← Retour aux CVEs
CVE-2023-44487
HIGHCISA KEV7.5
Description
The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.
Details CVE
Score CVSS v3.17.5
SeveriteHIGH
Vecteur CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Vecteur d'attaqueNETWORK
ComplexiteLOW
Privileges requisNONE
Interaction utilisateurNONE
Publie10/10/2023
Derniere modification11/7/2025
Sourcekev
Observations honeypot0
CISA KEV
FournisseurIETF
ProduitHTTP/2
Nom vulnerabiliteHTTP/2 Rapid Reset Attack Vulnerability
Date ajout KEV2023-10-10
Date limite remediation2023-10-31
Utilise dans ransomwareUnknown
Produits affectes
akka:http_serveramazon:opensearch_data_prepperapache:apisixapache:solrapache:tomcatapache:traffic_serverapple:swiftnio_http\/2caddyserver:caddycisco:business_process_automationcisco:connected_mobile_experiencescisco:crosswork_data_gatewaycisco:crosswork_situation_managercisco:crosswork_zero_touch_provisioningcisco:data_center_network_managercisco:enterprise_chat_and_emailcisco:expresswaycisco:firepower_threat_defensecisco:fog_directorcisco:ios_xecisco:ios_xrcisco:iot_field_network_directorcisco:nexus_3016cisco:nexus_3016qcisco:nexus_3048cisco:nexus_3064cisco:nexus_3064-32tcisco:nexus_3064-tcisco:nexus_3064-xcisco:nexus_3064tcisco:nexus_3064xcisco:nexus_3100cisco:nexus_3100-vcisco:nexus_3100-zcisco:nexus_3100vcisco:nexus_31108pc-vcisco:nexus_31108pv-vcisco:nexus_31108tc-vcisco:nexus_31128pqcisco:nexus_3132c-zcisco:nexus_3132qcisco:nexus_3132q-vcisco:nexus_3132q-xcisco:nexus_3132q-x\/3132q-xlcisco:nexus_3132q-xlcisco:nexus_3164qcisco:nexus_3172cisco:nexus_3172pqcisco:nexus_3172pq-xlcisco:nexus_3172pq\/pq-xlcisco:nexus_3172tqcisco:nexus_3172tq-32tcisco:nexus_3172tq-xlcisco:nexus_3200cisco:nexus_3232cisco:nexus_3232ccisco:nexus_3232c_cisco:nexus_3264c-ecisco:nexus_3264qcisco:nexus_3400cisco:nexus_3408-scisco:nexus_34180yccisco:nexus_34200yc-smcisco:nexus_3432d-scisco:nexus_3464ccisco:nexus_3500cisco:nexus_3524cisco:nexus_3524-xcisco:nexus_3524-x\/xlcisco:nexus_3524-xlcisco:nexus_3548cisco:nexus_3548-xcisco:nexus_3548-x\/xlcisco:nexus_3548-xlcisco:nexus_3600cisco:nexus_36180yc-rcisco:nexus_3636c-rcisco:nexus_9000vcisco:nexus_9200cisco:nexus_9200yccisco:nexus_92160yc-xcisco:nexus_92160yc_switchcisco:nexus_9221ccisco:nexus_92300yccisco:nexus_92300yc_switchcisco:nexus_92304qccisco:nexus_92304qc_switchcisco:nexus_9232ecisco:nexus_92348gc-xcisco:nexus_9236ccisco:nexus_9236c_switchcisco:nexus_9272qcisco:nexus_9272q_switchcisco:nexus_9300cisco:nexus_93108tc-excisco:nexus_93108tc-ex-24cisco:nexus_93108tc-ex_switchcisco:nexus_93108tc-fxcisco:nexus_93108tc-fx-24cisco:nexus_93108tc-fx3hcisco:nexus_93108tc-fx3pcisco:nexus_93120txcisco:nexus_93120tx_switchcisco:nexus_93128cisco:nexus_93128txcisco:nexus_93128tx_switchcisco:nexus_9316d-gxcisco:nexus_93180lc-excisco:nexus_93180lc-ex_switchcisco:nexus_93180tc-excisco:nexus_93180yc-excisco:nexus_93180yc-ex-24cisco:nexus_93180yc-ex_switchcisco:nexus_93180yc-fxcisco:nexus_93180yc-fx-24cisco:nexus_93180yc-fx3cisco:nexus_93180yc-fx3hcisco:nexus_93180yc-fx3scisco:nexus_93216tc-fx2cisco:nexus_93240tc-fx2cisco:nexus_93240yc-fx2cisco:nexus_9332ccisco:nexus_9332d-gx2bcisco:nexus_9332d-h2rcisco:nexus_9332pqcisco:nexus_9332pq_switchcisco:nexus_93360yc-fx2cisco:nexus_9336c-fx2cisco:nexus_9336c-fx2-ecisco:nexus_9336pqcisco:nexus_9336pq_acicisco:nexus_9336pq_aci_spinecisco:nexus_9336pq_aci_spine_switchcisco:nexus_9348d-gx2acisco:nexus_9348gc-fx3cisco:nexus_9348gc-fxpcisco:nexus_93600cd-gxcisco:nexus_9364ccisco:nexus_9364c-gxcisco:nexus_9364d-gx2acisco:nexus_9372pxcisco:nexus_9372px-ecisco:nexus_9372px-e_switchcisco:nexus_9372px_switchcisco:nexus_9372txcisco:nexus_9372tx-ecisco:nexus_9372tx-e_switchcisco:nexus_9372tx_switchcisco:nexus_9396pxcisco:nexus_9396px_switchcisco:nexus_9396txcisco:nexus_9396tx_switchcisco:nexus_9408cisco:nexus_9432pqcisco:nexus_9500cisco:nexus_9500_16-slotcisco:nexus_9500_4-slotcisco:nexus_9500_8-slotcisco:nexus_9500_supervisor_acisco:nexus_9500_supervisor_a\+cisco:nexus_9500_supervisor_bcisco:nexus_9500_supervisor_b\+cisco:nexus_9500rcisco:nexus_9504cisco:nexus_9504_switchcisco:nexus