:*:*:*:*:*:*:*:* versions from (including) 1.19.0 up to (excluding) 1.19.1
    Added CPE Configuration OR *cpe:2.3:a:varnish_cache_project:varnish_cache:*:*:*:*:*:*:*:* versions up to (excluding) 2023-10-10
    Added CPE Configuration OR *cpe:2.3:a:traefik:traefik:*:*:*:*:*:*:*:* versions up to (excluding) 2.10.5 *cpe:2.3:a:traefik:traefik:3.0.0:beta1:*:*:*:*:*:* *cpe:2.3:a:traefik:traefik:3.0.0:beta2:*:*:*:*:*:* *cpe:2.3:a:traefik:traefik:3.0.0:beta3:*:*:*:*:*:*
    Added CPE Configuration OR *cpe:2.3:a:projectcontour:contour:*:*:*:*:*:kubernetes:*:* versions up to (excluding) 2023-10-11
    Added CPE Configuration OR *cpe:2.3:a:linkerd:linkerd:*:*:*:*:*:*:*:* versions from (including) 2.12.0 up to (including) 2.12.5 *cpe:2.3:a:linkerd:linkerd:2.13.0:*:*:*:*:*:*:* *cpe:2.3:a:linkerd:linkerd:2.13.1:*:*:*:*:*:*:* *cpe:2.3:a:linkerd:linkerd:2.14.0:*:*:*:*:*:*:* *cpe:2.3:a:linkerd:linkerd:2.14.1:*:*:*:*:*:*:*
    Added CPE Configuration OR *cpe:2.3:a:linecorp:armeria:*:*:*:*:*:*:*:* versions up to (excluding) 1.26.0
    Added CPE Configuration OR *cpe:2.3:a:redhat:3scale_api_management_platform:2.0:*:*:*:*:*:*:* *cpe:2.3:a:redhat:advanced_cluster_management_for_kubernetes:2.0:*:*:*:*:*:*:* *cpe:2.3:a:redhat:advanced_cluster_security:3.0:*:*:*:*:*:*:* *cpe:2.3:a:redhat:advanced_cluster_security:4.0:*:*:*:*:*:*:* *cpe:2.3:a:redhat:ansible_automation_platform:2.0:*:*:*:*:*:*:* *cpe:2.3:a:redhat:build_of_optaplanner:8.0:*:*:*:*:*:*:* *cpe:2.3:a:redhat:build_of_quarkus:-:*:*:*:*:*:*:* *cpe:2.3:a:redhat:ceph_storage:5.0:*:*:*:*:*:*:* *cpe:2.3:a:redhat:cert-manager_operator_for_red_hat_openshift:-:*:*:*:*:*:*:* *cpe:2.3:a:redhat:certification_for_red_hat_enterprise_linux:8.0:*:*:*:*:*:*:* *cpe:2.3:a:redhat:certification_for_red_hat_enterprise_linux:9.0:*:*:*:*:*:*:* *cpe:2.3:a:redhat:cost_management:-:*:*:*:*:*:*:* *cpe:2.3:a:redhat:cryostat:2.0:*:*:*:*:*:*:* *cpe:2.3:a:redhat:decision_manager:7.0:*:*:*:*:*:*:* *cpe:2.3:a:redhat:fence_agents_remediation_operator:-:*:*:*:*:*:*:* *cpe:2.3:a:redhat:integration_camel_for_spring_boot:-:*:*:*:*:*:*:* *cpe:2.3:a:redhat:integration_camel_k:-:*:*:*:*:*:*:* *cpe:2.3:a:redhat:integration_service_registry:-:*:*:*:*:*:*:* *cpe:2.3:a:redhat:jboss_a-mq:7:*:*:*:*:*:*:* *cpe:2.3:a:redhat:jboss_a-mq_streams:-:*:*:*:*:*:*:* *cpe:2.3:a:redhat:jboss_core_services:-:*:*:*:*:*:*:* *cpe:2.3:a:redhat:jboss_data_grid:7.0.0:*:*:*:*:*:*:* *cpe:2.3:a:redhat:jboss_enterprise_application_platform:6.0.0:*:*:*:*:*:*:* *cpe:2.3:a:redhat:jboss_enterprise_application_platform:7.0.0:*:*:*:*:*:*:* *cpe:2.3:a:redhat:jboss_fuse:6.0.0:*:*:*:*:*:*:* *cpe:2.3:a:redhat:jboss_fuse:7.0.0:*:*:*:*:*:*:* *cpe:2.3:a:redhat:logging_subsystem_for_red_hat_openshift:-:*:*:*:*:*:*:* *cpe:2.3:a:redhat:machine_deletion_remediation_operator:-:*:*:*:*:*:*:* *cpe:2.3:a:redhat:migration_toolkit_for_applications:6.0:*:*:*:*:*:*:* *cpe:2.3:a:redhat:migration_toolkit_for_containers:-:*:*:*:*:*:*:* *cpe:2.3:a:redhat:migration_toolkit_for_virtualization:-:*:*:*:*:*:*:* *cpe:2.3:a:redhat:network_observability_operator:-:*:*:*:*:*:*:* *cpe:2.3:a:redhat:node_healthcheck_operator:-:*:*:*:*:*:*:* *cpe:2.3:a:redhat:node_maintenance_operator:-:*:*:*:*:*:*:* *cpe:2.3:a:redhat:openshift:-:*:*:*:*:aws:*:* *cpe:2.3:a:redhat:openshift_api_for_data_protection:-:*:*:*:*:*:*:* *cpe:2.3:a:redhat:openshift_container_platform:4.0:*:*:*:*:*:*:* *cpe:2.3:a:redhat:openshift_container_platform_assisted_installer:-:*:*:*:*:*:*:* *cpe:2.3:a:redhat:openshift_data_science:-:*:*:*:*:*:*:* *cpe:2.3:a:redhat:openshift_dev_spaces:-:*:*:*:*:*:*:* *cpe:2.3:a:redhat:openshift_developer_tools_and_services:-:*:*:*:*:*:*:* *cpe:2.3:a:redhat:openshift_distributed_tracing:-:*:*:*:*:*:*:* *cpe:2.3:a:redhat:openshift_gitops:-:*:*:*:*:*:*:* *cpe:2.3:a:redhat:openshift_pipelines:-:*:*:*:*:*:*:* *cpe:2.3:a:redhat:openshift_sandboxed_containers:-:*:*:*:*:*:*:* *cpe:2.3:a:redhat:openshift_secondary_scheduler_operator:-:*:*:*:*:*:*:* *cpe:2.3:a:redhat:openshift_serverless:-:*:*:*:*:*:*:* *cpe:2.3:a:redhat:openshift_service_mesh:2.0:*:*:*:*:*:*:* *cpe:2.3:a:redhat:openshift_virtualization:4:*:*:*:*:*:*:* *cpe:2.3:a:redhat:openstack_platform:16.1:*:*:*:*:*:*:* *cpe:2.3:a:redhat:openstack_platform:16.2:*:*:*:*:*:*:* *cpe:2.3:a:redhat:openstack_platform:17.1:*:*:*:*:*:*:* *cpe:2.3:a:redhat:process_automation:7.0:*:*:*:*:*:*:* *cpe:2.3:a:redhat:quay:3.0.0:*:*:*:*:*:*:* *cpe:2.3:a:redhat:run_once_duration_override_operator:-:*:*:*:*:*:*:* *cpe:2.3:a:redhat:satellite:6.0:*:*:*:*:*:*:* *cpe:2.3:a:redhat:self_node_remediation_operator:-:*:*:*:*:*:*:* *cpe:2.3:a:redhat:service_interconnect:1.0:*:*:*:*:*:*:* *cpe:2.3:a:redhat:single_sign-on:7.0:*:*:*:*:*:*:* *cpe:2.3:a:redhat:support_for_spring_boot:-:*:*:*:*:*:*:* *cpe:2.3:a:redhat:web_terminal:-:*:*:*:*:*:*:* *cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:* *cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:* *cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:a:redhat:service_telemetry_framework:1.5:*:*:*:*:*:*:* OR cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*
    Added CPE Configuration OR *cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*
    Added CPE Configuration OR *cpe:2.3:a:netapp:astra_control_center:-:*:*:*:*:*:*:*
    Added CPE Configuration OR *cpe:2.3:a:akka:http_server:*:*:*:*:*:*:*:* versions up to (excluding) 10.5.3
    Added CPE Configuration OR *cpe:2.3:a:konghq:kong_gateway:*:*:*:*:enterprise:*:*:* versions up to (excluding) 3.4.2
  • Modified Analysis by [email protected]

