CVE-2023-44487

HIGH CISA KEV EPSS 100.0%
Published Oct 10, 20232y ago · Modified Jun 17, 20261w ago
7.5 CVSS 3.1
High
Find Similar
Published Oct 10, 2023 2y ago
Last Modified Jun 17, 2026 1w ago
KEV Listed Oct 10, 2023 2y ago
KEV Due Oct 31, 2023 973d overdue

Description

The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.

CVSS Details

Base Score
7.5
Exploitability
3.9
Impact
3.6
Vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Attack Vector Network
Attack Complexity Low
Privileges Required None
User Interaction None
Scope Unchanged
Confidentiality None
Integrity None
Availability High

Threat Intelligence

CISA Known Exploited Overdue 973d
Added
Oct 10, 2023
Due
Oct 31, 2023

Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

EPSS Exploit Probability
100.0% percentile
Exploit & Patch Status
Actively Exploited (KEV)
Patch Available

Weaknesses 1

CWE-400 Uncontrolled Resource Consumption Resource Mgmt

Affected Products 464

VendorProductVersionRange
siemenssimatic_s7-1500_cpu_1518f-4_pn\/dp_mfp_firmware*≥3.1.5
siemenssimatic_s7-1500_cpu_1518f-4_pn\/dp_mfp*any
siemenssinec_ins* <1.0
siemenssinec_ins1.0any
siemenssinec_ins1.0any
siemenssinec_ins1.0any
siemenssinec_ins1.0any
siemenssinec_ins1.0any
siemenssinec_nms* <3.0
siemensst7_scadaconnect* <1.1
siemensruggedcom_ape1808_firmware*any
siemensruggedcom_ape1808*any
siemenssimatic_s7-1500_cpu_1518-4_pn\/dp_mfp_firmware*≥3.1.5
siemenssimatic_s7-1500_cpu_1518-4_pn\/dp*any
siemenssiplus_s7-1500_cpu_1518-4_pn\/dp_mfp_firmware*≥3.1.5
siemenssiplus_s7-1500_cpu_1518-4_pn\/dp_mfp*any
ietfhttp2.0any
nghttp2nghttp2* <1.57.0
nettynetty* <4.1.100
envoyproxyenvoy1.24.10any
envoyproxyenvoy1.25.9any
envoyproxyenvoy1.26.4any
envoyproxyenvoy1.27.0any
eclipsejetty* <9.4.53
eclipsejetty*≥10.0.0  –  <10.0.17
eclipsejetty*≥11.0.0  –  <11.0.17
eclipsejetty*≥12.0.0  –  <12.0.2
caddyservercaddy* <2.7.5
golanggo* <1.20.10
golanggo*≥1.21.0  –  <1.21.3
golanghttp2* <0.17.0
golangnetworking* <0.17.0
f5big-ip_access_policy_manager*≥13.1.0  –  ≤13.1.5
f5big-ip_access_policy_manager*≥14.1.0  –  ≤14.1.5
f5big-ip_access_policy_manager*≥15.1.0  –  ≤15.1.10
f5big-ip_access_policy_manager*≥16.1.0  –  ≤16.1.4
f5big-ip_access_policy_manager17.1.0any
f5big-ip_advanced_firewall_manager*≥13.1.0  –  ≤13.1.5
f5big-ip_advanced_firewall_manager*≥14.1.0  –  ≤14.1.5
f5big-ip_advanced_firewall_manager*≥15.1.0  –  ≤15.1.10
f5big-ip_advanced_firewall_manager*≥16.1.0  –  ≤16.1.4
f5big-ip_advanced_firewall_manager17.1.0any
f5big-ip_advanced_web_application_firewall*≥13.1.0  –  ≤13.1.5
f5big-ip_advanced_web_application_firewall*≥14.1.0  –  ≤14.1.5
f5big-ip_advanced_web_application_firewall*≥15.1.0  –  ≤15.1.10
f5big-ip_advanced_web_application_firewall*≥16.1.0  –  ≤16.1.4
f5big-ip_advanced_web_application_firewall17.1.0any
f5big-ip_analytics*≥13.1.0  –  ≤13.1.5
f5big-ip_analytics*≥14.1.0  –  ≤14.1.5
f5big-ip_analytics*≥15.1.0  –  ≤15.1.10
f5big-ip_analytics*≥16.1.0  –  ≤16.1.4
f5big-ip_analytics17.1.0any
f5big-ip_application_acceleration_manager*≥13.1.0  –  ≤13.1.5
f5big-ip_application_acceleration_manager*≥14.1.0  –  ≤14.1.5
f5big-ip_application_acceleration_manager*≥15.1.0  –  ≤15.1.10
f5big-ip_application_acceleration_manager*≥16.1.0  –  ≤16.1.4
f5big-ip_application_acceleration_manager17.1.0any
f5big-ip_application_security_manager*≥13.1.0  –  ≤13.1.5
f5big-ip_application_security_manager*≥14.1.0  –  ≤14.1.5
f5big-ip_application_security_manager*≥15.1.0  –  ≤15.1.10
f5big-ip_application_security_manager*≥16.1.0  –  ≤16.1.4
f5big-ip_application_security_manager17.1.0any
f5big-ip_application_visibility_and_reporting*≥13.1.0  –  ≤13.1.5
f5big-ip_application_visibility_and_reporting*≥14.1.0  –  ≤14.1.5
f5big-ip_application_visibility_and_reporting*≥15.1.0  –  ≤15.1.10
f5big-ip_application_visibility_and_reporting*≥16.1.0  –  ≤16.1.4
f5big-ip_application_visibility_and_reporting17.1.0any
f5big-ip_carrier-grade_nat*≥13.1.0  –  ≤13.1.5
f5big-ip_carrier-grade_nat*≥14.1.0  –  ≤14.1.5
f5big-ip_carrier-grade_nat*≥15.1.0  –  ≤15.1.10
f5big-ip_carrier-grade_nat*≥16.1.0  –  ≤16.1.4
f5big-ip_carrier-grade_nat17.1.0any
f5big-ip_ddos_hybrid_defender*≥13.1.0  –  ≤13.1.5
f5big-ip_ddos_hybrid_defender*≥14.1.0  –  ≤14.1.5