_9508cisco:nexus_9508_switchcisco:nexus_9516cisco:nexus_9516_switchcisco:nexus_9536pqcisco:nexus_9636pqcisco:nexus_9716d-gxcisco:nexus_9736pqcisco:nexus_9800cisco:nexus_9804cisco:nexus_9808cisco:nx-oscisco:prime_access_registrarcisco:prime_cable_provisioningcisco:prime_infrastructurecisco:prime_network_registrarcisco:secure_dynamic_attributes_connectorcisco:secure_malware_analyticscisco:secure_web_appliancecisco:secure_web_appliance_firmwarecisco:telepresence_video_communication_servercisco:ultra_cloud_core_-_policy_control_functioncisco:ultra_cloud_core_-_serving_gateway_functioncisco:ultra_cloud_core_-_session_management_functioncisco:unified_attendant_console_advancedcisco:unified_contact_center_domain_managercisco:unified_contact_center_enterprisecisco:unified_contact_center_enterprise_-_live_data_servercisco:unified_contact_center_management_portaldebian:debian_linuxdena:h2oeclipse:jettyenvoyproxy:envoyf5:big-ip_access_policy_managerf5:big-ip_advanced_firewall_managerf5:big-ip_advanced_web_application_firewallf5:big-ip_analyticsf5:big-ip_application_acceleration_managerf5:big-ip_application_security_managerf5:big-ip_application_visibility_and_reportingf5:big-ip_carrier-grade_natf5:big-ip_ddos_hybrid_defenderf5:big-ip_domain_name_systemf5:big-ip_fraud_protection_servicef5:big-ip_global_traffic_managerf5:big-ip_link_controllerf5:big-ip_local_traffic_managerf5:big-ip_nextf5:big-ip_next_service_proxy_for_kubernetesf5:big-ip_policy_enforcement_managerf5:big-ip_ssl_orchestratorf5:big-ip_webacceleratorf5:big-ip_websafef5:nginxf5:nginx_ingress_controllerf5:nginx_plusfacebook:proxygenfedoraproject:fedoragolang:gogolang:http2golang:networkinggrpc:grpcietf:httpistio:istiojenkins:jenkinskazu-yamamoto:http2konghq:kong_gatewaylinecorp:armerialinkerd:linkerdmicrosoft:.netmicrosoft:asp.net_coremicrosoft:azure_kubernetes_servicemicrosoft:cbl-marinermicrosoft:visual_studio_2022microsoft:windows_10_1607microsoft:windows_10_1809microsoft:windows_10_21h2microsoft:windows_10_22h2microsoft:windows_11_21h2microsoft:windows_11_22h2microsoft:windows_server_2016microsoft:windows_server_2019microsoft:windows_server_2022netapp:astra_control_centernetapp:oncommand_insightnetty:nettynghttp2:nghttp2nodejs:node.jsopenresty:openrestyprojectcontour:contourredhat:3scale_api_management_platformredhat:advanced_cluster_management_for_kubernetesredhat:advanced_cluster_securityredhat:ansible_automation_platformredhat:build_of_optaplannerredhat:build_of_quarkusredhat:ceph_storageredhat:cert-manager_operator_for_red_hat_openshiftredhat:certification_for_red_hat_enterprise_linuxredhat:cost_managementredhat:cryostatredhat:decision_managerredhat:enterprise_linuxredhat:fence_agents_remediation_operatorredhat:integration_camel_for_spring_bootredhat:integration_camel_kredhat:integration_service_registryredhat:jboss_a-mqredhat:jboss_a-mq_streamsredhat:jboss_core_servicesredhat:jboss_data_gridredhat:jboss_enterprise_application_platformredhat:jboss_fuseredhat:logging_subsystem_for_red_hat_openshiftredhat:machine_deletion_remediation_operatorredhat:migration_toolkit_for_applicationsredhat:migration_toolkit_for_containersredhat:migration_toolkit_for_virtualizationredhat:network_observability_operatorredhat:node_healthcheck_operatorredhat:node_maintenance_operatorredhat:openshiftredhat:openshift_api_for_data_protectionredhat:openshift_container_platformredhat:openshift_container_platform_assisted_installerredhat:openshift_data_scienceredhat:openshift_dev_spacesredhat:openshift_developer_tools_and_servicesredhat:openshift_distributed_tracingredhat:openshift_gitopsredhat:openshift_pipelinesredhat:openshift_sandboxed_containersredhat:openshift_secondary_scheduler_operatorredhat:openshift_serverlessredhat:openshift_service_meshredhat:openshift_virtualizationredhat:openstack_platformredhat:process_automationredhat:quayredhat:run_once_duration_override_operatorredhat:satelliteredhat:self_node_remediation_operatorredhat:service_interconnectredhat:service_telemetry_frameworkredhat:single_sign-onredhat:support_for_spring_bootredhat:web_terminaltraefik:traefikvarnish_cache_project:varnish_cache