    Oct. 18, 2023

    Action Type Old Value New Value
    Changed Reference Type http://www.openwall.com/lists/oss-security/2023/10/13/9 No Types Assigned http://www.openwall.com/lists/oss-security/2023/10/13/9 Mailing List, Third Party Advisory
    Changed Reference Type https://arstechnica.com/security/2023/10/how-ddosers-used-the-http-2-protocol-to-deliver-attacks-of-unprecedented-size/ No Types Assigned https://arstechnica.com/security/2023/10/how-ddosers-used-the-http-2-protocol-to-deliver-attacks-of-unprecedented-size/ Third Party Advisory
    Changed Reference Type https://cgit.freebsd.org/ports/commit/?id=c64c329c2c1752f46b73e3e6ce9f4329be6629f9 Patch https://cgit.freebsd.org/ports/commit/?id=c64c329c2c1752f46b73e3e6ce9f4329be6629f9 Mailing List, Patch
    Changed Reference Type https://edg.io/lp/blog/resets-leaks-ddos-and-the-tale-of-a-hidden-cve Technical Description, Vendor Advisory https://edg.io/lp/blog/resets-leaks-ddos-and-the-tale-of-a-hidden-cve Technical Description, Third Party Advisory
    Changed Reference Type https://gist.github.com/adulau/7c2bfb8e9cdbe4b35a5e131c66a0c088 Vendor Advisory https://gist.github.com/adulau/7c2bfb8e9cdbe4b35a5e131c66a0c088 Third Party Advisory
    Changed Reference Type https://github.com/advisories/GHSA-vx74-f528-fxqg Vendor Advisory https://github.com/advisories/GHSA-vx74-f528-fxqg Mitigation, Patch, Vendor Advisory
    Changed Reference Type https://github.com/advisories/GHSA-xpw8-rcwv-8f8p Vendor Advisory https://github.com/advisories/GHSA-xpw8-rcwv-8f8p Patch, Vendor Advisory
    Changed Reference Type https://github.com/alibaba/tengine/issues/1872 Vendor Advisory https://github.com/alibaba/tengine/issues/1872 Issue Tracking, Vendor Advisory
    Changed Reference Type https://github.com/apache/tomcat/tree/main/java/org/apache/coyote/http2 Vendor Advisory https://github.com/apache/tomcat/tree/main/java/org/apache/coyote/http2 Product
    Changed Reference Type https://github.com/apache/trafficserver/pull/10564 Vendor Advisory https://github.com/apache/trafficserver/pull/10564 Patch, Vendor Advisory
    Changed Reference Type https://github.com/bcdannyboy/CVE-2023-44487 Vendor Advisory https://github.com/bcdannyboy/CVE-2023-44487 Third Party Advisory
    Changed Reference Type https://github.com/caddyserver/caddy/issues/5877 Vendor Advisory https://github.com/caddyserver/caddy/issues/5877 Issue Tracking, Vendor Advisory
    Changed Reference Type https://github.com/dotnet/announcements/issues/277 Vendor Advisory https://github.com/dotnet/announcements/issues/277 Mitigation, Vendor Advisory
    Changed Reference Type https://github.com/dotnet/core/blob/e4613450ea0da7fd2fc6b61dfb2c1c1dec1ce9ec/release-notes/6.0/6.0.23/6.0.23.md?plain=1#L73 Vendor Advisory https://github.com/dotnet/core/blob/e4613450ea0da7fd2fc6b61dfb2c1c1dec1ce9ec/release-notes/6.0/6.0.23/6.0.23.md?plain=1#L73 Product, Release Notes, Vendor Advisory
    Changed Reference Type https://github.com/eclipse/jetty.project/issues/10679 Vendor Advisory https://github.com/eclipse/jetty.project/issues/10679 Issue Tracking, Vendor Advisory
    Changed Reference Type https://github.com/envoyproxy/envoy/pull/30055 Vendor Advisory https://github.com/envoyproxy/envoy/pull/30055 Patch, Vendor Advisory
    Changed Reference Type https://github.com/facebook/proxygen/pull/466 Vendor Advisory https://github.com/facebook/proxygen/pull/466 Patch, Vendor Advisory
    Changed Reference Type https://github.com/golang/go/issues/63417 Vendor Advisory https://github.com/golang/go/issues/63417 Issue Tracking, Vendor Advisory
    Changed Reference Type https://github.com/grpc/grpc-go/pull/6703 Vendor Advisory https://github.com/grpc/grpc-go/pull/6703 Patch, Vendor Advisory
    Changed Reference Type https://github.com/h2o/h2o/pull/3291 Vendor Advisory https://github.com/h2o/h2o/pull/3291 Patch
    Changed Reference Type https://github.com/haproxy/haproxy/issues/2312 Vendor Advisory https://github.com/haproxy/haproxy/issues/2312 Issue Tracking, Vendor Advisory
    Changed Reference Type https://github.com/icing/mod_h2/blob/0a864782af0a942aa2ad4ed960a6b32cd35bcf0a/mod_http2/README.md?plain=1#L239-L244 Vendor Advisory https://github.com/icing/mod_h2/blob/0a864782af0a942aa2ad4ed960a6b32cd35bcf0a/mod_http2/README.md?plain=1#L239-L244 Product, Vendor Advisory
    Changed Reference Type https://github.com/kubernetes/kubernetes/pull/121120 Vendor Advisory https://github.com/kubernetes/kubernetes/pull/121120 Patch, Vendor Advisory
    Changed Reference Type https://github.com/micrictor/http2-rst-stream Vendor Advisory https://github.com/micrictor/http2-rst-stream Exploit, Third Party Advisory
    Changed Reference Type https://github.com/microsoft/CBL-Mariner/pull/6381 Vendor Advisory https://github.com/microsoft/CBL-Mariner/pull/6381 Patch, Vendor Advisory
    Changed Reference Type https://github.com/netty/netty/commit/58f75f665aa81a8cbcf6ffa74820042a285c5e61 Vendor Advisory https://github.com/netty/netty/commit/58f75f665aa81a8cbcf6ffa74820042a285c5e61 Patch, Vendor Advisory
    Changed Reference Type https://github.com/nghttp2/nghttp2/pull/1961 Vendor Advisory https://github.com/nghttp2/nghttp2/pull/1961 Patch, Vendor Advisory
    Changed Reference Type https://github.com/nghttp2/nghttp2/releases/tag/v1.57.0 Vendor Advisory https://github.com/nghttp2/nghttp2/releases/tag/v1.57.0 Release Notes
    Changed Reference Type https://github.com/opensearch-project/data-prepper/issues/3474 Vendor Advisory https://github.com/opensearch-project/data-prepper/issues/3474 Issue Tracking, Patch, Vendor Advisory
    Changed Reference Type https://github.com/oqtane/oqtane.framework/discussions/3367 Vendor Advisory https://github.com/oqtane/oqtane.framework/discussions/3367 Issue Tracking, Vendor Advisory
    Changed Reference Type https://linkerd.io/2023/10/12/linkerd-cve-2023-44487/ No Types Assigned https://linkerd.io/2023/10/12/linkerd-cve-2023-44487/ Third Party Advisory
    Changed Reference Type https://lists.apache.org/thread/5py8h42mxfsn8l1wy6o41xwhsjlsd87q Vendor Advisory https://lists.apache.org/thread/5py8h42mxfsn8l1wy6o41xwhsjlsd87q Mailing List, Vendor Advisory
    Changed Reference Type https://lists.debian.org/debian-lts-announce/2023/10/msg00023.html No Types Assigned https://lists.debian.org/debian-lts-announce/2023/10/msg00023.html Third Party Advisory
    Changed Reference Type https://lists.debian.org/debian-lts-announce/2023/10/msg00024.html No Types Assigned https://lists.debian.org/debian-lts-announce/2023/10/msg00024.html Third Party Advisory
    Changed Reference Type https://lists.fedoraproject.org/archives/list/[email protected]/message/JMEXY22BFG5Q64HQCM5CK2Q7KDKVV4TY/ No Types Assigned https://lists.fedoraproject.org/archives/list/[email protected]/message/JMEXY22BFG5Q64HQCM5CK2Q7KDKVV4TY/ Third Party Advisory
    Changed Reference Type https://lists.w3.org/Archives/Public/ietf-http-wg/2023OctDec/0025.html No Types Assigned https://lists.w3.org/Archives/Public/ietf-http-wg/2023OctDec/0025.html Third Party Advisory
    Changed Reference Type https://mailman.nginx.org/pipermail/nginx-devel/2023-October/S36Q5HBXR7CAIMPLLPRSSSYR4PCMWILK.html Mailing List https://mailman.nginx.org/pipermail/nginx-devel/2023-October/S36Q5HBXR7CAIMPLLPRSSSYR4PCMWILK.html Mailing List, Patch
    Changed Reference Type https://msrc.microsoft.com/blog/2023/10/microsoft-response-to-distributed-denial-of-service-ddos-attacks-against-http/2/ Vendor Advisory https://msrc.microsoft.com/blog/2023/10/microsoft-response-to-distributed-denial-of-service-ddos-attacks-against-http/2/ Patch, Vendor Advisory
    Changed Reference Type https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-44487 Patch, Vendor Advisory https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-44487 Mitigation, Patch, Vendor Advisory
    Changed Reference Type https://netty.io/news/2023/10/10/4-1-100-Final.html Vendor Advisory https://netty.io/news/2023/10/10/4-1-100-Final.html Release Notes, Vendor Advisory
    Changed Reference Type https://news.ycombinator.com/item?id=37830987 Third Party Advisory https://news.ycombinator.com/item?id=37830987 Issue Tracking, Third Party Advisory
    Changed Reference Type https://news.ycombinator.com/item?id=37830998 Press/Media Coverage https://news.ycombinator.com/item?id=37830998 Issue Tracking, Press/Media Coverage
    Changed Reference Type https://news.ycombinator.com/item?id=37831062 Third Party Advisory https://news.ycombinator.com/item?id=37831062 Issue Tracking, Third Party Advisory
    Changed Reference Type https://security.netapp.com/advisory/ntap-20231016-0001/ No Types Assigned https://security.netapp.com/advisory/ntap-20231016-0001/ Third Party Advisory
    Changed Reference Type https://tomcat.apache.org/security-10.html#Fixed_in_Apache_Tomcat_10.1.14 Vendor Advisory https://tomcat.apache.org/security-10.html#Fixed_in_Apache_Tomcat_10.1.14 Release Notes, Vendor Advisory
    Changed Reference Type https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/ Vendor Advisory https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/ Mitigation, Vendor Advisory
    Added CPE Configuration OR *cpe:2.3:a:nghttp2:nghttp2:*:*:*:*:*:*:*:* versions up to (excluding) 1.57.0
    Added CPE Configuration OR *cpe:2.3:a:netty:netty:*:*:*:*:*:*:*:* versions up to (excluding) 4.1.100
    Added CPE Configuration OR *cpe:2.3:a:envoyproxy:envoy:1.24.10:*:*:*:*:*:*:* *cpe:2.3:a:envoyproxy:envoy:1.25.9:*:*:*:*:*:*:* *cpe:2.3:a:envoyproxy:envoy:1.26.4:*:*:*:*:*:*:* *cpe:2.3:a:envoyproxy:envoy:1.27.0:*:*:*:*:*:*:*
    Added CPE Configuration OR *cpe:2.3:a:eclipse:jetty:*:*:*:*:*:*:*:* versions up to (excluding) 9.4.53 *cpe:2.3:a:eclipse:jetty:*:*:*:*:*:*:*:* versions from (including) 10.0.0 up to (excluding) 10.0.17 *cpe:2.3:a:eclipse:jetty:*:*:*:*:*:*:*:* versions from (including) 11.0.0 up to (excluding) 11.0.17 *cpe:2.3:a:eclipse:jetty:*:*:*:*:*:*:*:* versions from (including) 12.0.0 up to (excluding) 12.0.2
    Added CPE Configuration OR *cpe:2.3:a:caddyserver:caddy:*:*:*:*:*:*:*:* versions up to (excluding) 2.5.7
    Added CPE Configuration OR *cpe:2.3:a:golang:go:*:*:*:*:*:*:*:* versions up to (excluding) 1.20.10 *cpe:2.3:a:golang:go:*:*:*:*:*:*:*:* versions from (including) 1.21.0 up to (excluding) 1.21.3 *cpe:2.3:a:golang:http2:*:*:*:*:*:go:*:* versions up to (excluding) 0.17.0 *cpe:2.3:a:golang:networking:*:*:*:*:*:go:*:* versions up to (excluding) 0.17.0
    Added CPE Configuration OR *cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:* versions from (including) 13.1.0 up to (including) 13.1.5 *cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:* versions from (including) 14.1.0 up to (including) 14.1.5 *cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:* versions from (including) 15.1.0 up to (including) 15.1.10 *cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:* versions from (including) 16.1.0 up to (including) 16.1.4 *cpe:2.3:a:f5:big-ip_access_policy_manager:17.1.0:*:*:*:*:*:*:* *cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:* versions from (including) 13.1.0 up to (including) 13.1.5 *cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:* versions from (including) 14.1.0 up to (including) 14.1.5 *cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:* versions from (including) 15.1.0 up to (including) 15.1.10 *cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:* versions from (including) 16.1.0 up to (including) 16.1.4 *cpe:2.3:a:f5:big-ip_advanced_firewall_manager:17.1.0:*:*:*:*:*:*:* *cpe:2.3:a:f5:big-ip_advanced_web_application_firewall:*:*:*:*:*:*:*:* versions from (including) 13.1.0 up to (including) 13.1.5 *cpe:2.3:a:f5:big-ip_advanced_web_application_firewall:*:*:*:*:*:*:*:* versions from (including) 14.1.0 up to (including) 14.1.5 *cpe:2.3:a:f5:big-ip_advanced_web_application_firewall:*:*:*:*:*:*:*:* versions from (including) 15.1.0 up to (including) 15.1.10 *cpe:2.3:a:f5:big-ip_advanced_web_application_firewall:*:*:*:*:*:*:*:* versions from (including) 16.1.0 up to (including) 16.1.4 *cpe:2.3:a:f5:big-ip_advanced_web_application_firewall:17.1.0:*:*:*:*:*:*:* *cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:* versions from (including) 13.1.0 up to (including) 13.1.5 *cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:* versions from (including) 14.1.0 up to (including) 14.1.5 *cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:* versions from (including) 15.1.0 up to (including) 15.1.10 *cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:* versions from (including) 16.1.0 up to (including) 16.1.4 *cpe:2.3:a:f5:big-ip_analytics:17.1.0:*:*:*:*:*:*:* *cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:* versions from (including) 13.1.0 up to (including) 13.1.5 *cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:* versions from (including) 14.1.0 up to (including) 14.1.5 *cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:* versions from (including) 15.1.0 up to (including) 15.1.10 *cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:* versions from (including) 16.1.0 up to (including) 16.1.4 *cpe:2.3:a:f5:big-ip_application_acceleration_manager:17.1.0:*:*:*:*:*:*:* *cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:* versions from (including) 13.1.0 up to (including) 13.1.5 *cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:* versions from (including) 14.1.0 up to (including) 14.1.5 *cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:* versions from (including) 15.1.0 up to (including) 15.1.10 *cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:* versions from (including) 16.1.0 up to (including) 16.1.4 *cpe:2.3:a:f5:big-ip_application_security_manager:17.1.0:*:*:*:*:*:*:* *cpe:2.3:a:f5:big-ip_application_visibility_and_reporting:*:*:*:*:*:*:*:* versions from (including) 13.1.0 up to (including) 13.1.5 *cpe:2.3:a:f5:big-ip_application_visibility_and_reporting:*:*:*:*:*:*:*:* versions from (including) 14.1.0 up to (including) 14.1.5 *cpe:2.3:a:f5:big-ip_application_visibility_and_reporting:*:*:*:*:*:*:*:* versions from (including) 15.1.0 up to (including) 15.1.10 *cpe:2.3:a:f5:big-ip_application_visibility_and_reporting:*:*:*:*:*:*:*:* versions from (including) 16.1.0 up to (including) 16.1.4 *cpe:2.3:a:f5:big-ip_application_visibility_and_reporting:17.1.0:*:*:*:*:*:*:* *cpe:2.3:a:f5:big-ip_carrier-grade_nat:*:*:*:*:*:*:*:* versions from (including) 13.1.0 up to (including) 13.1.5 *cpe:2.3:a:f5:big-ip_carrier-grade_nat:*:*:*:*:*:*:*:* versions from (including) 14.1.0 up to (including) 14.1.5 *cpe:2.3:a:f5:big-ip_carrier-grade_nat:*:*:*:*:*:*:*:* versions from (including) 15.1.0 up to (including) 15.1.10 *cpe:2.3:a:f5:big-ip_carrier-grade_nat:*:*:*:*:*:*:*:* versions from (including) 16.1.0 up to (including) 16.1.4 *cpe:2.3:a:f5:big-ip_carrier-grade_nat:17.1.0:*:*:*:*:*:*:* *cpe:2.3:a:f5:big-ip_ddos_hybrid_defender:*:*:*:*:*:*:*:* versions from (including) 13.1.0 up to (including) 13.1.5 *cpe:2.3:a:f5:big-ip_ddos_hybrid_defender:*:*:*:*:*:*:*:* versions from (including) 14.1.0 up to (including) 14.1.5 *cpe:2.3:a:f5:big-ip_ddos_hybrid_defender:*:*:*:*:*:*:*:* versions from (including) 15.1.0 up to (including) 15.1.10 *cpe:2.3:a:f5:big-ip_ddos_hybrid_defender:*:*:*:*:*:*:*:* versions from (including) 16.1.0 up to (including) 16.1.4 *cpe:2.3:a:f5:big-ip_ddos_hybrid_defender:17.1.0:*:*:*:*:*:*:* *cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:* versions from (including) 13.1.0 up to (including) 13.1.5 *cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:* versions from (including) 14.1.0 up to (including) 14.1.5 *cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:* versions from (including) 15.1.0 up to (including) 15.1.10 *cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:* versions from (including) 16.1.0 up to (including) 16.1.4 *cpe:2.3:a:f5:big-ip_domain_name_system:17.1.0:*:*:*:*:*:*:* *cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:* versions from (including) 13.1.0 up to (including) 13.1.5 *cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:* versions from (including) 14.1.0 up to (including) 14.1.5 *cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:* versions from (including) 15.1.0 up to (including) 15.1.10 *cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:* versions from (including) 16.1.0 up to (including) 16.1.4 *cpe:2.3:a:f5:big-ip_fraud_protection_service:17.1.0:*:*:*:*:*:*:* *cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:* versions from (including) 13.1.0 up to (including) 13.1.5 *cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:* versions from (including) 14.1.0 up to (including) 14.1.5 *cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:* versions from (including) 15.1.0 up to (including) 15.1.10 *cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:* versions from (including) 16.1.0 up to (including) 16.1.4 *cpe:2.3:a:f5:big-ip_global_traffic_manager:17.1.0:*:*:*:*:*:*:* *cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:* versions from (including) 13.1.0 up to (including) 13.1.5 *cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:* versions from (including) 14.1.0 up to (including) 14.1.5 *cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:* versions from (including) 15.1.0 up to (including) 15.1.10 *cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:* versions from (including) 16.1.0 up to (including) 16.1.4 *cpe:2.3:a:f5:big-ip_link_controller:17.1.0:*:*:*:*:*:*:* *cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:* versions from (including) 13.1.0 up to (including) 13.1.5 *cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:* versions from (including) 14.1.0 up to (including) 14.1.5 *cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:* versions from (including) 15.1.0 up to (including) 15.1.10 *cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:* versions from (including) 16.1.0 up to (including) 16.1.4 *cpe:2.3:a:f5:big-ip_local_traffic_manager:17.1.0:*:*:*:*:*:*:* *cpe:2.3:a:f5:big-ip_next:20.0.1:*:*:*:*:*:*:* *cpe:2.3:a:f5:big-ip_next_service_proxy_for_kubernetes:*:*:*:*:*:*:*:* versions from (including) 1.5.0 up to (including) 1.8.2 *cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:* versions from (including) 13.1.0 up to (including) 13.1.5 *cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:* versions from (including) 14.1.0 up to (including) 14.1.5 *cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:* versions from (including) 15.1.0 up to (including) 15.1.10 *cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:* versions from (including) 16.1.0 up to (including) 16.1.4 *cpe:2.3:a:f5:big-ip_policy_enforcement_manager:17.1.0:*:*:*:*:*:*:* *cpe:2.3:a:f5:big-ip_ssl_orchestrator:*:*:*:*:*:*:*:* versions from (including) 13.1.0 up to (including) 13.1.5 *cpe:2.3:a:f5:big-ip_ssl_orchestrator:*:*:*:*:*:*:*:* versions from (including) 14.1.0 up to (including) 14.1.5 *cpe:2.3:a:f5:big-ip_ssl_orchestrator:*:*:*:*:*:*:*:* versions from (including) 15.1.0 up to (including) 15.1.10 *cpe:2.3:a:f5:big-ip_ssl_orchestrator:*:*:*:*:*:*:*:* versions from (including) 16.1.0 up to (including) 16.1.4 *cpe:2.3:a:f5:big-ip_ssl_orchestrator:17.1.0:*:*:*:*:*:*:* *cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:* versions from (including) 13.1.0 up to (including) 13.1.5 *cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:* versions from (including) 14.1.0 up to (including) 14.1.5 *cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:* versions from (including) 15.1.0 up to (including) 15.1.10 *cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:* versions from (including) 16.1.0 up to (including) 16.1.4 *cpe:2.3:a:f5:big-ip_webaccelerator:17.1.0:*:*:*:*:*:*:* *cpe:2.3:a:f5:big-ip_websafe:*:*:*:*:*:*:*:* versions from (including) 13.1.0 up to (including) 13.1.5 *cpe:2.3:a:f5:big-ip_websafe:*:*:*:*:*:*:*:* versions from (including) 14.1.0 up to (including) 14.1.5 *cpe:2.3:a:f5:big-ip_websafe:*:*:*:*:*:*:*:* versions from (including) 15.1.0 up to (including) 15.1.10 *cpe:2.3:a:f5:big-ip_websafe:*:*:*:*:*:*:*:* versions from (including) 16.1.0 up to (including) 16.1.4 *cpe:2.3:a:f5:big-ip_websafe:17.1.0:*:*:*:*:*:*:* *cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:* versions from (including) 1.9.5 up to (including) 1.25.2 *cpe:2.3:a:f5:nginx_ingress_controller:*:*:*:*:*:*:*:* versions from (including) 2.0.0 up to (including) 2.4.2 *cpe:2.3:a:f5:nginx_ingress_controller:*:*:*:*:*:*:*:* versions from (including) 3.0.0 up to (including) 3.3.0 *cpe:2.3:a:f5:nginx_plus:*:*:*:*:*:*:*:* versions from (including) r25 up to (excluding) r29 *cpe:2.3:a:f5:nginx_plus:r29:-:*:*:*:*:*:* *cpe:2.3:a:f5:nginx_plus:r30:-:*:*:*:*:*:*
    Added CPE Configuration OR *cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:* versions from (including) 8.5.0 up to (including) 8.5.93 *cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:* versions from (including) 9.0.0 up to (including) 9.0.80 *cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:* versions from (including) 10.1.0 up to (including) 10.1.13 *cpe:2.3:a:apache:tomcat:11.0.0:milestone1:*:*:*:*:*:* *cpe:2.3:a:apache:tomcat:11.0.0:milestone10:*:*:*:*:*:* *cpe:2.3:a:apache:tomcat:11.0.0:milestone11:*:*:*:*:*:* *cpe:2.3:a:apache:tomcat:11.0.0:milestone2:*:*:*:*:*:* *cpe:2.3:a:apache:tomcat:11.0.0:milestone3:*:*:*:*:*:* *cpe:2.3:a:apache:tomcat:11.0.0:milestone4:*:*:*:*:*:* *cpe:2.3:a:apache:tomcat:11.0.0:milestone5:*:*:*:*:*:* *cpe:2.3:a:apache:tomcat:11.0.0:milestone6:*:*:*:*:*:* *cpe:2.3:a:apache:tomcat:11.0.0:milestone7:*:*:*:*:*:* *cpe:2.3:a:apache:tomcat:11.0.0:milestone8:*:*:*:*:*:* *cpe:2.3:a:apache:tomcat:11.0.0:milestone9:*:*:*:*:*:*
    Added CPE Configuration OR *cpe:2.3:a:apple:swiftnio_http\/2:*:*:*:*:*:swift:*:* versions up to (excluding) 1.28.0
    Added CPE Configuration OR *cpe:2.3:a:grpc:grpc:*:*:*:*:*:go:*:* versions up to (excluding) 1.56.3 *cpe:2.3:a:grpc:grpc:1.57.0:-:*:*:*:go:*:* *cpe:2.3:a:grpc:grpc:*:*:*:*:*:go:*:* versions from (including) 1.58.0 up to (excluding) 1.58.3
    Added CPE Configuration OR *cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:* versions from (including) 6.0.0 up to (excluding) 6.0.23 *cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:* versions from (including) 7.0.0 up to (excluding) 7.0.12 *cpe:2.3:a:microsoft:asp.net_core:*:*:*:*:*:*:*:* versions from (including) 6.0.0 up to (excluding) 6.0.23 *cpe:2.3:a:microsoft:asp.net_core:*:*:*:*:*:*:*:* versions from (including) 7.0.0 up to (excluding) 7.0.12 *cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:* versions from (including) 17.0 up to (excluding) 17.2.20 *cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:* versions from (including) 17.4 up to (excluding) 17.4.12 *cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:* versions from (including) 17.6 up to (excluding) 17.6.8 *cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:* versions from (including) 17.7 up to (excluding) 17.7.5 *cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x64:* versions up to (excluding) 10.0.14393.6351 *cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x86:* versions up to (excluding) 10.0.14393.6351 *cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:*:* versions up to (excluding) 10.0.17763.4974 *cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:*:* versions up to (excluding) 10.0.19044.3570 *cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:*:* versions up to (excluding) 10.0.19045.3570 *cpe:2.3:o:microsoft:windows_11_21h2:*:*:*:*:*:*:*:* versions up to (excluding) 10.0.22000.2538 *cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:*:* versions up to (excluding) 10.0.22621.2428 *cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:* *cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:* *cpe:2.3:o:microsoft:windows_server_2022:-:*:*:*:*:*:*:*
    Added CPE Configuration OR *cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:* versions up to (excluding) 21.0.0
    Added CPE Configuration OR *cpe:2.3:a:microsoft:cbl-mariner:*:*:*:*:*:*:*:* versions up to (excluding) 2023-10-11
    Added CPE Configuration OR *cpe:2.3:a:dena:h2o:*:*:*:*:*:*:*:* versions up to (excluding) 2023-10-10
    Added CPE Configuration OR *cpe:2.3:a:facebook:proxygen:*:*:*:*:*:*:*:* versions up to (excluding) 2023.10.16.00
    Added CPE Configuration OR *cpe:2.3:a:apache:traffic_server:*:*:*:*:*:*:*:* versions from (including) 8.0.0 up to (excluding) 8.1.9 *cpe:2.3:a:apache:traffic_server:*:*:*:*:*:*:*:* versions from (including) 9.0.0 up to (excluding) 9.2.3
    Added CPE Configuration OR *cpe:2.3:a:amazon:opensearch_data_prepper:*:*:*:*:*:*:*:* versions up to (excluding) 2.5.0
  • CVE Modified by [email protected]