f5big-ip_ddos_hybrid_defender*≥15.1.0  –  ≤15.1.10
f5big-ip_ddos_hybrid_defender*≥16.1.0  –  ≤16.1.4
f5big-ip_ddos_hybrid_defender17.1.0any
f5big-ip_domain_name_system*≥13.1.0  –  ≤13.1.5
f5big-ip_domain_name_system*≥14.1.0  –  ≤14.1.5
f5big-ip_domain_name_system*≥15.1.0  –  ≤15.1.10
f5big-ip_domain_name_system*≥16.1.0  –  ≤16.1.4
f5big-ip_domain_name_system17.1.0any
f5big-ip_fraud_protection_service*≥13.1.0  –  ≤13.1.5
f5big-ip_fraud_protection_service*≥14.1.0  –  ≤14.1.5
f5big-ip_fraud_protection_service*≥15.1.0  –  ≤15.1.10
f5big-ip_fraud_protection_service*≥16.1.0  –  ≤16.1.4
f5big-ip_fraud_protection_service17.1.0any
f5big-ip_global_traffic_manager*≥13.1.0  –  ≤13.1.5
f5big-ip_global_traffic_manager*≥14.1.0  –  ≤14.1.5
f5big-ip_global_traffic_manager*≥15.1.0  –  ≤15.1.10
f5big-ip_global_traffic_manager*≥16.1.0  –  ≤16.1.4
f5big-ip_global_traffic_manager17.1.0any
f5big-ip_link_controller*≥13.1.0  –  ≤13.1.5
f5big-ip_link_controller*≥14.1.0  –  ≤14.1.5
f5big-ip_link_controller*≥15.1.0  –  ≤15.1.10
f5big-ip_link_controller*≥16.1.0  –  ≤16.1.4
f5big-ip_link_controller17.1.0any
f5big-ip_local_traffic_manager*≥13.1.0  –  ≤13.1.5
f5big-ip_local_traffic_manager*≥14.1.0  –  ≤14.1.5
f5big-ip_local_traffic_manager*≥15.1.0  –  ≤15.1.10
f5big-ip_local_traffic_manager*≥16.1.0  –  ≤16.1.4
f5big-ip_local_traffic_manager17.1.0any
f5big-ip_next20.0.1any
f5big-ip_next_service_proxy_for_kubernetes*≥1.5.0  –  ≤1.8.2
f5big-ip_policy_enforcement_manager*≥13.1.0  –  ≤13.1.5
f5big-ip_policy_enforcement_manager*≥14.1.0  –  ≤14.1.5
f5big-ip_policy_enforcement_manager*≥15.1.0  –  ≤15.1.10
f5big-ip_policy_enforcement_manager*≥16.1.0  –  ≤16.1.4
f5big-ip_policy_enforcement_manager17.1.0any
f5big-ip_ssl_orchestrator*≥13.1.0  –  ≤13.1.5
f5big-ip_ssl_orchestrator*≥14.1.0  –  ≤14.1.5
f5big-ip_ssl_orchestrator*≥15.1.0  –  ≤15.1.10
f5big-ip_ssl_orchestrator*≥16.1.0  –  ≤16.1.4
f5big-ip_ssl_orchestrator17.1.0any
f5big-ip_webaccelerator*≥13.1.0  –  ≤13.1.5
f5big-ip_webaccelerator*≥14.1.0  –  ≤14.1.5
f5big-ip_webaccelerator*≥15.1.0  –  ≤15.1.10
f5big-ip_webaccelerator*≥16.1.0  –  ≤16.1.4
f5big-ip_webaccelerator17.1.0any
f5big-ip_websafe*≥13.1.0  –  ≤13.1.5
f5big-ip_websafe*≥14.1.0  –  ≤14.1.5
f5big-ip_websafe*≥15.1.0  –  ≤15.1.10
f5big-ip_websafe*≥16.1.0  –  ≤16.1.4
f5big-ip_websafe17.1.0any
f5nginx*≥1.9.5  –  ≤1.25.2
f5nginx_ingress_controller*≥2.0.0  –  ≤2.4.2
f5nginx_ingress_controller*≥3.0.0  –  ≤3.3.0
f5nginx_plus*≥r25  –  <r29
f5nginx_plusr29any
f5nginx_plusr30any
apachetomcat*≥8.5.0  –  ≤8.5.93
apachetomcat*≥9.0.0  –  ≤9.0.80
apachetomcat*≥10.1.0  –  ≤10.1.13
apachetomcat11.0.0any
apachetomcat11.0.0any
apachetomcat11.0.0any
apachetomcat11.0.0any
apachetomcat11.0.0any
apachetomcat11.0.0any
apachetomcat11.0.0any
apachetomcat11.0.0any
apachetomcat11.0.0any
apachetomcat11.0.0any
apachetomcat11.0.0any
appleswiftnio_http\/2* <1.28.0
grpcgrpc* <1.56.3
grpcgrpc* ≤1.59.2
grpcgrpc*≥1.58.0  –  <1.58.3
grpcgrpc1.57.0any
microsoft.net*≥6.0.0  –  <6.0.23
microsoft.net*≥7.0.0  –  <7.0.12
microsoftasp.net_core*≥6.0.0  –  <6.0.23
microsoftasp.net_core*≥7.0.0  –  <7.0.12
microsoftazure_kubernetes_service* <2023-10-08
microsoftvisual_studio_2022*≥17.0  –  <17.2.20
microsoftvisual_studio_2022*≥17.4  –  <17.4.12
microsoftvisual_studio_2022*≥17.6  –  <17.6.8
microsoftvisual_studio_2022*≥17.7  –  <17.7.5
microsoftwindows_10_1607* <10.0.14393.6351
microsoftwindows_10_1607* <10.0.14393.6351
microsoftwindows_10_1809* <10.0.17763.4974
microsoftwindows_10_21h2* <10.0.19044.3570
microsoftwindows_10_22h2* <10.0.19045.3570
microsoftwindows_11_21h2* <10.0.22000.2538
microsoftwindows_11_22h2* <10.0.22621.2428
microsoftwindows_server_2016*any
microsoftwindows_server_2019*any
microsoftwindows_server_2022*any
nodejsnode.js*≥18.0.0  –  <18.18.2
nodejsnode.js*≥20.0.0  –  <20.8.1
microsoftcbl-mariner* <2023-10-11
denah2o* <2023-10-10
facebookproxygen* <2023.10.16.00
apacheapisix* <3.6.1
apachetraffic_server*≥8.0.0  –  <8.1.9
apachetraffic_server*≥9.0.0  –  <9.2.3
amazonopensearch_data_prepper* <2.5.0
debiandebian_linux10.0any
debiandebian_linux11.0any
debiandebian_linux12.0any
kazu-yamamotohttp2* <4.2.2
istioistio* <1.17.6
istioistio*≥1.18.0  –  <1.18.3
