### [CVE-2023-44487](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-44487)
![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)

### Description

The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.

### POC

#### Reference
- https://blog.cloudflare.com/technical-breakdown-http2-rapid-reset-ddos-attack/
- https://blog.cloudflare.com/zero-day-rapid-reset-http2-record-breaking-ddos-attack/
- https://github.com/Azure/AKS/issues/3947
- https://github.com/advisories/GHSA-qppj-fm5r-hxr3
- https://github.com/akka/akka-http/issues/4323
- https://github.com/alibaba/tengine/issues/1872
- https://github.com/apache/apisix/issues/10320
- https://github.com/apache/httpd-site/pull/10
- https://github.com/apache/trafficserver/pull/10564
- https://github.com/arkrwn/PoC/tree/main/CVE-2023-44487
- https://github.com/caddyserver/caddy/issues/5877
- https://github.com/eclipse/jetty.project/issues/10679
- https://github.com/envoyproxy/envoy/pull/30055
- https://github.com/etcd-io/etcd/issues/16740
- https://github.com/facebook/proxygen/pull/466
- https://github.com/golang/go/issues/63417
- https://github.com/grpc/grpc-go/pull/6703
- https://github.com/h2o/h2o/pull/3291
- https://github.com/haproxy/haproxy/issues/2312
- https://github.com/kazu-yamamoto/http2/issues/93
- https://github.com/kubernetes/kubernetes/pull/121120
- https://github.com/line/armeria/pull/5232
- https://github.com/micrictor/http2-rst-stream
- https://github.com/microsoft/CBL-Mariner/pull/6381
- https://github.com/nghttp2/nghttp2/pull/1961
- https://github.com/ninenines/cowboy/issues/1615
- https://github.com/nodejs/node/pull/50121
- https://github.com/openresty/openresty/issues/930
- https://github.com/opensearch-project/data-prepper/issues/3474
- https://github.com/projectcontour/contour/pull/5826
- https://github.com/tempesta-tech/tempesta/issues/1986
- https://github.com/varnishcache/varnish-cache/issues/3996
- https://www.bleepingcomputer.com/news/security/new-http-2-rapid-reset-zero-day-attack-breaks-ddos-records/
- https://www.darkreading.com/cloud/internet-wide-zero-day-bug-fuels-largest-ever-ddos-event

#### Github
- https://github.com/0xMarcio/cve
- https://github.com/AlexRogalskiy/AlexRogalskiy
- https://github.com/Austnez/tools
- https://github.com/ByteHackr/CVE-2023-44487
- https://github.com/CVEDB/awesome-cve-repo
- https://github.com/CVEDB/top
- https://github.com/Dzmitry-Basiachenka/dist-foreign-aliakh
- https://github.com/GhostTroops/TOP
- https://github.com/Green-Ace/test
- https://github.com/Millen93/HTTP-2.0-Rapid-Reset-Attack-Laboratory
- https://github.com/Ostorlab/KEV
- https://github.com/Ostorlab/known_exploited_vulnerbilities_detectors
- https://github.com/ReToCode/golang-CVE-2023-44487
- https://github.com/TYuan0816/cve-2023-44487
- https://github.com/XiangTrong/http2-rapid-client
- https://github.com/ZonghaoLi777/githubTrending
- https://github.com/aerospike-managed-cloud-services/flb-output-gcs
- https://github.com/alex-grandson/docker-python-example
- https://github.com/aneasystone/github-trending
- https://github.com/bartvoet/assignment-ehb-security-review-adamlenez
- https://github.com/bcdannyboy/CVE-2023-44487
- https://github.com/danielkec/rapid-reset
- https://github.com/dygma0/dygma0
- https://github.com/fankun99/baicuan
- https://github.com/fkie-cad/nvd-json-data-feeds
- https://github.com/ge-wijayanto/http2-rapid-reset-validator
- https://github.com/giterlizzi/secdb-feeds
- https://github.com/h7ml/h7ml
- https://github.com/hktalent/TOP
- https://github.com/imabee101/CVE-2023-44487
- https://github.com/irgoncalves/awesome-security-articles
- https://github.com/jafshare/GithubTrending
- https://github.com/johe123qwe/github-trending
- https://github.com/jrg1a/tools
- https://github.com/juev/links
- https://github.com/knabben/dos-poc
- https://github.com/kobutton/redhat-cve-fix-checker
- https://github.com/kyverno/policy-reporter-plugins
- https://github.com/lucasrod16/exploitlens
- https://github.com/m00dy/r4p1d-r3s3t
- https://github.com/malinkamedok/devops_sandbox
- https://github.com/micrictor/http2-rst-stream
- https://github.com/ndrscodes/http2-rst-stream-attacker
- https://github.com/nics-tw/sbom2vans
- https://github.com/nomi-sec/PoC-in-GitHub
- https://github.com/nvdg2/http2RapidReset
- https://github.com/nxenon/cve-2023-44487
- https://github.com/oscerd/nice-cve-poc
- https://github.com/pabloec20/rapidreset
- https://github.com/ramonzx6/http-script-json
- https://github.com/rxerium/stars
- https://github.com/seal-community/patches
- https://github.com/secengjeff/rapidresetclient
- https://github.com/sigridou/CVE-2023-44487-
- https://github.com/studiogangster/CVE-2023-44487
- https://github.com/tanjiti/sec_profile
- https://github.com/terrorist/HTTP-2-Rapid-Reset-Client
- https://github.com/testing-felickz/docker-scout-demo
- https://github.com/wolfc/snakeinmyboot
- https://github.com/ytono/gcp-arcade
- https://github.com/zengzzzzz/golang-trending-archive
- https://github.com/zhaohuabing/cve-agent
- https://github.com/zhaoolee/garss