    Oct. 17, 2023

    Action Type Old Value New Value
    Added Reference https://lists.debian.org/debian-lts-announce/2023/10/msg00024.html [No Types Assigned]
  • CVE Modified by [email protected]

    Oct. 16, 2023

    Action Type Old Value New Value
    Added Reference https://security.netapp.com/advisory/ntap-20231016-0001/ [No Types Assigned]
  • CVE Modified by [email protected]

    Oct. 16, 2023

    Action Type Old Value New Value
    Added Reference https://lists.debian.org/debian-lts-announce/2023/10/msg00023.html [No Types Assigned]
  • CVE Modified by [email protected]

    Oct. 15, 2023

    Action Type Old Value New Value
    Added Reference https://linkerd.io/2023/10/12/linkerd-cve-2023-44487/ [No Types Assigned]
  • CVE Modified by [email protected]

    Oct. 15, 2023

    Action Type Old Value New Value
    Added Reference https://lists.fedoraproject.org/archives/list/[email protected]/message/JMEXY22BFG5Q64HQCM5CK2Q7KDKVV4TY/ [No Types Assigned]
  • CVE Modified by [email protected]

    Oct. 14, 2023

    Action Type Old Value New Value
    Added Reference https://lists.w3.org/Archives/Public/ietf-http-wg/2023OctDec/0025.html [No Types Assigned]
    Added Reference https://arstechnica.com/security/2023/10/how-ddosers-used-the-http-2-protocol-to-deliver-attacks-of-unprecedented-size/ [No Types Assigned]
  • CVE Modified by [email protected]

    Oct. 13, 2023

    Action Type Old Value New Value
    Added Reference http://www.openwall.com/lists/oss-security/2023/10/13/9 [No Types Assigned]
  • Initial Analysis by [email protected]