istioistio*≥1.19.0  –  <1.19.1
varnish_cache_projectvarnish_cache* <2023-10-10
traefiktraefik* <2.10.5
traefiktraefik3.0.0any
traefiktraefik3.0.0any
traefiktraefik3.0.0any
projectcontourcontour* <2023-10-11
linkerdlinkerd*≥2.12.0  –  ≤2.12.5
linkerdlinkerd2.13.0any
linkerdlinkerd2.13.1any
linkerdlinkerd2.14.0any
linkerdlinkerd2.14.1any
linecorparmeria* <1.26.0
redhat3scale_api_management_platform2.0any
redhatadvanced_cluster_management_for_kubernetes2.0any
redhatadvanced_cluster_security3.0any
redhatadvanced_cluster_security4.0any
redhatansible_automation_platform2.0any
redhatbuild_of_optaplanner8.0any
redhatbuild_of_quarkus*any
redhatceph_storage5.0any
redhatcert-manager_operator_for_red_hat_openshift*any
redhatcertification_for_red_hat_enterprise_linux8.0any
redhatcertification_for_red_hat_enterprise_linux9.0any
redhatcost_management*any
redhatcryostat2.0any
redhatdecision_manager7.0any
redhatfence_agents_remediation_operator*any
redhatintegration_camel_for_spring_boot*any
redhatintegration_camel_k*any
redhatintegration_service_registry*any
redhatjboss_a-mq7any
redhatjboss_a-mq_streams*any
redhatjboss_core_services*any
redhatjboss_data_grid7.0.0any
redhatjboss_enterprise_application_platform6.0.0any
redhatjboss_enterprise_application_platform7.0.0any
redhatjboss_fuse6.0.0any
redhatjboss_fuse7.0.0any
redhatlogging_subsystem_for_red_hat_openshift*any
redhatmachine_deletion_remediation_operator*any
redhatmigration_toolkit_for_applications6.0any
redhatmigration_toolkit_for_containers*any
redhatmigration_toolkit_for_virtualization*any
redhatnetwork_observability_operator*any
redhatnode_healthcheck_operator*any
redhatnode_maintenance_operator*any
redhatopenshift*any
redhatopenshift_api_for_data_protection*any
redhatopenshift_container_platform4.0any
redhatopenshift_container_platform_assisted_installer*any
redhatopenshift_data_science*any
redhatopenshift_dev_spaces*any
redhatopenshift_developer_tools_and_services*any
redhatopenshift_distributed_tracing*any
redhatopenshift_gitops*any
redhatopenshift_pipelines*any
redhatopenshift_sandboxed_containers*any
redhatopenshift_secondary_scheduler_operator*any
redhatopenshift_serverless*any
redhatopenshift_service_mesh2.0any
redhatopenshift_virtualization4any
redhatopenstack_platform16.1any
redhatopenstack_platform16.2any
redhatopenstack_platform17.1any
redhatprocess_automation7.0any
redhatquay3.0.0any
redhatrun_once_duration_override_operator*any
redhatsatellite6.0any
redhatself_node_remediation_operator*any
redhatservice_interconnect1.0any
redhatsingle_sign-on7.0any
redhatsupport_for_spring_boot*any
redhatweb_terminal*any
redhatenterprise_linux6.0any
redhatenterprise_linux8.0any
redhatenterprise_linux9.0any
redhatservice_telemetry_framework1.5any
redhatenterprise_linux8.0any
fedoraprojectfedora37any
fedoraprojectfedora38any
netappastra_control_center*any
netapponcommand_insight*any
akkahttp_server* <10.5.3
konghqkong_gateway* <3.4.2
jenkinsjenkins* ≤2.414.2
jenkinsjenkins* ≤2.427
apachesolr* <9.4.0
openrestyopenresty* <1.21.4.3
ciscobusiness_process_automation* <3.2.003.009
ciscoconnected_mobile_experiences* <11.1
ciscocrosswork_data_gateway* <4.1.3
ciscocrosswork_data_gateway*≥5.0.0  –  <5.0.2
ciscocrosswork_situation_manager*any
ciscocrosswork_zero_touch_provisioning* <6.0.0
ciscodata_center_network_manager*any
ciscoenterprise_chat_and_email*any
ciscoexpressway* <x14.3.3
ciscofirepower_threat_defense* <7.4.2
ciscoiot_field_network_director* <4.11.0
ciscoprime_access_registrar* <9.3.3
ciscoprime_cable_provisioning* <7.2.1
ciscoprime_infrastructure* <3.10.4
ciscoprime_network_registrar* <11.2
ciscosecure_dynamic_attributes_connector* <2.2.0
ciscosecure_malware_analytics* <2.19.2
ciscotelepresence_video_communication_server* <x14.3.3
ciscoultra_cloud_core_-_policy_control_function* <2024.01.0
ciscoultra_cloud_core_-_policy_control_function2024.01.0any
ciscoultra_cloud_core_-_serving_gateway_function* <2024.02.0
ciscoultra_cloud_core_-_session_management_function* <2024.02.0
ciscounified_attendant_console_advanced*any
ciscounified_contact_center_domain_manager*any
ciscounified_contact_center_enterprise*any
ciscounified_contact_center_enterprise_-_live_data_server* <12.6.2