Faiblesses (CWE)
CWE-400
References
http://www.openwall.com/lists/oss-security/2023/10/10/6(cve@mitre.org)
http://www.openwall.com/lists/oss-security/2023/10/10/7(cve@mitre.org)
http://www.openwall.com/lists/oss-security/2023/10/13/4(cve@mitre.org)
http://www.openwall.com/lists/oss-security/2023/10/13/9(cve@mitre.org)
http://www.openwall.com/lists/oss-security/2023/10/18/4(cve@mitre.org)
http://www.openwall.com/lists/oss-security/2023/10/18/8(cve@mitre.org)
http://www.openwall.com/lists/oss-security/2023/10/19/6(cve@mitre.org)
http://www.openwall.com/lists/oss-security/2023/10/20/8(cve@mitre.org)
https://access.redhat.com/security/cve/cve-2023-44487(cve@mitre.org)
https://arstechnica.com/security/2023/10/how-ddosers-used-the-http-2-protocol-to-deliver-attacks-of-unprecedented-size/(cve@mitre.org)
https://blog.qualys.com/vulnerabilities-threat-research/2023/10/10/cve-2023-44487-http-2-rapid-reset-attack(cve@mitre.org)
https://blog.vespa.ai/cve-2023-44487/(cve@mitre.org)
https://bugzilla.proxmox.com/show_bug.cgi?id=4988(cve@mitre.org)
https://bugzilla.redhat.com/show_bug.cgi?id=2242803(cve@mitre.org)
https://bugzilla.suse.com/show_bug.cgi?id=1216123(cve@mitre.org)
https://cloud.google.com/blog/products/identity-security/google-cloud-mitigated-largest-ddos-attack-peaking-above-398-million-rps/(cve@mitre.org)
https://cloud.google.com/blog/products/identity-security/how-it-works-the-novel-http2-rapid-reset-ddos-attack(cve@mitre.org)
https://forums.swift.org/t/swift-nio-http2-security-update-cve-2023-44487-http-2-dos/67764(cve@mitre.org)
https://github.com/Azure/AKS/issues/3947(cve@mitre.org)
https://github.com/Kong/kong/discussions/11741(cve@mitre.org)
https://github.com/advisories/GHSA-qppj-fm5r-hxr3(cve@mitre.org)
https://github.com/advisories/GHSA-vx74-f528-fxqg(cve@mitre.org)
https://github.com/advisories/GHSA-xpw8-rcwv-8f8p(cve@mitre.org)
https://github.com/akka/akka-http/issues/4323(cve@mitre.org)
https://github.com/alibaba/tengine/issues/1872(cve@mitre.org)
https://github.com/apache/apisix/issues/10320(cve@mitre.org)
https://github.com/apache/httpd-site/pull/10(cve@mitre.org)
https://github.com/apache/httpd/blob/afcdbeebbff4b0c50ea26cdd16e178c0d1f24152/modules/http2/h2_mplx.c#L1101-L1113(cve@mitre.org)
https://github.com/apache/trafficserver/pull/10564(cve@mitre.org)
https://github.com/arkrwn/PoC/tree/main/CVE-2023-44487(cve@mitre.org)
https://github.com/bcdannyboy/CVE-2023-44487(cve@mitre.org)
https://github.com/caddyserver/caddy/issues/5877(cve@mitre.org)
https://github.com/caddyserver/caddy/releases/tag/v2.7.5(cve@mitre.org)
https://github.com/dotnet/announcements/issues/277(cve@mitre.org)
https://github.com/dotnet/core/blob/e4613450ea0da7fd2fc6b61dfb2c1c1dec1ce9ec/release-notes/6.0/6.0.23/6.0.23.md?plain=1#L73(cve@mitre.org)
https://github.com/eclipse/jetty.project/issues/10679(cve@mitre.org)
https://github.com/envoyproxy/envoy/pull/30055(cve@mitre.org)
https://github.com/etcd-io/etcd/issues/16740(cve@mitre.org)
https://github.com/facebook/proxygen/pull/466(cve@mitre.org)
https://github.com/golang/go/issues/63417(cve@mitre.org)
https://github.com/grpc/grpc-go/pull/6703(cve@mitre.org)
https://github.com/grpc/grpc/releases/tag/v1.59.2(cve@mitre.org)
https://github.com/h2o/h2o/pull/3291(cve@mitre.org)
https://github.com/haproxy/haproxy/issues/2312(cve@mitre.org)
https://github.com/icing/mod_h2/blob/0a864782af0a942aa2ad4ed960a6b32cd35bcf0a/mod_http2/README.md?plain=1#L239-L244(cve@mitre.org)
https://github.com/junkurihara/rust-rpxy/issues/97(cve@mitre.org)
https://github.com/kazu-yamamoto/http2/commit/f61d41a502bd0f60eb24e1ce14edc7b6df6722a1(cve@mitre.org)
https://github.com/kazu-yamamoto/http2/issues/93(cve@mitre.org)
https://github.com/kubernetes/kubernetes/pull/121120(cve@mitre.org)
https://github.com/line/armeria/pull/5232(cve@mitre.org)
https://github.com/linkerd/website/pull/1695/commits/4b9c6836471bc8270ab48aae6fd2181bc73fd632(cve@mitre.org)
https://github.com/micrictor/http2-rst-stream(cve@mitre.org)
https://github.com/microsoft/CBL-Mariner/pull/6381(cve@mitre.org)