    Oct. 13, 2023

    Action Type Old Value New Value
    Added CVSS V3.1 NIST AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
    Changed Reference Type http://www.openwall.com/lists/oss-security/2023/10/13/4 No Types Assigned http://www.openwall.com/lists/oss-security/2023/10/13/4 Mailing List, Third Party Advisory
    Changed Reference Type https://access.redhat.com/security/cve/cve-2023-44487 No Types Assigned https://access.redhat.com/security/cve/cve-2023-44487 Vendor Advisory
    Changed Reference Type https://aws.amazon.com/security/security-bulletins/AWS-2023-011/ No Types Assigned https://aws.amazon.com/security/security-bulletins/AWS-2023-011/ Vendor Advisory
    Changed Reference Type https://blog.cloudflare.com/technical-breakdown-http2-rapid-reset-ddos-attack/ No Types Assigned https://blog.cloudflare.com/technical-breakdown-http2-rapid-reset-ddos-attack/ Technical Description, Vendor Advisory
    Changed Reference Type https://blog.cloudflare.com/zero-day-rapid-reset-http2-record-breaking-ddos-attack/ No Types Assigned https://blog.cloudflare.com/zero-day-rapid-reset-http2-record-breaking-ddos-attack/ Vendor Advisory
    Changed Reference Type https://blog.litespeedtech.com/2023/10/11/rapid-reset-http-2-vulnerablilty/ No Types Assigned https://blog.litespeedtech.com/2023/10/11/rapid-reset-http-2-vulnerablilty/ Vendor Advisory
    Changed Reference Type https://blog.qualys.com/vulnerabilities-threat-research/2023/10/10/cve-2023-44487-http-2-rapid-reset-attack No Types Assigned https://blog.qualys.com/vulnerabilities-threat-research/2023/10/10/cve-2023-44487-http-2-rapid-reset-attack Vendor Advisory
    Changed Reference Type https://blog.vespa.ai/cve-2023-44487/ No Types Assigned https://blog.vespa.ai/cve-2023-44487/ Vendor Advisory
    Changed Reference Type https://bugzilla.proxmox.com/show_bug.cgi?id=4988 No Types Assigned https://bugzilla.proxmox.com/show_bug.cgi?id=4988 Issue Tracking
    Changed Reference Type https://bugzilla.redhat.com/show_bug.cgi?id=2242803 No Types Assigned https://bugzilla.redhat.com/show_bug.cgi?id=2242803 Issue Tracking, Vendor Advisory
    Changed Reference Type https://bugzilla.suse.com/show_bug.cgi?id=1216123 No Types Assigned https://bugzilla.suse.com/show_bug.cgi?id=1216123 Issue Tracking
    Changed Reference Type https://cgit.freebsd.org/ports/commit/?id=c64c329c2c1752f46b73e3e6ce9f4329be6629f9 No Types Assigned https://cgit.freebsd.org/ports/commit/?id=c64c329c2c1752f46b73e3e6ce9f4329be6629f9 Patch
    Changed Reference Type https://cloud.google.com/blog/products/identity-security/google-cloud-mitigated-largest-ddos-attack-peaking-above-398-million-rps/ No Types Assigned https://cloud.google.com/blog/products/identity-security/google-cloud-mitigated-largest-ddos-attack-peaking-above-398-million-rps/ Technical Description, Vendor Advisory
    Changed Reference Type https://cloud.google.com/blog/products/identity-security/how-it-works-the-novel-http2-rapid-reset-ddos-attack No Types Assigned https://cloud.google.com/blog/products/identity-security/how-it-works-the-novel-http2-rapid-reset-ddos-attack Technical Description, Vendor Advisory
    Changed Reference Type https://community.traefik.io/t/is-traefik-vulnerable-to-cve-2023-44487/20125 No Types Assigned https://community.traefik.io/t/is-traefik-vulnerable-to-cve-2023-44487/20125 Vendor Advisory
    Changed Reference Type https://edg.io/lp/blog/resets-leaks-ddos-and-the-tale-of-a-hidden-cve No Types Assigned https://edg.io/lp/blog/resets-leaks-ddos-and-the-tale-of-a-hidden-cve Technical Description, Vendor Advisory
    Changed Reference Type https://forums.swift.org/t/swift-nio-http2-security-update-cve-2023-44487-http-2-dos/67764 No Types Assigned https://forums.swift.org/t/swift-nio-http2-security-update-cve-2023-44487-http-2-dos/67764 Vendor Advisory
    Changed Reference Type https://gist.github.com/adulau/7c2bfb8e9cdbe4b35a5e131c66a0c088 No Types Assigned https://gist.github.com/adulau/7c2bfb8e9cdbe4b35a5e131c66a0c088 Vendor Advisory
    Changed Reference Type https://github.com/advisories/GHSA-qppj-fm5r-hxr3 No Types Assigned https://github.com/advisories/GHSA-qppj-fm5r-hxr3 Issue Tracking, Vendor Advisory
    Changed Reference Type https://github.com/advisories/GHSA-vx74-f528-fxqg No Types Assigned https://github.com/advisories/GHSA-vx74-f528-fxqg Vendor Advisory
    Changed Reference Type https://github.com/advisories/GHSA-xpw8-rcwv-8f8p No Types Assigned https://github.com/advisories/GHSA-xpw8-rcwv-8f8p Vendor Advisory
    Changed Reference Type https://github.com/akka/akka-http/issues/4323 No Types Assigned https://github.com/akka/akka-http/issues/4323 Issue Tracking, Vendor Advisory
    Changed Reference Type https://github.com/alibaba/tengine/issues/1872 No Types Assigned https://github.com/alibaba/tengine/issues/1872 Vendor Advisory
    Changed Reference Type https://github.com/apache/apisix/issues/10320 No Types Assigned https://github.com/apache/apisix/issues/10320 Issue Tracking, Vendor Advisory
    Changed Reference Type https://github.com/apache/httpd/blob/afcdbeebbff4b0c50ea26cdd16e178c0d1f24152/modules/http2/h2_mplx.c#L1101-L1113 No Types Assigned https://github.com/apache/httpd/blob/afcdbeebbff4b0c50ea26cdd16e178c0d1f24152/modules/http2/h2_mplx.c#L1101-L1113 Vendor Advisory
    Changed Reference Type https://github.com/apache/httpd-site/pull/10 No Types Assigned https://github.com/apache/httpd-site/pull/10 Issue Tracking, Vendor Advisory
    Changed Reference Type https://github.com/apache/tomcat/tree/main/java/org/apache/coyote/http2 No Types Assigned https://github.com/apache/tomcat/tree/main/java/org/apache/coyote/http2 Vendor Advisory
    Changed Reference Type https://github.com/apache/trafficserver/pull/10564 No Types Assigned https://github.com/apache/trafficserver/pull/10564 Vendor Advisory
    Changed Reference Type https://github.com/arkrwn/PoC/tree/main/CVE-2023-44487 No Types Assigned https://github.com/arkrwn/PoC/tree/main/CVE-2023-44487 Issue Tracking, Vendor Advisory
    Changed Reference Type https://github.com/Azure/AKS/issues/3947 No Types Assigned https://github.com/Azure/AKS/issues/3947 Issue Tracking, Vendor Advisory
    Changed Reference Type https://github.com/bcdannyboy/CVE-2023-44487 No Types Assigned https://github.com/bcdannyboy/CVE-2023-44487 Vendor Advisory
    Changed Reference Type https://github.com/caddyserver/caddy/issues/5877 No Types Assigned https://github.com/caddyserver/caddy/issues/5877 Vendor Advisory
    Changed Reference Type https://github.com/caddyserver/caddy/releases/tag/v2.7.5 No Types Assigned https://github.com/caddyserver/caddy/releases/tag/v2.7.5 Issue Tracking, Vendor Advisory
    Changed Reference Type https://github.com/dotnet/announcements/issues/277 No Types Assigned https://github.com/dotnet/announcements/issues/277 Vendor Advisory
    Changed Reference Type https://github.com/dotnet/core/blob/e4613450ea0da7fd2fc6b61dfb2c1c1dec1ce9ec/release-notes/6.0/6.0.23/6.0.23.md?plain=1#L73 No Types Assigned https://github.com/dotnet/core/blob/e4613450ea0da7fd2fc6b61dfb2c1c1dec1ce9ec/release-notes/6.0/6.0.23/6.0.23.md?plain=1#L73 Vendor Advisory
    Changed Reference Type https://github.com/eclipse/jetty.project/issues/10679 No Types Assigned https://github.com/eclipse/jetty.project/issues/10679 Vendor Advisory
    Changed Reference Type https://github.com/envoyproxy/envoy/pull/30055 No Types Assigned https://github.com/envoyproxy/envoy/pull/30055 Vendor Advisory
    Changed Reference Type https://github.com/etcd-io/etcd/issues/16740 No Types Assigned https://github.com/etcd-io/etcd/issues/16740 Issue Tracking, Vendor Advisory
    Changed Reference Type https://github.com/facebook/proxygen/pull/466 No Types Assigned https://github.com/facebook/proxygen/pull/466 Vendor Advisory
    Changed Reference Type https://github.com/golang/go/issues/63417 No Types Assigned https://github.com/golang/go/issues/63417 Vendor Advisory
    Changed Reference Type https://github.com/grpc/grpc-go/pull/6703 No Types Assigned https://github.com/grpc/grpc-go/pull/6703 Vendor Advisory
    Changed Reference Type https://github.com/h2o/h2o/pull/3291 No Types Assigned https://github.com/h2o/h2o/pull/3291 Vendor Advisory
    Changed Reference Type https://github.com/h2o/h2o/security/advisories/GHSA-2m7v-gc89-fjqf No Types Assigned https://github.com/h2o/h2o/security/advisories/GHSA-2m7v-gc89-fjqf Vendor Advisory
    Changed Reference Type https://github.com/haproxy/haproxy/issues/2312 No Types Assigned https://github.com/haproxy/haproxy/issues/2312 Vendor Advisory
    Changed Reference Type https://github.com/icing/mod_h2/blob/0a864782af0a942aa2ad4ed960a6b32cd35bcf0a/mod_http2/README.md?plain=1#L239-L244 No Types Assigned https://github.com/icing/mod_h2/blob/0a864782af0a942aa2ad4ed960a6b32cd35bcf0a/mod_http2/README.md?plain=1#L239-L244 Vendor Advisory
    Changed Reference Type https://github.com/junkurihara/rust-rpxy/issues/97 No Types Assigned https://github.com/junkurihara/rust-rpxy/issues/97 Issue Tracking, Vendor Advisory
    Changed Reference Type https://github.com/kazu-yamamoto/http2/commit/f61d41a502bd0f60eb24e1ce14edc7b6df6722a1 No Types Assigned https://github.com/kazu-yamamoto/http2/commit/f61d41a502bd0f60eb24e1ce14edc7b6df6722a1 Patch
