2023-10-10 16:00:28 +00:00
{
"id" : "CVE-2023-44487" ,
"sourceIdentifier" : "cve@mitre.org" ,
"published" : "2023-10-10T14:15:10.883" ,
2023-10-10 18:00:28 +00:00
"lastModified" : "2023-10-10T17:15:13.183" ,
2023-10-10 16:00:28 +00:00
"vulnStatus" : "Awaiting Analysis" ,
"descriptions" : [
{
"lang" : "en" ,
"value" : "The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023."
}
] ,
"metrics" : { } ,
"references" : [
{
"url" : "https://aws.amazon.com/security/security-bulletins/AWS-2023-011/" ,
"source" : "cve@mitre.org"
} ,
{
"url" : "https://blog.cloudflare.com/technical-breakdown-http2-rapid-reset-ddos-attack/" ,
"source" : "cve@mitre.org"
} ,
{
"url" : "https://blog.cloudflare.com/zero-day-rapid-reset-http2-record-breaking-ddos-attack/" ,
"source" : "cve@mitre.org"
} ,
{
"url" : "https://cloud.google.com/blog/products/identity-security/google-cloud-mitigated-largest-ddos-attack-peaking-above-398-million-rps/" ,
"source" : "cve@mitre.org"
} ,
{
"url" : "https://cloud.google.com/blog/products/identity-security/how-it-works-the-novel-http2-rapid-reset-ddos-attack" ,
"source" : "cve@mitre.org"
} ,
{
"url" : "https://forums.swift.org/t/swift-nio-http2-security-update-cve-2023-44487-http-2-dos/67764" ,
"source" : "cve@mitre.org"
} ,
{
"url" : "https://github.com/alibaba/tengine/issues/1872" ,
"source" : "cve@mitre.org"
} ,
{
"url" : "https://github.com/apache/tomcat/tree/main/java/org/apache/coyote/http2" ,
"source" : "cve@mitre.org"
} ,
{
"url" : "https://github.com/bcdannyboy/CVE-2023-44487" ,
"source" : "cve@mitre.org"
} ,
{
"url" : "https://github.com/caddyserver/caddy/issues/5877" ,
"source" : "cve@mitre.org"
} ,
{
"url" : "https://github.com/eclipse/jetty.project/issues/10679" ,
"source" : "cve@mitre.org"
} ,
{
"url" : "https://github.com/envoyproxy/envoy/pull/30055" ,
"source" : "cve@mitre.org"
} ,
2023-10-10 18:00:28 +00:00
{
"url" : "https://github.com/grpc/grpc-go/pull/6703" ,
"source" : "cve@mitre.org"
} ,
2023-10-10 16:00:28 +00:00
{
"url" : "https://github.com/haproxy/haproxy/issues/2312" ,
"source" : "cve@mitre.org"
} ,
{
"url" : "https://github.com/hyperium/hyper/issues/3337" ,
"source" : "cve@mitre.org"
} ,
2023-10-10 18:00:28 +00:00
{
"url" : "https://github.com/icing/mod_h2/blob/0a864782af0a942aa2ad4ed960a6b32cd35bcf0a/mod_http2/README.md?plain=1#L239-L244" ,
"source" : "cve@mitre.org"
} ,
2023-10-10 16:00:28 +00:00
{
"url" : "https://github.com/netty/netty/commit/58f75f665aa81a8cbcf6ffa74820042a285c5e61" ,
"source" : "cve@mitre.org"
} ,
{
"url" : "https://github.com/nghttp2/nghttp2/pull/1961" ,
"source" : "cve@mitre.org"
} ,
2023-10-10 18:00:28 +00:00
{
"url" : "https://github.com/nghttp2/nghttp2/releases/tag/v1.57.0" ,
"source" : "cve@mitre.org"
} ,
{
"url" : "https://mailman.nginx.org/pipermail/nginx-devel/2023-October/S36Q5HBXR7CAIMPLLPRSSSYR4PCMWILK.html" ,
"source" : "cve@mitre.org"
} ,
{
"url" : "https://my.f5.com/manage/s/article/K000137106" ,
"source" : "cve@mitre.org"
} ,
2023-10-10 16:00:28 +00:00
{
"url" : "https://news.ycombinator.com/item?id=37830987" ,
"source" : "cve@mitre.org"
} ,
{
"url" : "https://news.ycombinator.com/item?id=37830998" ,
"source" : "cve@mitre.org"
} ,
{
"url" : "https://news.ycombinator.com/item?id=37831062" ,
"source" : "cve@mitre.org"
} ,
{
"url" : "https://www.bleepingcomputer.com/news/security/new-http-2-rapid-reset-zero-day-attack-breaks-ddos-records/" ,
"source" : "cve@mitre.org"
} ,
{
"url" : "https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/" ,
"source" : "cve@mitre.org"
} ,
{
"url" : "https://www.phoronix.com/news/HTTP2-Rapid-Reset-Attack" ,
"source" : "cve@mitre.org"
}
]
}