https://github.com/nghttp2/nghttp2/pull/1961(cve@mitre.org)
https://github.com/nghttp2/nghttp2/releases/tag/v1.57.0(cve@mitre.org)
https://github.com/ninenines/cowboy/issues/1615(cve@mitre.org)
https://github.com/nodejs/node/pull/50121(cve@mitre.org)
https://github.com/openresty/openresty/issues/930(cve@mitre.org)
https://github.com/oqtane/oqtane.framework/discussions/3367(cve@mitre.org)
https://github.com/projectcontour/contour/pull/5826(cve@mitre.org)
https://github.com/tempesta-tech/tempesta/issues/1986(cve@mitre.org)
https://github.com/varnishcache/varnish-cache/issues/3996(cve@mitre.org)
https://groups.google.com/g/golang-announce/c/iNNxDTCjZvo(cve@mitre.org)
https://linkerd.io/2023/10/12/linkerd-cve-2023-44487/(cve@mitre.org)
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2MBEPPC36UBVOZZNAXFHKLFGSLCMN5LI/(cve@mitre.org)
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3N4NJ7FR4X4FPZUGNTQAPSTVB2HB2Y4A/(cve@mitre.org)
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BFQD3KUEMFBHPAPBGLWQC34L4OWL5HAZ/(cve@mitre.org)
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CLB4TW7KALB3EEQWNWCN7OUIWWVWWCG2/(cve@mitre.org)
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/E72T67UPDRXHIDLO3OROR25YAMN4GGW5/(cve@mitre.org)
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FNA62Q767CFAFHBCDKYNPBMZWB7TWYVU/(cve@mitre.org)
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HT7T2R4MQKLIF4ODV4BDLPARWFPCJ5CZ/(cve@mitre.org)
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JIZSEFC3YKCGABA2BZW6ZJRMDZJMB7PJ/(cve@mitre.org)
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JMEXY22BFG5Q64HQCM5CK2Q7KDKVV4TY/(cve@mitre.org)
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KSEGD2IWKNUO3DWY4KQGUQM5BISRWHQE/(cve@mitre.org)
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LKYHSZQFDNR7RSA7LHVLLIAQMVYCUGBG/(cve@mitre.org)
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LNMZJCDHGLJJLXO4OXWJMTVQRNWOC7UL/(cve@mitre.org)
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VHUHTSXLXGXS7JYKBXTA3VINUPHTNGVU/(cve@mitre.org)
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VSRDIV77HNKUSM7SJC5BKE5JSHLHU2NK/(cve@mitre.org)
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WE2I52RHNNU42PX6NZ2RBUHSFFJ2LVZX/(cve@mitre.org)
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WLPRQ5TWUQQXYWBJM7ECYDAIL2YVKIUH/(cve@mitre.org)
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/X6QXN4ORIVF6XBW4WWFE7VNPVC74S45Y/(cve@mitre.org)
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XFOIBB4YFICHDM7IBOP7PWXW3FX4HLL2/(cve@mitre.org)
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZB43REMKRQR62NJEI7I5NQ4FSXNLBKRT/(cve@mitre.org)
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZKQSIKIAT5TJ3WSLU3RDBQ35YX4GY4V3/(cve@mitre.org)
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZLU6U2R2IC2K64NDPNMV55AUAO65MAF4/(cve@mitre.org)
https://mailman.nginx.org/pipermail/nginx-devel/2023-October/S36Q5HBXR7CAIMPLLPRSSSYR4PCMWILK.html(cve@mitre.org)
https://martinthomson.github.io/h2-stream-limits/draft-thomson-httpbis-h2-stream-limits.html(cve@mitre.org)
https://msrc.microsoft.com/blog/2023/10/microsoft-response-to-distributed-denial-of-service-ddos-attacks-against-http/2/(cve@mitre.org)
https://my.f5.com/manage/s/article/K000137106(cve@mitre.org)
https://netty.io/news/2023/10/10/4-1-100-Final.html(cve@mitre.org)
https://news.ycombinator.com/item?id=37830987(cve@mitre.org)
https://news.ycombinator.com/item?id=37830998(cve@mitre.org)
https://news.ycombinator.com/item?id=37831062(cve@mitre.org)
https://news.ycombinator.com/item?id=37837043(cve@mitre.org)
https://openssf.org/blog/2023/10/10/http-2-rapid-reset-vulnerability-highlights-need-for-rapid-response/(cve@mitre.org)
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-http2-reset-d8Kf32vZ(cve@mitre.org)
https://security.gentoo.org/glsa/202311-09(cve@mitre.org)
https://security.netapp.com/advisory/ntap-20231016-0001/(cve@mitre.org)
https://security.netapp.com/advisory/ntap-20240426-0007/(cve@mitre.org)
https://security.netapp.com/advisory/ntap-20240621-0006/(cve@mitre.org)