    Changed Reference Type https://github.com/kazu-yamamoto/http2/issues/93 No Types Assigned https://github.com/kazu-yamamoto/http2/issues/93 Vendor Advisory
    Changed Reference Type https://github.com/Kong/kong/discussions/11741 No Types Assigned https://github.com/Kong/kong/discussions/11741 Issue Tracking, Vendor Advisory
    Changed Reference Type https://github.com/kubernetes/kubernetes/pull/121120 No Types Assigned https://github.com/kubernetes/kubernetes/pull/121120 Vendor Advisory
    Changed Reference Type https://github.com/line/armeria/pull/5232 No Types Assigned https://github.com/line/armeria/pull/5232 Issue Tracking, Vendor Advisory
    Changed Reference Type https://github.com/linkerd/website/pull/1695/commits/4b9c6836471bc8270ab48aae6fd2181bc73fd632 No Types Assigned https://github.com/linkerd/website/pull/1695/commits/4b9c6836471bc8270ab48aae6fd2181bc73fd632 Vendor Advisory
    Changed Reference Type https://github.com/micrictor/http2-rst-stream No Types Assigned https://github.com/micrictor/http2-rst-stream Vendor Advisory
    Changed Reference Type https://github.com/microsoft/CBL-Mariner/pull/6381 No Types Assigned https://github.com/microsoft/CBL-Mariner/pull/6381 Vendor Advisory
    Changed Reference Type https://github.com/netty/netty/commit/58f75f665aa81a8cbcf6ffa74820042a285c5e61 No Types Assigned https://github.com/netty/netty/commit/58f75f665aa81a8cbcf6ffa74820042a285c5e61 Vendor Advisory
    Changed Reference Type https://github.com/nghttp2/nghttp2/pull/1961 No Types Assigned https://github.com/nghttp2/nghttp2/pull/1961 Vendor Advisory
    Changed Reference Type https://github.com/nghttp2/nghttp2/releases/tag/v1.57.0 No Types Assigned https://github.com/nghttp2/nghttp2/releases/tag/v1.57.0 Vendor Advisory
    Changed Reference Type https://github.com/ninenines/cowboy/issues/1615 No Types Assigned https://github.com/ninenines/cowboy/issues/1615 Issue Tracking, Vendor Advisory
    Changed Reference Type https://github.com/nodejs/node/pull/50121 No Types Assigned https://github.com/nodejs/node/pull/50121 Vendor Advisory
    Changed Reference Type https://github.com/openresty/openresty/issues/930 No Types Assigned https://github.com/openresty/openresty/issues/930 Issue Tracking, Vendor Advisory
    Changed Reference Type https://github.com/opensearch-project/data-prepper/issues/3474 No Types Assigned https://github.com/opensearch-project/data-prepper/issues/3474 Vendor Advisory
    Changed Reference Type https://github.com/oqtane/oqtane.framework/discussions/3367 No Types Assigned https://github.com/oqtane/oqtane.framework/discussions/3367 Vendor Advisory
    Changed Reference Type https://github.com/projectcontour/contour/pull/5826 No Types Assigned https://github.com/projectcontour/contour/pull/5826 Issue Tracking, Vendor Advisory
    Changed Reference Type https://github.com/tempesta-tech/tempesta/issues/1986 No Types Assigned https://github.com/tempesta-tech/tempesta/issues/1986 Issue Tracking, Vendor Advisory
    Changed Reference Type https://github.com/varnishcache/varnish-cache/issues/3996 No Types Assigned https://github.com/varnishcache/varnish-cache/issues/3996 Issue Tracking, Vendor Advisory
    Changed Reference Type https://groups.google.com/g/golang-announce/c/iNNxDTCjZvo No Types Assigned https://groups.google.com/g/golang-announce/c/iNNxDTCjZvo Vendor Advisory
    Changed Reference Type https://istio.io/latest/news/security/istio-security-2023-004/ No Types Assigned https://istio.io/latest/news/security/istio-security-2023-004/ Vendor Advisory
    Changed Reference Type https://lists.apache.org/thread/5py8h42mxfsn8l1wy6o41xwhsjlsd87q No Types Assigned https://lists.apache.org/thread/5py8h42mxfsn8l1wy6o41xwhsjlsd87q Vendor Advisory
    Changed Reference Type https://lists.debian.org/debian-lts-announce/2023/10/msg00020.html No Types Assigned https://lists.debian.org/debian-lts-announce/2023/10/msg00020.html Vendor Advisory
    Changed Reference Type https://mailman.nginx.org/pipermail/nginx-devel/2023-October/S36Q5HBXR7CAIMPLLPRSSSYR4PCMWILK.html No Types Assigned https://mailman.nginx.org/pipermail/nginx-devel/2023-October/S36Q5HBXR7CAIMPLLPRSSSYR4PCMWILK.html Mailing List
    Changed Reference Type https://martinthomson.github.io/h2-stream-limits/draft-thomson-httpbis-h2-stream-limits.html No Types Assigned https://martinthomson.github.io/h2-stream-limits/draft-thomson-httpbis-h2-stream-limits.html Vendor Advisory
    Changed Reference Type https://msrc.microsoft.com/blog/2023/10/microsoft-response-to-distributed-denial-of-service-ddos-attacks-against-http/2/ No Types Assigned https://msrc.microsoft.com/blog/2023/10/microsoft-response-to-distributed-denial-of-service-ddos-attacks-against-http/2/ Vendor Advisory
    Changed Reference Type https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-44487 No Types Assigned https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-44487 Patch, Vendor Advisory
    Changed Reference Type https://my.f5.com/manage/s/article/K000137106 No Types Assigned https://my.f5.com/manage/s/article/K000137106 Vendor Advisory
    Changed Reference Type https://netty.io/news/2023/10/10/4-1-100-Final.html No Types Assigned https://netty.io/news/2023/10/10/4-1-100-Final.html Vendor Advisory
    Changed Reference Type https://news.ycombinator.com/item?id=37830987 No Types Assigned https://news.ycombinator.com/item?id=37830987 Third Party Advisory
    Changed Reference Type https://news.ycombinator.com/item?id=37830998 No Types Assigned https://news.ycombinator.com/item?id=37830998 Press/Media Coverage
    Changed Reference Type https://news.ycombinator.com/item?id=37831062 No Types Assigned https://news.ycombinator.com/item?id=37831062 Third Party Advisory
    Changed Reference Type https://news.ycombinator.com/item?id=37837043 No Types Assigned https://news.ycombinator.com/item?id=37837043 Third Party Advisory
    Changed Reference Type https://openssf.org/blog/2023/10/10/http-2-rapid-reset-vulnerability-highlights-need-for-rapid-response/ No Types Assigned https://openssf.org/blog/2023/10/10/http-2-rapid-reset-vulnerability-highlights-need-for-rapid-response/ Third Party Advisory
    Changed Reference Type https://seanmonstar.com/post/730794151136935936/hyper-http2-rapid-reset-unaffected No Types Assigned https://seanmonstar.com/post/730794151136935936/hyper-http2-rapid-reset-unaffected Third Party Advisory
    Changed Reference Type https://security.paloaltonetworks.com/CVE-2023-44487 No Types Assigned https://security.paloaltonetworks.com/CVE-2023-44487 Vendor Advisory
    Changed Reference Type https://tomcat.apache.org/security-10.html#Fixed_in_Apache_Tomcat_10.1.14 No Types Assigned https://tomcat.apache.org/security-10.html#Fixed_in_Apache_Tomcat_10.1.14 Vendor Advisory
    Changed Reference Type https://ubuntu.com/security/CVE-2023-44487 No Types Assigned https://ubuntu.com/security/CVE-2023-44487 Vendor Advisory
    Changed Reference Type https://www.bleepingcomputer.com/news/security/new-http-2-rapid-reset-zero-day-attack-breaks-ddos-records/ No Types Assigned https://www.bleepingcomputer.com/news/security/new-http-2-rapid-reset-zero-day-attack-breaks-ddos-records/ Third Party Advisory
    Changed Reference Type https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487 No Types Assigned https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487 Third Party Advisory, US Government Resource
    Changed Reference Type https://www.darkreading.com/cloud/internet-wide-zero-day-bug-fuels-largest-ever-ddos-event No Types Assigned https://www.darkreading.com/cloud/internet-wide-zero-day-bug-fuels-largest-ever-ddos-event Press/Media Coverage
    Changed Reference Type https://www.debian.org/security/2023/dsa-5521 No Types Assigned https://www.debian.org/security/2023/dsa-5521 Vendor Advisory
    Changed Reference Type https://www.debian.org/security/2023/dsa-5522 No Types Assigned https://www.debian.org/security/2023/dsa-5522 Vendor Advisory
    Changed Reference Type https://www.haproxy.com/blog/haproxy-is-not-affected-by-the-http-2-rapid-reset-attack-cve-2023-44487 No Types Assigned https://www.haproxy.com/blog/haproxy-is-not-affected-by-the-http-2-rapid-reset-attack-cve-2023-44487 Vendor Advisory
    Changed Reference Type https://www.netlify.com/blog/netlify-successfully-mitigates-cve-2023-44487/ No Types Assigned https://www.netlify.com/blog/netlify-successfully-mitigates-cve-2023-44487/ Vendor Advisory
    Changed Reference Type https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/ No Types Assigned https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/ Vendor Advisory
    Changed Reference Type https://www.openwall.com/lists/oss-security/2023/10/10/6 No Types Assigned https://www.openwall.com/lists/oss-security/2023/10/10/6 Mailing List, Third Party Advisory
    Changed Reference Type https://www.phoronix.com/news/HTTP2-Rapid-Reset-Attack No Types Assigned https://www.phoronix.com/news/HTTP2-Rapid-Reset-Attack Press/Media Coverage
    Changed Reference Type https://www.theregister.com/2023/10/10/http2_rapid_reset_zeroday/ No Types Assigned https://www.theregister.com/2023/10/10/http2_rapid_reset_zeroday/ Press/Media Coverage
    Added CWE NIST CWE-400
    Added CPE Configuration OR *cpe:2.3:a:ietf:http:2.0:*:*:*:*:*:*:*
  • CVE Modified by [email protected]