ciscounified_contact_center_management_portal*any
ciscofog_director* <1.22
ciscoios_xe* <17.15.1
ciscoios_xr* <7.11.2
ciscosecure_web_appliance_firmware* <15.1.0
ciscosecure_web_appliance*any
cisconx-os* <10.2\(7\)
cisconx-os*≥10.3\(1\)  –  <10.3\(5\)
cisconx-os*≥10.4\(1\)  –  <10.4\(2\)
cisconexus_3016*any
cisconexus_3016q*any
cisconexus_3048*any
cisconexus_3064*any
cisconexus_3064-32t*any
cisconexus_3064-t*any
cisconexus_3064-x*any
cisconexus_3064t*any
cisconexus_3064x*any
cisconexus_3100*any
cisconexus_3100-v*any
cisconexus_3100-z*any
cisconexus_3100v*any
cisconexus_31108pc-v*any
cisconexus_31108pv-v*any
cisconexus_31108tc-v*any
cisconexus_31128pq*any
cisconexus_3132c-z*any
cisconexus_3132q*any
cisconexus_3132q-v*any
cisconexus_3132q-x*any
cisconexus_3132q-x\/3132q-xl*any
cisconexus_3132q-xl*any
cisconexus_3164q*any
cisconexus_3172*any
cisconexus_3172pq*any
cisconexus_3172pq-xl*any
cisconexus_3172pq\/pq-xl*any
cisconexus_3172tq*any
cisconexus_3172tq-32t*any
cisconexus_3172tq-xl*any
cisconexus_3200*any
cisconexus_3232*any
cisconexus_3232c*any
cisconexus_3232c_*any
cisconexus_3264c-e*any
cisconexus_3264q*any
cisconexus_3400*any
cisconexus_3408-s*any
cisconexus_34180yc*any
cisconexus_34200yc-sm*any
cisconexus_3432d-s*any
cisconexus_3464c*any
cisconexus_3500*any
cisconexus_3524*any
cisconexus_3524-x*any
cisconexus_3524-x\/xl*any
cisconexus_3524-xl*any
cisconexus_3548*any
cisconexus_3548-x*any
cisconexus_3548-x\/xl*any
cisconexus_3548-xl*any
cisconexus_3600*any
cisconexus_36180yc-r*any
cisconexus_3636c-r*any
cisconx-os* <10.2\(7\)
cisconx-os*≥10.3\(1\)  –  <10.3\(5\)
cisconx-os*≥10.4\(1\)  –  <10.4\(2\)
cisconexus_9000v*any
cisconexus_9200*any
cisconexus_9200yc*any
cisconexus_92160yc-x*any
cisconexus_92160yc_switch*any
cisconexus_9221c*any
cisconexus_92300yc*any
cisconexus_92300yc_switch*any
cisconexus_92304qc*any
cisconexus_92304qc_switch*any
cisconexus_9232e*any
cisconexus_92348gc-x*any
cisconexus_9236c*any
cisconexus_9236c_switch*any
cisconexus_9272q*any
cisconexus_9272q_switch*any
cisconexus_9300*any
cisconexus_93108tc-ex*any
cisconexus_93108tc-ex-24*any
cisconexus_93108tc-ex_switch*any
cisconexus_93108tc-fx*any
cisconexus_93108tc-fx-24*any
cisconexus_93108tc-fx3h*any
cisconexus_93108tc-fx3p*any
cisconexus_93120tx*any
cisconexus_93120tx_switch*any
cisconexus_93128*any
cisconexus_93128tx*any
cisconexus_93128tx_switch*any
cisconexus_9316d-gx*any
cisconexus_93180lc-ex*any
cisconexus_93180lc-ex_switch*any
cisconexus_93180tc-ex*any
cisconexus_93180yc-ex*any
cisconexus_93180yc-ex-24*any
cisconexus_93180yc-ex_switch*any
cisconexus_93180yc-fx*any
cisconexus_93180yc-fx-24*any
cisconexus_93180yc-fx3*any
cisconexus_93180yc-fx3h*any
cisconexus_93180yc-fx3s*any
cisconexus_93216tc-fx2*any
cisconexus_93240tc-fx2*any
cisconexus_93240yc-fx2*any
cisconexus_9332c*any
cisconexus_9332d-gx2b*any
cisconexus_9332d-h2r*any
cisconexus_9332pq*any
cisconexus_9332pq_switch*any
cisconexus_93360yc-fx2*any
cisconexus_9336c-fx2*any
cisconexus_9336c-fx2-e*any
cisconexus_9336pq*any
cisconexus_9336pq_aci*any
cisconexus_9336pq_aci_spine*any
cisconexus_9336pq_aci_spine_switch*any
cisconexus_9348d-gx2a*any
cisconexus_9348gc-fx3*any
cisconexus_9348gc-fxp*any
cisconexus_93600cd-gx*any
cisconexus_9364c*any
cisconexus_9364c-gx*any
cisconexus_9364d-gx2a*any
cisconexus_9372px*any
cisconexus_9372px-e*any
cisconexus_9372px-e_switch*any
cisconexus_9372px_switch*any
cisconexus_9372tx*any
cisconexus_9372tx-e*any
cisconexus_9372tx-e_switch*any
cisconexus_9372tx_switch*any
cisconexus_9396px*any
cisconexus_9396px_switch*any
cisconexus_9396tx*any
cisconexus_9396tx_switch*any
cisconexus_9408*any
cisconexus_9432pq*any
cisconexus_9500*any
cisconexus_9500_16-slot*any
cisconexus_9500_4-slot*any
cisconexus_9500_8-slot*any
cisconexus_9500_supervisor_a*any
cisconexus_9500_supervisor_a\+*any
cisconexus_9500_supervisor_b*any
cisconexus_9500_supervisor_b\+*any
cisconexus_9500r*any
cisconexus_9504*any
cisconexus_9504_switch*any
cisconexus_9508*any
cisconexus_9508_switch*any
cisconexus_9516*any
cisconexus_9516_switch*any
cisconexus_9536pq*any
cisconexus_9636pq*any
cisconexus_9716d-gx*any
cisconexus_9736pq*any
cisconexus_9800*any
cisconexus_9804*any
cisconexus_9808*any