https://security.netapp.com/advisory/ntap-20240621-0007/(cve@mitre.org)
https://security.paloaltonetworks.com/CVE-2023-44487(cve@mitre.org)
https://ubuntu.com/security/CVE-2023-44487(cve@mitre.org)
https://www.bleepingcomputer.com/news/security/new-http-2-rapid-reset-zero-day-attack-breaks-ddos-records/(cve@mitre.org)
https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487(cve@mitre.org)
https://www.darkreading.com/cloud/internet-wide-zero-day-bug-fuels-largest-ever-ddos-event(cve@mitre.org)
https://www.debian.org/security/2023/dsa-5521(cve@mitre.org)
https://www.debian.org/security/2023/dsa-5522(cve@mitre.org)
https://www.debian.org/security/2023/dsa-5540(cve@mitre.org)
https://www.debian.org/security/2023/dsa-5549(cve@mitre.org)
https://www.debian.org/security/2023/dsa-5558(cve@mitre.org)
https://www.debian.org/security/2023/dsa-5570(cve@mitre.org)
https://www.haproxy.com/blog/haproxy-is-not-affected-by-the-http-2-rapid-reset-attack-cve-2023-44487(cve@mitre.org)
https://www.openwall.com/lists/oss-security/2023/10/10/6(cve@mitre.org)
https://www.phoronix.com/news/HTTP2-Rapid-Reset-Attack(cve@mitre.org)
http://www.openwall.com/lists/oss-security/2023/10/13/4(af854a3a-2127-422b-91ae-364da2661108)
http://www.openwall.com/lists/oss-security/2023/10/13/9(af854a3a-2127-422b-91ae-364da2661108)
http://www.openwall.com/lists/oss-security/2023/10/18/4(af854a3a-2127-422b-91ae-364da2661108)
http://www.openwall.com/lists/oss-security/2023/10/18/8(af854a3a-2127-422b-91ae-364da2661108)
http://www.openwall.com/lists/oss-security/2023/10/19/6(af854a3a-2127-422b-91ae-364da2661108)
http://www.openwall.com/lists/oss-security/2023/10/20/8(af854a3a-2127-422b-91ae-364da2661108)
http://www.openwall.com/lists/oss-security/2025/08/13/6(af854a3a-2127-422b-91ae-364da2661108)
https://access.redhat.com/security/cve/cve-2023-44487(af854a3a-2127-422b-91ae-364da2661108)
https://arstechnica.com/security/2023/10/how-ddosers-used-the-http-2-protocol-to-deliver-attacks-of-unprecedented-size/(af854a3a-2127-422b-91ae-364da2661108)
https://aws.amazon.com/security/security-bulletins/AWS-2023-011/(af854a3a-2127-422b-91ae-364da2661108)
https://blog.cloudflare.com/technical-breakdown-http2-rapid-reset-ddos-attack/(af854a3a-2127-422b-91ae-364da2661108)
https://blog.cloudflare.com/zero-day-rapid-reset-http2-record-breaking-ddos-attack/(af854a3a-2127-422b-91ae-364da2661108)
https://blog.litespeedtech.com/2023/10/11/rapid-reset-http-2-vulnerablilty/(af854a3a-2127-422b-91ae-364da2661108)
https://blog.qualys.com/vulnerabilities-threat-research/2023/10/10/cve-2023-44487-http-2-rapid-reset-attack(af854a3a-2127-422b-91ae-364da2661108)
https://blog.vespa.ai/cve-2023-44487/(af854a3a-2127-422b-91ae-364da2661108)
https://bugzilla.proxmox.com/show_bug.cgi?id=4988(af854a3a-2127-422b-91ae-364da2661108)
https://bugzilla.redhat.com/show_bug.cgi?id=2242803(af854a3a-2127-422b-91ae-364da2661108)
https://bugzilla.suse.com/show_bug.cgi?id=1216123(af854a3a-2127-422b-91ae-364da2661108)
https://cgit.freebsd.org/ports/commit/?id=c64c329c2c1752f46b73e3e6ce9f4329be6629f9(af854a3a-2127-422b-91ae-364da2661108)
https://cloud.google.com/blog/products/identity-security/google-cloud-mitigated-largest-ddos-attack-peaking-above-398-million-rps/(af854a3a-2127-422b-91ae-364da2661108)
https://cloud.google.com/blog/products/identity-security/how-it-works-the-novel-http2-rapid-reset-ddos-attack(af854a3a-2127-422b-91ae-364da2661108)
https://community.traefik.io/t/is-traefik-vulnerable-to-cve-2023-44487/20125(af854a3a-2127-422b-91ae-364da2661108)
https://discuss.hashicorp.com/t/hcsec-2023-32-vault-consul-and-boundary-affected-by-http-2-rapid-reset-denial-of-service-vulnerability-cve-2023-44487/59715(af854a3a-2127-422b-91ae-364da2661108)
https://edg.io/lp/blog/resets-leaks-ddos-and-the-tale-of-a-hidden-cve(af854a3a-2127-422b-91ae-364da2661108)
https://forums.swift.org/t/swift-nio-http2-security-update-cve-2023-44487-http-2-dos/67764(af854a3a-2127-422b-91ae-364da2661108)
https://gist.github.com/adulau/7c2bfb8e9cdbe4b35a5e131c66a0c088(af854a3a-2127-422b-91ae-364da2661108)
https://github.com/Azure/AKS/issues/3947(af854a3a-2127-422b-91ae-364da2661108)
https://github.com/Kong/kong/discussions/11741(af854a3a-2127-422b-91ae-364da2661108)
https://github.com/advisories/GHSA-qppj-fm5r-hxr3(af854a3a-2127-422b-91ae-364da2661108)
https://github.com/advisories/GHSA-vx74-f528-fxqg(af854a3a-2127-422b-91ae-364da2661108)
https://github.com/advisories/GHSA-xpw8-rcwv-8f8p(af854a3a-2127-422b-91ae-364da2661108)
https://github.com/akka/akka-http/issues/4323(af854a3a-2127-422b-91ae-364da2661108)
https://github.com/alibaba/tengine/issues/1872(af854a3a-2127-422b-91ae-364da2661108)
https://github.com/apache/apisix/issues/10320(af854a3a-2127-422b-91ae-364da2661108)
https://github.com/apache/httpd-site/pull/10(af854a3a-2127-422b-91ae-364da2661108)
https://github.com/apache/httpd/blob/afcdbeebbff4b0c50ea26cdd16e178c0d1f24152/modules/http2/h2_mplx.c#L1101-L1113(af854a3a-2127-422b-91ae-364da2661108)
https://github.com/apache/tomcat/tree/main/java/org/apache/coyote/http2(af854a3a-2127-422b-91ae-364da2661108)
https://github.com/apache/trafficserver/pull/10564(af854a3a-2127-422b-91ae-364da2661108)
https://github.com/arkrwn/PoC/tree/main/CVE-2023-44487(af854a3a-2127-422b-91ae-364da2661108)
https://github.com/bcdannyboy/CVE-2023-44487(af854a3a-2127-422b-91ae-364da2661108)
https://github.com/caddyserver/caddy/issues/5877(af854a3a-2127-422b-91ae-364da2661108)
https://github.com/caddyserver/caddy/releases/tag/v2.7.5(af854a3a-2127-422b-91ae-364da2661108)
https://github.com/dotnet/announcements/issues/277(af854a3a-2127-422b-91ae-364da2661108)
https://github.com/dotnet/core/blob/e4613450ea0da7fd2fc6b61dfb2c1c1dec1ce9ec/release-notes/6.0/6.0.23/6.0.23.md?plain=1#L73(af854a3a-2127-422b-91ae-364da2661108)
https://github.com/eclipse/jetty.project/issues/10679(af854a3a-2127-422b-91ae-364da2661108)
https://github.com/envoyproxy/envoy/pull/30055(af854a3a-2127-422b-91ae-364da2661108)
https://github.com/etcd-io/etcd/issues/16740(af854a3a-2127-422b-91ae-364da2661108)
https://github.com/facebook/proxygen/pull/466(af854a3a-2127-422b-91ae-364da2661108)
https://github.com/golang/go/issues/63417(af854a3a-2127-422b-91ae-364da2661108)
https://github.com/grpc/grpc-go/pull/6703(af854a3a-2127-422b-91ae-364da2661108)
https://github.com/h2o/h2o/pull/3291(af854a3a-2127-422b-91ae-364da2661108)
https://github.com/h2o/h2o/security/advisories/GHSA-2m7v-gc89-fjqf(af854a3a-2127-422b-91ae-364da2661108)
https://github.com/haproxy/haproxy/issues/2312(af854a3a-2127-422b-91ae-364da2661108)
https://github.com/icing/mod_h2/blob/0a864782af0a942aa2ad4ed960a6b32cd35bcf0a/mod_http2/README.md?plain=1#L239-L244(af854a3a-2127-422b-91ae-364da2661108)
https://github.com/junkurihara/rust-rpxy/issues/97(af854a3a-2127-422b-91ae-364da2661108)
https://github.com/kazu-yamamoto/http2/commit/f61d41a502bd0f60eb24e1ce14edc7b6df6722a1(af854a3a-2127-422b-91ae-364da2661108)
https://github.com/kazu-yamamoto/http2/issues/93(af854a3a-2127-422b-91ae-364da2661108)
https://github.com/kubernetes/kubernetes/pull/121120(af854a3a-2127-422b-91ae-364da2661108)
https://github.com/line/armeria/pull/5232(af854a3a-2127-422b-91ae-364da2661108)
https://github.com/linkerd/website/pull/1695/commits/4b9c6836471bc8270ab48aae6fd2181bc73fd632(af854a3a-2127-422b-91ae-364da2661108)
https://github.com/micrictor/http2-rst-stream(af854a3a-2127-422b-91ae-364da2661108)
https://github.com/microsoft/CBL-Mariner/pull/6381(af854a3a-2127-422b-91ae-364da2661108)
https://github.com/netty/netty/commit/58f75f665aa81a8cbcf6ffa74820042a285c5e61(af854a3a-2127-422b-91ae-364da2661108)
https://github.com/nghttp2/nghttp2/pull/1961(af854a3a-2127-422b-91ae-364da2661108)
https://github.com/nghttp2/nghttp2/releases/tag/v1.57.0(af854a3a-2127-422b-91ae-364da2661108)
https://github.com/ninenines/cowboy/issues/1615(af854a3a-2127-422b-91ae-364da2661108)
https://github.com/nodejs/node/pull/50121(af854a3a-2127-422b-91ae-364da2661108)
https://github.com/openresty/openresty/issues/930(af854a3a-2127-422b-91ae-364da2661108)
https://github.com/opensearch-project/data-prepper/issues/3474(af854a3a-2127-422b-91ae-364da2661108)
https://github.com/oqtane/oqtane.framework/discussions/3367(af854a3a-2127-422b-91ae-364da2661108)
https://github.com/projectcontour/contour/pull/5826(af854a3a-2127-422b-91ae-364da2661108)
https://github.com/tempesta-tech/tempesta/issues/1986(af854a3a-2127-422b-91ae-364da2661108)
https://github.com/varnishcache/varnish-cache/issues/3996(af854a3a-2127-422b-91ae-364da2661108)
https://groups.google.com/g/golang-announce/c/iNNxDTCjZvo(af854a3a-2127-422b-91ae-364da2661108)
https://istio.io/latest/news/security/istio-security-2023-004/(af854a3a-2127-422b-91ae-364da2661108)
https://linkerd.io/2023/10/12/linkerd-cve-2023-44487/(af854a3a-2127-422b-91ae-364da2661108)
https://lists.apache.org/thread/5py8h42mxfsn8l1wy6o41xwhsjlsd87q(af854a3a-2127-422b-91ae-364da2661108)
https://lists.debian.org/debian-lts-announce/2023/10/msg00020.html(af854a3a-2127-422b-91ae-364da2661108)
https://lists.debian.org/debian-lts-announce/2023/10/msg00023.html(af854a3a-2127-422b-91ae-364da2661108)
https://lists.debian.org/debian-lts-announce/2023/10/msg00024.html(af854a3a-2127-422b-91ae-364da2661108)
https://lists.debian.org/debian-lts-announce/2023/10/msg00045.html(af854a3a-2127-422b-91ae-364da2661108)
https://lists.debian.org/debian-lts-announce/2023/10/msg00047.html(af854a3a-2127-422b-91ae-364da2661108)
https://lists.debian.org/debian-lts-announce/2023/11/msg00001.html(af854a3a-2127-422b-91ae-364da2661108)
https://lists.debian.org/debian-lts-announce/2023/11/msg00012.html(af854a3a-2127-422b-91ae-364da2661108)
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2MBEPPC36UBVOZZNAXFHKLFGSLCMN5LI/(af854a3a-2127-422b-91ae-364da2661108)
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3N4NJ7FR4X4FPZUGNTQAPSTVB2HB2Y4A/(af854a3a-2127-422b-91ae-364da2661108)
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BFQD3KUEMFBHPAPBGLWQC34L4OWL5HAZ/(af854a3a-2127-422b-91ae-364da2661108)
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CLB4TW7KALB3EEQWNWCN7OUIWWVWWCG2/(af854a3a-2127-422b-91ae-364da2661108)
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/E72T67UPDRXHIDLO3OROR25YAMN4GGW5/(af854a3a-2127-422b-91ae-364da2661108)
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FNA62Q767CFAFHBCDKYNPBMZWB7TWYVU/(af854a3a-2127-422b-91ae-364da2661108)
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HT7T2R4MQKLIF4ODV4BDLPARWFPCJ5CZ/(af854a3a-2127-422b-91ae-364da2661108)
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JIZSEFC3YKCGABA2BZW6ZJRMDZJMB7PJ/(af854a3a-2127-422b-91ae-364da2661108)
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JMEXY22BFG5Q64HQCM5CK2Q7KDKVV4TY/(af854a3a-2127-422b-91ae-364da2661108)
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KSEGD2IWKNUO3DWY4KQGUQM5BISRWHQE/(af854a3a-2127-422b-91ae-364da2661108)
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LKYHSZQFDNR7RSA7LHVLLIAQMVYCUGBG/(af854a3a-2127-422b-91ae-364da2661108)
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LNMZJCDHGLJJLXO4OXWJMTVQRNWOC7UL/(af854a3a-2127-422b-91ae-364da2661108)
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VHUHTSXLXGXS7JYKBXTA3VINUPHTNGVU/(af854a3a-2127-422b-91ae-364da2661108)
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VSRDIV77HNKUSM7SJC5BKE5JSHLHU2NK/(af854a3a-2127-422b-91ae-364da2661108)
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WE2I52RHNNU42PX6NZ2RBUHSFFJ2LVZX/(af854a3a-2127-422b-91ae-364da2661108)
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WLPRQ5TWUQQXYWBJM7ECYDAIL2YVKIUH/(af854a3a-2127-422b-91ae-364da2661108)
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X6QXN4ORIVF6XBW4WWFE7VNPVC74S45Y/(af854a3a-2127-422b-91ae-364da2661108)
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XFOIBB4YFICHDM7IBOP7PWXW3FX4HLL2/(af854a3a-2127-422b-91ae-364da2661108)
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZB43REMKRQR62NJEI7I5NQ4FSXNLBKRT/(af854a3a-2127-422b-91ae-364da2661108)
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZKQSIKIAT5TJ3WSLU3RDBQ35YX4GY4V3/(af854a3a-2127-422b-91ae-364da2661108)
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZLU6U2R2IC2K64NDPNMV55AUAO65MAF4/(af854a3a-2127-422b-91ae-364da2661108)
https://lists.w3.org/Archives/Public/ietf-http-wg/2023OctDec/0025.html(af854a3a-2127-422b-91ae-364da2661108)
https://mailman.nginx.org/pipermail/nginx-devel/2023-October/S36Q5HBXR7CAIMPLLPRSSSYR4PCMWILK.html(af854a3a-2127-422b-91ae-364da2661108)
https://martinthomson.github.io/h2-stream-limits/draft-thomson-httpbis-h2-stream-limits.html(af854a3a-2127-422b-91ae-364da2661108)
https://msrc.microsoft.com/blog/2023/10/microsoft-response-to-distributed-denial-of-service-ddos-attacks-against-http/2/(af854a3a-2127-422b-91ae-364da2661108)
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-44487(af854a3a-2127-422b-91ae-364da2661108)
https://my.f5.com/manage/s/article/K000137106(af854a3a-2127-422b-91ae-364da2661108)
https://netty.io/news/2023/10/10/4-1-100-Final.html(af854a3a-2127-422b-91ae-364da2661108)
https://news.ycombinator.com/item?id=37830987(af854a3a-2127-422b-91ae-364da2661108)
https://news.ycombinator.com/item?id=37830998(af854a3a-2127-422b-91ae-364da2661108)
https://news.ycombinator.com/item?id=37831062(af854a3a-2127-422b-91ae-364da2661108)
https://news.ycombinator.com/item?id=37837043(af854a3a-2127-422b-91ae-364da2661108)
https://openssf.org/blog/2023/10/10/http-2-rapid-reset-vulnerability-highlights-need-for-rapid-response/(af854a3a-2127-422b-91ae-364da2661108)
https://seanmonstar.com/post/730794151136935936/hyper-http2-rapid-reset-unaffected(af854a3a-2127-422b-91ae-364da2661108)
https://security.gentoo.org/glsa/202311-09(af854a3a-2127-422b-91ae-364da2661108)
https://security.netapp.com/advisory/ntap-20231016-0001/(af854a3a-2127-422b-91ae-364da2661108)
https://security.netapp.com/advisory/ntap-20240426-0007/(af854a3a-2127-422b-91ae-364da2661108)
https://security.netapp.com/advisory/ntap-20240621-0006/(af854a3a-2127-422b-91ae-364da2661108)
https://security.netapp.com/advisory/ntap-20240621-0007/(af854a3a-2127-422b-91ae-364da2661108)
https://security.paloaltonetworks.com/CVE-2023-44487(af854a3a-2127-422b-91ae-364da2661108)
https://tomcat.apache.org/security-10.html#Fixed_in_Apache_Tomcat_10.1.14(af854a3a-2127-422b-91ae-364da2661108)
https://ubuntu.com/security/CVE-2023-44487(af854a3a-2127-422b-91ae-364da2661108)
https://www.bleepingcomputer.com/news/security/new-http-2-rapid-reset-zero-day-attack-breaks-ddos-records/(af854a3a-2127-422b-91ae-364da2661108)
https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487(af854a3a-2127-422b-91ae-364da2661108)
https://www.darkreading.com/cloud/internet-wide-zero-day-bug-fuels-largest-ever-ddos-event(af854a3a-2127-422b-91ae-364da2661108)
https://www.debian.org/security/2023/dsa-5521(af854a3a-2127-422b-91ae-364da2661108)
https://www.debian.org/security/2023/dsa-5522(af854a3a-2127-422b-91ae-364da2661108)
https://www.debian.org/security/2023/dsa-5540(af854a3a-2127-422b-91ae-364da2661108)
https://www.debian.org/security/2023/dsa-5549(af854a3a-2127-422b-91ae-364da2661108)
https://www.debian.org/security/2023/dsa-5558(af854a3a-2127-422b-91ae-364da2661108)
https://www.debian.org/security/2023/dsa-5570(af854a3a-2127-422b-91ae-364da2661108)
https://www.haproxy.com/blog/haproxy-is-not-affected-by-the-http-2-rapid-reset-attack-cve-2023-44487(af854a3a-2127-422b-91ae-364da2661108)
https://www.netlify.com/blog/netlify-successfully-mitigates-cve-2023-44487/(af854a3a-2127-422b-91ae-364da2661108)
https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/(af854a3a-2127-422b-91ae-364da2661108)
https://www.openwall.com/lists/oss-security/2023/10/10/6(af854a3a-2127-422b-91ae-364da2661108)
https://www.phoronix.com/news/HTTP2-Rapid-Reset-Attack(af854a3a-2127-422b-91ae-364da2661108)
https://www.theregister.com/2023/10/10/http2_rapid_reset_zeroday/(af854a3a-2127-422b-91ae-364da2661108)
https://www.vicarius.io/vsociety/posts/rapid-reset-cve-2023-44487-dos-in-http2-understanding-the-root-cause(af854a3a-2127-422b-91ae-364da2661108)
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-44487(134c704f-9b21-4f2e-91b3-4a467353bcc0)
Correlations IOC
Aucune correlation enregistree
This product uses data from the NVD API but is not endorsed or certified by the NVD.