    Oct. 13, 2023

    Action Type Old Value New Value
    Added Reference http://www.openwall.com/lists/oss-security/2023/10/13/4 [No Types Assigned]
  • CVE Modified by [email protected]

    Oct. 13, 2023

    Action Type Old Value New Value
    Added Reference https://lists.debian.org/debian-lts-announce/2023/10/msg00020.html [No Types Assigned]
  • CVE Modified by [email protected]

    Oct. 13, 2023

    Action Type Old Value New Value
    Added Reference https://github.com/caddyserver/caddy/releases/tag/v2.7.5 [No Types Assigned]
  • CVE Modified by [email protected]

    Oct. 12, 2023

    Action Type Old Value New Value
    Added Reference https://github.com/akka/akka-http/issues/4323 [No Types Assigned]
    Added Reference https://github.com/apache/apisix/issues/10320 [No Types Assigned]
    Added Reference https://github.com/openresty/openresty/issues/930 [No Types Assigned]
    Added Reference https://github.com/Azure/AKS/issues/3947 [No Types Assigned]
    Added Reference https://github.com/arkrwn/PoC/tree/main/CVE-2023-44487 [No Types Assigned]
    Added Reference https://security.paloaltonetworks.com/CVE-2023-44487 [No Types Assigned]
    Added Reference https://www.netlify.com/blog/netlify-successfully-mitigates-cve-2023-44487/ [No Types Assigned]
    Added Reference https://github.com/Kong/kong/discussions/11741 [No Types Assigned]
  • CVE Modified by [email protected]

    Oct. 11, 2023

    Action Type Old Value New Value
    Added Reference https://blog.litespeedtech.com/2023/10/11/rapid-reset-http-2-vulnerablilty/ [No Types Assigned]
  • CVE Modified by [email protected]

    Oct. 11, 2023

    Action Type Old Value New Value
    Added Reference https://github.com/apache/httpd-site/pull/10 [No Types Assigned]
    Added Reference https://github.com/line/armeria/pull/5232 [No Types Assigned]
    Added Reference https://github.com/projectcontour/contour/pull/5826 [No Types Assigned]
    Added Reference https://github.com/linkerd/website/pull/1695/commits/4b9c6836471bc8270ab48aae6fd2181bc73fd632 [No Types Assigned]
  • CVE Modified by [email protected]

    Oct. 11, 2023

    Action Type Old Value New Value
    Added Reference https://blog.vespa.ai/cve-2023-44487/ [No Types Assigned]
    Added Reference https://github.com/tempesta-tech/tempesta/issues/1986 [No Types Assigned]
    Added Reference https://ubuntu.com/security/CVE-2023-44487 [No Types Assigned]
    Added Reference https://access.redhat.com/security/cve/cve-2023-44487 [No Types Assigned]
    Added Reference https://github.com/junkurihara/rust-rpxy/issues/97 [No Types Assigned]
    Added Reference https://istio.io/latest/news/security/istio-security-2023-004/ [No Types Assigned]
    Added Reference https://bugzilla.redhat.com/show_bug.cgi?id=2242803 [No Types Assigned]
    Added Reference https://github.com/etcd-io/etcd/issues/16740 [No Types Assigned]
    Added Reference https://community.traefik.io/t/is-traefik-vulnerable-to-cve-2023-44487/20125 [No Types Assigned]
    Added Reference https://www.darkreading.com/cloud/internet-wide-zero-day-bug-fuels-largest-ever-ddos-event [No Types Assigned]
    Added Reference https://github.com/advisories/GHSA-qppj-fm5r-hxr3 [No Types Assigned]
    Added Reference https://bugzilla.suse.com/show_bug.cgi?id=1216123 [No Types Assigned]
    Added Reference https://github.com/ninenines/cowboy/issues/1615 [No Types Assigned]
    Added Reference https://github.com/varnishcache/varnish-cache/issues/3996 [No Types Assigned]
  • CVE Modified by [email protected]