References 173

  • openwall.com http://www.openwall.com/lists/oss-security/2023/10/10/6
    Mailing ListThird Party Advisory
  • openwall.com http://www.openwall.com/lists/oss-security/2023/10/10/7
    Mailing ListThird Party Advisory
  • openwall.com http://www.openwall.com/lists/oss-security/2023/10/13/4
    Mailing ListThird Party Advisory
  • openwall.com http://www.openwall.com/lists/oss-security/2023/10/13/9
    Mailing ListThird Party Advisory
  • openwall.com http://www.openwall.com/lists/oss-security/2023/10/18/4
    Mailing ListThird Party Advisory
  • openwall.com http://www.openwall.com/lists/oss-security/2023/10/18/8
    Mailing ListThird Party Advisory
  • openwall.com http://www.openwall.com/lists/oss-security/2023/10/19/6
    Mailing ListThird Party Advisory
  • openwall.com http://www.openwall.com/lists/oss-security/2023/10/20/8
    Mailing ListThird Party Advisory
  • openwall.com http://www.openwall.com/lists/oss-security/2025/08/13/6
    Third Party Advisory
  • access.redhat.com https://access.redhat.com/security/cve/cve-2023-44487
    Vendor Advisory
  • arstechnica.com https://arstechnica.com/security/2023/10/how-ddosers-used-the-http-2-protocol-to-deliver-attacks-of-unprecedented-size/
    Press/Media CoverageThird Party Advisory
  • aws.amazon.com https://aws.amazon.com/security/security-bulletins/AWS-2023-011/
    Third Party Advisory
  • blog.cloudflare.com https://blog.cloudflare.com/technical-breakdown-http2-rapid-reset-ddos-attack/
    Technical DescriptionVendor Advisory
  • blog.cloudflare.com https://blog.cloudflare.com/zero-day-rapid-reset-http2-record-breaking-ddos-attack/
    Third Party AdvisoryVendor Advisory
  • blog.litespeedtech.com https://blog.litespeedtech.com/2023/10/11/rapid-reset-http-2-vulnerablilty/
    Vendor Advisory
  • blog.qualys.com https://blog.qualys.com/vulnerabilities-threat-research/2023/10/10/cve-2023-44487-http-2-rapid-reset-attack
    Press/Media CoverageThird Party Advisory
  • blog.vespa.ai https://blog.vespa.ai/cve-2023-44487/
    Vendor Advisory
  • bugzilla.proxmox.com https://bugzilla.proxmox.com/show_bug.cgi?id=4988
    Issue TrackingThird Party Advisory
  • bugzilla.redhat.com https://bugzilla.redhat.com/show_bug.cgi?id=2242803
    Issue TrackingVendor Advisory
  • bugzilla.suse.com https://bugzilla.suse.com/show_bug.cgi?id=1216123
    Issue TrackingVendor Advisory
  • cert-portal.siemens.com https://cert-portal.siemens.com/productcert/html/ssa-082556.html
    Third Party Advisory
  • cert-portal.siemens.com https://cert-portal.siemens.com/productcert/html/ssa-341067.html
    Third Party Advisory
  • cert-portal.siemens.com https://cert-portal.siemens.com/productcert/html/ssa-784301.html
    Third Party Advisory
  • cert-portal.siemens.com https://cert-portal.siemens.com/productcert/html/ssa-832273.html
    Third Party Advisory
  • cert-portal.siemens.com https://cert-portal.siemens.com/productcert/html/ssa-915275.html
    Third Party Advisory
  • cgit.freebsd.org https://cgit.freebsd.org/ports/commit/?id=c64c329c2c1752f46b73e3e6ce9f4329be6629f9
    Mailing ListPatchVendor Advisory
  • cloud.google.com https://cloud.google.com/blog/products/identity-security/google-cloud-mitigated-largest-ddos-attack-peaking-above-398-million-rps/
    Technical DescriptionVendor Advisory
  • cloud.google.com https://cloud.google.com/blog/products/identity-security/how-it-works-the-novel-http2-rapid-reset-ddos-attack
    Technical DescriptionVendor Advisory
  • community.traefik.io https://community.traefik.io/t/is-traefik-vulnerable-to-cve-2023-44487/20125
    Vendor Advisory
  • discuss.hashicorp.com https://discuss.hashicorp.com/t/hcsec-2023-32-vault-consul-and-boundary-affected-by-http-2-rapid-reset-denial-of-service-vulnerability-cve-2023-44487/59715
    Third Party Advisory
  • edg.io https://edg.io/lp/blog/resets-leaks-ddos-and-the-tale-of-a-hidden-cve
    Broken Link
  • forums.swift.org https://forums.swift.org/t/swift-nio-http2-security-update-cve-2023-44487-http-2-dos/67764
    Vendor Advisory
  • gist.github.com https://gist.github.com/adulau/7c2bfb8e9cdbe4b35a5e131c66a0c088
    Issue TrackingPatch
  • github.com https://github.com/Azure/AKS/issues/3947
    Issue Tracking
  • github.com https://github.com/Kong/kong/discussions/11741
    Issue Tracking
  • github.com https://github.com/advisories/GHSA-qppj-fm5r-hxr3
    Vendor Advisory
  • github.com https://github.com/advisories/GHSA-vx74-f528-fxqg
    MitigationPatchVendor Advisory
  • github.com https://github.com/advisories/GHSA-xpw8-rcwv-8f8p
    PatchVendor Advisory
  • github.com https://github.com/akka/akka-http/issues/4323
    Issue Tracking
  • github.com https://github.com/alibaba/tengine/issues/1872
    Issue Tracking
  • github.com https://github.com/apache/apisix/issues/10320
    Issue Tracking
  • github.com https://github.com/apache/httpd-site/pull/10
    Issue Tracking
  • github.com https://github.com/apache/httpd/blob/afcdbeebbff4b0c50ea26cdd16e178c0d1f24152/modules/http2/h2_mplx.c#L1101-L1113
    Product
  • github.com https://github.com/apache/tomcat/tree/main/java/org/apache/coyote/http2
    ProductThird Party Advisory
  • github.com https://github.com/apache/trafficserver/pull/10564
    Issue TrackingPatch
  • github.com https://github.com/arkrwn/PoC/tree/main/CVE-2023-44487
    Vendor Advisory
  • github.com https://github.com/bcdannyboy/CVE-2023-44487
    Third Party Advisory
  • github.com https://github.com/caddyserver/caddy/issues/5877
    Issue TrackingVendor Advisory
  • github.com https://github.com/caddyserver/caddy/releases/tag/v2.7.5
    Release NotesThird Party Advisory
  • github.com https://github.com/dotnet/announcements/issues/277
    Issue TrackingMitigationVendor Advisory
  • github.com https://github.com/dotnet/core/blob/e4613450ea0da7fd2fc6b61dfb2c1c1dec1ce9ec/release-notes/6.0/6.0.23/6.0.23.md?plain=1#L73
    ProductRelease Notes
  • github.com https://github.com/eclipse/jetty.project/issues/10679
    Issue Tracking
  • github.com https://github.com/envoyproxy/envoy/pull/30055
    Issue TrackingPatch
  • github.com https://github.com/etcd-io/etcd/issues/16740
    Issue TrackingPatch
  • github.com https://github.com/facebook/proxygen/pull/466
    Issue TrackingPatch
  • github.com https://github.com/golang/go/issues/63417
    Issue Tracking
  • github.com https://github.com/grpc/grpc-go/pull/6703
    Issue TrackingPatch
  • github.com https://github.com/grpc/grpc/releases/tag/v1.59.2
    Mailing List
  • github.com https://github.com/h2o/h2o/pull/3291
    Issue TrackingPatch
  • github.com https://github.com/h2o/h2o/security/advisories/GHSA-2m7v-gc89-fjqf
    Vendor Advisory
  • github.com https://github.com/haproxy/haproxy/issues/2312
    Issue Tracking
  • github.com https://github.com/icing/mod_h2/blob/0a864782af0a942aa2ad4ed960a6b32cd35bcf0a/mod_http2/README.md?plain=1#L239-L244
    Product
  • github.com https://github.com/junkurihara/rust-rpxy/issues/97
    Issue Tracking
  • github.com https://github.com/kazu-yamamoto/http2/commit/f61d41a502bd0f60eb24e1ce14edc7b6df6722a1
    Patch
  • github.com https://github.com/kazu-yamamoto/http2/issues/93
    Issue Tracking
  • github.com https://github.com/kubernetes/kubernetes/pull/121120
    Issue TrackingPatch
  • github.com https://github.com/line/armeria/pull/5232
    Issue TrackingPatch
  • github.com https://github.com/linkerd/website/pull/1695/commits/4b9c6836471bc8270ab48aae6fd2181bc73fd632
    Patch
  • github.com https://github.com/micrictor/http2-rst-stream
    ExploitThird Party Advisory
  • github.com https://github.com/microsoft/CBL-Mariner/pull/6381
    Issue TrackingPatch
  • github.com https://github.com/netty/netty/commit/58f75f665aa81a8cbcf6ffa74820042a285c5e61
    Patch
  • github.com https://github.com/nghttp2/nghttp2/pull/1961
    Issue TrackingPatch
  • github.com https://github.com/nghttp2/nghttp2/releases/tag/v1.57.0
    Release Notes
  • github.com https://github.com/ninenines/cowboy/issues/1615
    Issue Tracking
  • github.com https://github.com/nodejs/node/pull/50121
    Issue Tracking
  • github.com https://github.com/openresty/openresty/issues/930
    Issue Tracking
  • github.com https://github.com/opensearch-project/data-prepper/issues/3474
    Issue TrackingPatch
  • github.com https://github.com/oqtane/oqtane.framework/discussions/3367
    Issue Tracking
  • github.com https://github.com/projectcontour/contour/pull/5826
    Issue TrackingPatch
  • github.com https://github.com/tempesta-tech/tempesta/issues/1986
    Issue Tracking
  • github.com https://github.com/varnishcache/varnish-cache/issues/3996
    Issue Tracking
  • groups.google.com https://groups.google.com/g/golang-announce/c/iNNxDTCjZvo
    Mailing ListRelease NotesVendor Advisory
  • istio.io https://istio.io/latest/news/security/istio-security-2023-004/
    Vendor Advisory
  • linkerd.io https://linkerd.io/2023/10/12/linkerd-cve-2023-44487/
    Vendor Advisory
  • lists.apache.org https://lists.apache.org/thread/5py8h42mxfsn8l1wy6o41xwhsjlsd87q
    Mailing List
  • lists.debian.org https://lists.debian.org/debian-lts-announce/2023/10/msg00020.html
    Mailing ListThird Party Advisory
  • lists.debian.org https://lists.debian.org/debian-lts-announce/2023/10/msg00023.html
    Mailing List
  • lists.debian.org https://lists.debian.org/debian-lts-announce/2023/10/msg00024.html
    Mailing List
  • lists.debian.org https://lists.debian.org/debian-lts-announce/2023/10/msg00045.html
    Mailing List
  • lists.debian.org https://lists.debian.org/debian-lts-announce/2023/10/msg00047.html
    Mailing List
  • lists.debian.org https://lists.debian.org/debian-lts-announce/2023/11/msg00001.html
    Mailing List
  • lists.debian.org https://lists.debian.org/debian-lts-announce/2023/11/msg00012.html
    Mailing List
  • lists.fedoraproject.org https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2MBEPPC36UBVOZZNAXFHKLFGSLCMN5LI/
    Mailing List
  • lists.fedoraproject.org https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3N4NJ7FR4X4FPZUGNTQAPSTVB2HB2Y4A/
    Mailing List
  • lists.fedoraproject.org https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BFQD3KUEMFBHPAPBGLWQC34L4OWL5HAZ/
    Mailing List
  • lists.fedoraproject.org https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CLB4TW7KALB3EEQWNWCN7OUIWWVWWCG2/
    Mailing List
  • lists.fedoraproject.org https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/E72T67UPDRXHIDLO3OROR25YAMN4GGW5/
    Mailing List
  • lists.fedoraproject.org https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FNA62Q767CFAFHBCDKYNPBMZWB7TWYVU/
    Mailing List
  • lists.fedoraproject.org https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HT7T2R4MQKLIF4ODV4BDLPARWFPCJ5CZ/
    Mailing List
  • lists.fedoraproject.org https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JIZSEFC3YKCGABA2BZW6ZJRMDZJMB7PJ/
    Mailing List
  • lists.fedoraproject.org https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JMEXY22BFG5Q64HQCM5CK2Q7KDKVV4TY/
    Mailing List
  • lists.fedoraproject.org https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KSEGD2IWKNUO3DWY4KQGUQM5BISRWHQE/
    Mailing List
  • lists.fedoraproject.org https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LKYHSZQFDNR7RSA7LHVLLIAQMVYCUGBG/
    Mailing List
  • lists.fedoraproject.org https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LNMZJCDHGLJJLXO4OXWJMTVQRNWOC7UL/
    Mailing List
  • lists.fedoraproject.org https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VHUHTSXLXGXS7JYKBXTA3VINUPHTNGVU/
    Mailing List
  • lists.fedoraproject.org https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VSRDIV77HNKUSM7SJC5BKE5JSHLHU2NK/
    Mailing List
  • lists.fedoraproject.org https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WE2I52RHNNU42PX6NZ2RBUHSFFJ2LVZX/
    Mailing List
  • lists.fedoraproject.org https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WLPRQ5TWUQQXYWBJM7ECYDAIL2YVKIUH/
    Mailing List
  • lists.fedoraproject.org https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X6QXN4ORIVF6XBW4WWFE7VNPVC74S45Y/
    Mailing List
  • lists.fedoraproject.org https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XFOIBB4YFICHDM7IBOP7PWXW3FX4HLL2/
    Mailing List
  • lists.fedoraproject.org https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZB43REMKRQR62NJEI7I5NQ4FSXNLBKRT/
    Mailing List
  • lists.fedoraproject.org https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZKQSIKIAT5TJ3WSLU3RDBQ35YX4GY4V3/
    Mailing List
  • lists.fedoraproject.org https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZLU6U2R2IC2K64NDPNMV55AUAO65MAF4/
    Mailing ListThird Party Advisory
  • lists.fedoraproject.org https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2MBEPPC36UBVOZZNAXFHKLFGSLCMN5LI/
    Mailing List
  • lists.fedoraproject.org https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3N4NJ7FR4X4FPZUGNTQAPSTVB2HB2Y4A/
    Mailing List
  • lists.fedoraproject.org https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BFQD3KUEMFBHPAPBGLWQC34L4OWL5HAZ/
    Mailing List
  • lists.fedoraproject.org https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CLB4TW7KALB3EEQWNWCN7OUIWWVWWCG2/
    Mailing List
  • lists.fedoraproject.org https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/E72T67UPDRXHIDLO3OROR25YAMN4GGW5/
    Mailing List
  • lists.fedoraproject.org https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FNA62Q767CFAFHBCDKYNPBMZWB7TWYVU/
    Mailing List
  • lists.fedoraproject.org https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HT7T2R4MQKLIF4ODV4BDLPARWFPCJ5CZ/
    Mailing List
  • lists.fedoraproject.org https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JIZSEFC3YKCGABA2BZW6ZJRMDZJMB7PJ/
    Mailing List
  • lists.fedoraproject.org https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JMEXY22BFG5Q64HQCM5CK2Q7KDKVV4TY/
    Mailing List
  • lists.fedoraproject.org https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KSEGD2IWKNUO3DWY4KQGUQM5BISRWHQE/
    Mailing List
  • lists.fedoraproject.org https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LKYHSZQFDNR7RSA7LHVLLIAQMVYCUGBG/
    Mailing List
  • lists.fedoraproject.org https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LNMZJCDHGLJJLXO4OXWJMTVQRNWOC7UL/
    Mailing List
  • lists.fedoraproject.org https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VHUHTSXLXGXS7JYKBXTA3VINUPHTNGVU/
    Mailing List
  • lists.fedoraproject.org https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VSRDIV77HNKUSM7SJC5BKE5JSHLHU2NK/
    Mailing List
  • lists.fedoraproject.org https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WE2I52RHNNU42PX6NZ2RBUHSFFJ2LVZX/
    Mailing List
  • lists.fedoraproject.org https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WLPRQ5TWUQQXYWBJM7ECYDAIL2YVKIUH/
    Mailing List
  • lists.fedoraproject.org https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/X6QXN4ORIVF6XBW4WWFE7VNPVC74S45Y/
    Mailing List
  • lists.fedoraproject.org https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XFOIBB4YFICHDM7IBOP7PWXW3FX4HLL2/
    Mailing List
  • lists.fedoraproject.org https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZB43REMKRQR62NJEI7I5NQ4FSXNLBKRT/
    Mailing List
  • lists.fedoraproject.org https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZKQSIKIAT5TJ3WSLU3RDBQ35YX4GY4V3/
    Mailing List
  • lists.fedoraproject.org https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZLU6U2R2IC2K64NDPNMV55AUAO65MAF4/
    Mailing List
  • lists.w3.org https://lists.w3.org/Archives/Public/ietf-http-wg/2023OctDec/0025.html
    Mailing ListThird Party Advisory
  • mailman.nginx.org https://mailman.nginx.org/pipermail/nginx-devel/2023-October/S36Q5HBXR7CAIMPLLPRSSSYR4PCMWILK.html
    Mailing ListPatchThird Party Advisory
  • martinthomson.github.io https://martinthomson.github.io/h2-stream-limits/draft-thomson-httpbis-h2-stream-limits.html
    Third Party Advisory
  • msrc.microsoft.com https://msrc.microsoft.com/blog/2023/10/microsoft-response-to-distributed-denial-of-service-ddos-attacks-against-http/2/
    PatchVendor Advisory
  • msrc.microsoft.com https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-44487
    MitigationPatchVendor Advisory
  • my.f5.com https://my.f5.com/manage/s/article/K000137106
    Vendor Advisory
  • netty.io https://netty.io/news/2023/10/10/4-1-100-Final.html
    Release NotesVendor Advisory
  • news.ycombinator.com https://news.ycombinator.com/item?id=37830987
    Issue Tracking
  • news.ycombinator.com https://news.ycombinator.com/item?id=37830998
    Issue TrackingPress/Media Coverage
  • news.ycombinator.com https://news.ycombinator.com/item?id=37831062
    Issue Tracking
  • news.ycombinator.com https://news.ycombinator.com/item?id=37837043
    Issue Tracking
  • openssf.org https://openssf.org/blog/2023/10/10/http-2-rapid-reset-vulnerability-highlights-need-for-rapid-response/
    Third Party Advisory
  • seanmonstar.com https://seanmonstar.com/post/730794151136935936/hyper-http2-rapid-reset-unaffected
    Third Party Advisory
  • sec.cloudapps.cisco.com https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-http2-reset-d8Kf32vZ
    Vendor Advisory
  • security.gentoo.org https://security.gentoo.org/glsa/202311-09
    Third Party Advisory
  • security.netapp.com https://security.netapp.com/advisory/ntap-20231016-0001/
    Third Party Advisory
  • security.netapp.com https://security.netapp.com/advisory/ntap-20240426-0007/
    Third Party Advisory
  • security.netapp.com https://security.netapp.com/advisory/ntap-20240621-0006/
    ExploitThird Party Advisory
  • security.netapp.com https://security.netapp.com/advisory/ntap-20240621-0007/
    Third Party Advisory
  • security.paloaltonetworks.com https://security.paloaltonetworks.com/CVE-2023-44487
    Vendor Advisory
  • tomcat.apache.org https://tomcat.apache.org/security-10.html#Fixed_in_Apache_Tomcat_10.1.14
    Release Notes
  • ubuntu.com https://ubuntu.com/security/CVE-2023-44487
    Vendor Advisory
  • bleepingcomputer.com https://www.bleepingcomputer.com/news/security/new-http-2-rapid-reset-zero-day-attack-breaks-ddos-records/
    Third Party Advisory
  • cisa.gov https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-44487
    US Government Resource
  • cisa.gov https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487
    Third Party AdvisoryUS Government Resource
  • darkreading.com https://www.darkreading.com/cloud/internet-wide-zero-day-bug-fuels-largest-ever-ddos-event
    Press/Media CoverageThird Party Advisory
  • debian.org https://www.debian.org/security/2023/dsa-5521
    Mailing ListVendor Advisory
  • debian.org https://www.debian.org/security/2023/dsa-5522
    Mailing ListVendor Advisory
  • debian.org https://www.debian.org/security/2023/dsa-5540
    Mailing ListThird Party Advisory
  • debian.org https://www.debian.org/security/2023/dsa-5549
    Mailing ListThird Party Advisory
  • debian.org https://www.debian.org/security/2023/dsa-5558
    Mailing ListThird Party Advisory
  • debian.org https://www.debian.org/security/2023/dsa-5570
    Third Party Advisory
  • haproxy.com https://www.haproxy.com/blog/haproxy-is-not-affected-by-the-http-2-rapid-reset-attack-cve-2023-44487
    Third Party AdvisoryVendor Advisory
  • netlify.com https://www.netlify.com/blog/netlify-successfully-mitigates-cve-2023-44487/
    Vendor Advisory
  • nginx.com https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/
    MitigationVendor Advisory
  • openwall.com https://www.openwall.com/lists/oss-security/2023/10/10/6
    Mailing ListThird Party Advisory
  • phoronix.com https://www.phoronix.com/news/HTTP2-Rapid-Reset-Attack
    Press/Media Coverage
  • theregister.com https://www.theregister.com/2023/10/10/http2_rapid_reset_zeroday/
    Press/Media CoverageThird Party Advisory
  • vicarius.io https://www.vicarius.io/vsociety/posts/rapid-reset-cve-2023-44487-dos-in-http2-understanding-the-root-cause
    Third Party Advisory

Remediation

  • cgit.freebsd.org https://cgit.freebsd.org/ports/commit/?id=c64c329c2c1752f46b73e3e6ce9f4329be6629f9
    Mailing ListPatchVendor Advisory
  • gist.github.com https://gist.github.com/adulau/7c2bfb8e9cdbe4b35a5e131c66a0c088
    Issue TrackingPatch
  • github.com https://github.com/advisories/GHSA-vx74-f528-fxqg
    MitigationPatchVendor Advisory
  • github.com https://github.com/advisories/GHSA-xpw8-rcwv-8f8p
    PatchVendor Advisory
  • github.com https://github.com/apache/trafficserver/pull/10564
    Issue TrackingPatch
  • github.com https://github.com/envoyproxy/envoy/pull/30055
    Issue TrackingPatch
  • github.com https://github.com/etcd-io/etcd/issues/16740
    Issue TrackingPatch
  • github.com https://github.com/facebook/proxygen/pull/466
    Issue TrackingPatch
  • github.com https://github.com/grpc/grpc-go/pull/6703
    Issue TrackingPatch
  • github.com https://github.com/h2o/h2o/pull/3291
    Issue TrackingPatch
  • github.com https://github.com/kazu-yamamoto/http2/commit/f61d41a502bd0f60eb24e1ce14edc7b6df6722a1
    Patch
  • github.com https://github.com/kubernetes/kubernetes/pull/121120
    Issue TrackingPatch
  • github.com https://github.com/line/armeria/pull/5232
    Issue TrackingPatch
  • github.com https://github.com/linkerd/website/pull/1695/commits/4b9c6836471bc8270ab48aae6fd2181bc73fd632
    Patch
  • github.com https://github.com/microsoft/CBL-Mariner/pull/6381
    Issue TrackingPatch
  • github.com https://github.com/netty/netty/commit/58f75f665aa81a8cbcf6ffa74820042a285c5e61
    Patch
  • github.com https://github.com/nghttp2/nghttp2/pull/1961
    Issue TrackingPatch
  • github.com https://github.com/opensearch-project/data-prepper/issues/3474
    Issue TrackingPatch
  • github.com https://github.com/projectcontour/contour/pull/5826
    Issue TrackingPatch
  • mailman.nginx.org https://mailman.nginx.org/pipermail/nginx-devel/2023-October/S36Q5HBXR7CAIMPLLPRSSSYR4PCMWILK.html
    Mailing ListPatchThird Party Advisory
  • msrc.microsoft.com https://msrc.microsoft.com/blog/2023/10/microsoft-response-to-distributed-denial-of-service-ddos-attacks-against-http/2/
    PatchVendor Advisory
  • msrc.microsoft.com https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-44487
    MitigationPatchVendor Advisory