    Oct. 11, 2023

    Action Type Old Value New Value
    Added Reference https://www.debian.org/security/2023/dsa-5522 [No Types Assigned]
    Added Reference https://www.debian.org/security/2023/dsa-5521 [No Types Assigned]
  • CVE Modified by [email protected]

    Oct. 11, 2023

    Action Type Old Value New Value
    Added Reference https://github.com/apache/httpd/blob/afcdbeebbff4b0c50ea26cdd16e178c0d1f24152/modules/http2/h2_mplx.c#L1101-L1113 [No Types Assigned]
    Added Reference https://github.com/kazu-yamamoto/http2/issues/93 [No Types Assigned]
    Added Reference https://martinthomson.github.io/h2-stream-limits/draft-thomson-httpbis-h2-stream-limits.html [No Types Assigned]
    Added Reference https://github.com/kazu-yamamoto/http2/commit/f61d41a502bd0f60eb24e1ce14edc7b6df6722a1 [No Types Assigned]
  • CVE Modified by [email protected]

    Oct. 11, 2023

    Action Type Old Value New Value
    Added Reference https://blog.qualys.com/vulnerabilities-threat-research/2023/10/10/cve-2023-44487-http-2-rapid-reset-attack [No Types Assigned]
    Added Reference https://www.theregister.com/2023/10/10/http2_rapid_reset_zeroday/ [No Types Assigned]
    Added Reference https://news.ycombinator.com/item?id=37837043 [No Types Assigned]
    Added Reference https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487 [No Types Assigned]
  • CVE Modified by [email protected]

    Oct. 11, 2023

    Action Type Old Value New Value
    Added Reference https://github.com/kubernetes/kubernetes/pull/121120 [No Types Assigned]
    Added Reference https://github.com/oqtane/oqtane.framework/discussions/3367 [No Types Assigned]
    Added Reference https://github.com/opensearch-project/data-prepper/issues/3474 [No Types Assigned]
    Added Reference https://github.com/advisories/GHSA-xpw8-rcwv-8f8p [No Types Assigned]
    Added Reference https://www.haproxy.com/blog/haproxy-is-not-affected-by-the-http-2-rapid-reset-attack-cve-2023-44487 [No Types Assigned]
    Added Reference https://netty.io/news/2023/10/10/4-1-100-Final.html [No Types Assigned]
  • CVE Modified by [email protected]

    Oct. 10, 2023

    Action Type Old Value New Value
    Added Reference https://github.com/dotnet/core/blob/e4613450ea0da7fd2fc6b61dfb2c1c1dec1ce9ec/release-notes/6.0/6.0.23/6.0.23.md?plain=1#L73 [No Types Assigned]
  • CVE Modified by [email protected]

    Oct. 10, 2023

    Action Type Old Value New Value
    Removed Reference https://github.com/hyperium/hyper/issues/3337 [No Types Assigned]
    Added Reference https://lists.apache.org/thread/5py8h42mxfsn8l1wy6o41xwhsjlsd87q [No Types Assigned]
    Added Reference https://www.openwall.com/lists/oss-security/2023/10/10/6 [No Types Assigned]
    Added Reference https://tomcat.apache.org/security-10.html#Fixed_in_Apache_Tomcat_10.1.14 [No Types Assigned]
    Added Reference https://seanmonstar.com/post/730794151136935936/hyper-http2-rapid-reset-unaffected [No Types Assigned]
  • CVE Modified by [email protected]

    Oct. 10, 2023

    Action Type Old Value New Value
    Added Reference https://gist.github.com/adulau/7c2bfb8e9cdbe4b35a5e131c66a0c088 [No Types Assigned]
    Added Reference https://edg.io/lp/blog/resets-leaks-ddos-and-the-tale-of-a-hidden-cve [No Types Assigned]
    Added Reference https://github.com/micrictor/http2-rst-stream [No Types Assigned]
    Added Reference https://github.com/h2o/h2o/security/advisories/GHSA-2m7v-gc89-fjqf [No Types Assigned]
    Added Reference https://github.com/dotnet/announcements/issues/277 [No Types Assigned]
    Added Reference https://github.com/apache/trafficserver/pull/10564 [No Types Assigned]
    Added Reference https://github.com/facebook/proxygen/pull/466 [No Types Assigned]
    Added Reference https://github.com/microsoft/CBL-Mariner/pull/6381 [No Types Assigned]
    Added Reference https://groups.google.com/g/golang-announce/c/iNNxDTCjZvo [No Types Assigned]
    Added Reference https://github.com/nodejs/node/pull/50121 [No Types Assigned]
    Added Reference https://github.com/h2o/h2o/pull/3291 [No Types Assigned]
    Added Reference https://github.com/advisories/GHSA-vx74-f528-fxqg [No Types Assigned]
    Added Reference https://openssf.org/blog/2023/10/10/http-2-rapid-reset-vulnerability-highlights-need-for-rapid-response/ [No Types Assigned]
    Added Reference https://github.com/golang/go/issues/63417 [No Types Assigned]
    Added Reference https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-44487 [No Types Assigned]
  • CVE Modified by [email protected]

    Oct. 10, 2023

    Action Type Old Value New Value
    Added Reference https://bugzilla.proxmox.com/show_bug.cgi?id=4988 [No Types Assigned]
    Added Reference https://msrc.microsoft.com/blog/2023/10/microsoft-response-to-distributed-denial-of-service-ddos-attacks-against-http/2/ [No Types Assigned]
    Added Reference https://cgit.freebsd.org/ports/commit/?id=c64c329c2c1752f46b73e3e6ce9f4329be6629f9 [No Types Assigned]
  • CVE Modified by [email protected]

    Oct. 10, 2023

    Action Type Old Value New Value
    Added Reference https://github.com/nghttp2/nghttp2/releases/tag/v1.57.0 [No Types Assigned]
    Added Reference https://mailman.nginx.org/pipermail/nginx-devel/2023-October/S36Q5HBXR7CAIMPLLPRSSSYR4PCMWILK.html [No Types Assigned]
    Added Reference https://my.f5.com/manage/s/article/K000137106 [No Types Assigned]
  • CVE Modified by [email protected]

    Oct. 10, 2023

    Action Type Old Value New Value
    Removed Reference https://chaos.social/@icing/111210915918780532 [No Types Assigned]
    Added Reference https://github.com/grpc/grpc-go/pull/6703 [No Types Assigned]
    Added Reference https://github.com/icing/mod_h2/blob/0a864782af0a942aa2ad4ed960a6b32cd35bcf0a/mod_http2/README.md?plain=1#L239-L244 [No Types Assigned]
  • CVE Modified by [email protected]

    Oct. 10, 2023

    Action Type Old Value New Value
    Added Reference https://github.com/bcdannyboy/CVE-2023-44487 [No Types Assigned]
    Added Reference https://www.bleepingcomputer.com/news/security/new-http-2-rapid-reset-zero-day-attack-breaks-ddos-records/ [No Types Assigned]
    Added Reference https://github.com/eclipse/jetty.project/issues/10679 [No Types Assigned]
    Added Reference https://github.com/alibaba/tengine/issues/1872 [No Types Assigned]
    Added Reference https://forums.swift.org/t/swift-nio-http2-security-update-cve-2023-44487-http-2-dos/67764 [No Types Assigned]
    Added Reference https://github.com/netty/netty/commit/58f75f665aa81a8cbcf6ffa74820042a285c5e61 [No Types Assigned]
    Added Reference https://github.com/nghttp2/nghttp2/pull/1961 [No Types Assigned]
    Added Reference https://news.ycombinator.com/item?id=37830987 [No Types Assigned]
    Added Reference https://news.ycombinator.com/item?id=37830998 [No Types Assigned]
    Added Reference https://github.com/envoyproxy/envoy/pull/30055 [No Types Assigned]
    Added Reference https://github.com/apache/tomcat/tree/main/java/org/apache/coyote/http2 [No Types Assigned]
    Added Reference https://github.com/caddyserver/caddy/issues/5877 [No Types Assigned]
    Added Reference https://github.com/haproxy/haproxy/issues/2312 [No Types Assigned]
    Added Reference https://github.com/hyperium/hyper/issues/3337 [No Types Assigned]
    Added Reference https://chaos.social/@icing/111210915918780532 [No Types Assigned]
EPSS is a daily estimate of the probability of exploitation activity being observed over the next 30 days. Following chart shows the EPSS score history of the vulnerability.
CWE - Common Weakness Enumeration

While CVE identifies specific instances of vulnerabilities, CWE categorizes the common flaws or weaknesses that can lead to vulnerabilities. CVE-2023-44487 is associated with the following CWEs:

Common Attack Pattern Enumeration and Classification (CAPEC)

Common Attack Pattern Enumeration and Classification (CAPEC) stores attack patterns, which are descriptions of the common attributes and approaches employed by adversaries to exploit the CVE-2023-44487 weaknesses.

Exploit Prediction

EPSS is a daily estimate of the probability of exploitation activity being observed over the next 30 days.

80.09 }} -1.30%

score

0.98547

percentile

CVSS31 - Vulnerability Scoring System
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability