Vulnerability Details : CVE-2023-44487
The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.
Vulnerability category: Denial of service
Products affected by CVE-2023-44487
- cpe:2.3:o:cisco:ios_xr:*:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:unified_contact_center_enterprise:-:*:*:*:*:*:*:*
- cpe:2.3:o:cisco:ios_xe:*:*:*:*:*:*:*:*
- cpe:2.3:o:cisco:nx-os:*:*:*:*:*:*:*:*
- cpe:2.3:o:cisco:nx-os:*:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:prime_infrastructure:*:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:prime_network_registrar:*:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:telepresence_video_communication_server:*:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:expressway:*:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:firepower_threat_defense:*:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:data_center_network_manager:-:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:iot_field_network_director:*:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:enterprise_chat_and_email:-:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:connected_mobile_experiences:*:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:prime_access_registrar:*:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:crosswork_data_gateway:*:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:crosswork_data_gateway:5.0:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:crosswork_zero_touch_provisioning:*:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:unified_contact_center_management_portal:-:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:prime_cable_provisioning:*:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:secure_dynamic_attributes_connector:*:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:secure_malware_analytics:*:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:ultra_cloud_core_-_policy_control_function:*:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:ultra_cloud_core_-_policy_control_function:2024.01.0:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:ultra_cloud_core_-_serving_gateway_function:*:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:ultra_cloud_core_-_session_management_function:*:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:unified_attendant_console_advanced:-:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:unified_contact_center_domain_manager:-:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:unified_contact_center_enterprise_-_live_data_server:*:*:*:*:*:*:*:*
- cpe:2.3:o:cisco:fog_director:*:*:*:*:*:*:*:*
- cpe:2.3:o:cisco:secure_web_appliance_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
- cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*
- cpe:2.3:o:debian:debian_linux:12.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:jboss_enterprise_application_platform:6.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:jboss_enterprise_application_platform:7.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:openshift:-:*:*:*:*:aws:*:*
- cpe:2.3:a:redhat:jboss_fuse:6.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:jboss_fuse:7.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:jboss_a-mq:7:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:satellite:6.0:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:ceph_storage:5.0:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:3scale_api_management_platform:2.0:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:openstack_platform:16.1:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:openstack_platform:16.2:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:openstack_platform:17.1:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:jboss_data_grid:7.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:openshift_container_platform:4.0:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:decision_manager:7.0:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:jboss_core_services:-:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:single_sign-on:7.0:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:quay:3.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:process_automation:7.0:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:openshift_service_mesh:2.0:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:build_of_quarkus:-:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:integration_camel_k:-:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:ansible_automation_platform:2.0:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:openshift_virtualization:4:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:advanced_cluster_management_for_kubernetes:2.0:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:integration_service_registry:-:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:openshift_gitops:-:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:openshift_serverless:-:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:advanced_cluster_security:3.0:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:advanced_cluster_security:4.0:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:integration_camel_for_spring_boot:-:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:migration_toolkit_for_applications:6.0:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:openshift_developer_tools_and_services:-:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:openshift_api_for_data_protection:-:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:openshift_data_science:-:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:build_of_optaplanner:8.0:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:cert-manager_operator_for_red_hat_openshift:-:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:certification_for_red_hat_enterprise_linux:8.0:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:certification_for_red_hat_enterprise_linux:9.0:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:cost_management:-:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:cryostat:2.0:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:fence_agents_remediation_operator:-:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:jboss_a-mq_streams:-:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:logging_subsystem_for_red_hat_openshift:-:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:machine_deletion_remediation_operator:-:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:migration_toolkit_for_containers:-:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:migration_toolkit_for_virtualization:-:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:network_observability_operator:-:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:node_healthcheck_operator:-:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:node_maintenance_operator:-:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:openshift_container_platform_assisted_installer:-:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:openshift_dev_spaces:-:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:openshift_distributed_tracing:-:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:openshift_pipelines:-:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:openshift_sandboxed_containers:-:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:openshift_secondary_scheduler_operator:-:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:run_once_duration_override_operator:-:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:self_node_remediation_operator:-:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:service_interconnect:1.0:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:support_for_spring_boot:-:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:web_terminal:-:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:service_telemetry_framework:1.5:*:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*
- cpe:2.3:a:microsoft:asp.net_core:*:*:*:*:*:*:*:*
- cpe:2.3:a:microsoft:asp.net_core:*:*:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*
- cpe:2.3:a:microsoft:azure_kubernetes_service:*:*:*:*:*:*:*:*
- cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*
- cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_server_2022:-:*:*:*:*:*:*:*
- cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*
- cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*
- cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*
- cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_11_21h2:*:*:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x64:*
- cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x86:*
- cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:*:*
- cpe:2.3:a:microsoft:cbl-mariner:*:*:*:*:*:*:*:*
- cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*
- cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*
- cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*
- cpe:2.3:a:apache:tomcat:11.0.0:milestone1:*:*:*:*:*:*
- cpe:2.3:a:apache:tomcat:11.0.0:milestone2:*:*:*:*:*:*
- cpe:2.3:a:apache:tomcat:11.0.0:milestone4:*:*:*:*:*:*
- cpe:2.3:a:apache:tomcat:11.0.0:milestone3:*:*:*:*:*:*
- cpe:2.3:a:apache:tomcat:11.0.0:milestone5:*:*:*:*:*:*
- cpe:2.3:a:apache:tomcat:11.0.0:milestone6:*:*:*:*:*:*
- cpe:2.3:a:apache:tomcat:11.0.0:milestone10:*:*:*:*:*:*
- cpe:2.3:a:apache:tomcat:11.0.0:milestone7:*:*:*:*:*:*
- cpe:2.3:a:apache:tomcat:11.0.0:milestone8:*:*:*:*:*:*
- cpe:2.3:a:apache:tomcat:11.0.0:milestone9:*:*:*:*:*:*
- cpe:2.3:a:apache:tomcat:11.0.0:milestone11:*:*:*:*:*:*
- cpe:2.3:a:apache:solr:*:*:*:*:*:*:*:*
- cpe:2.3:a:apache:traffic_server:*:*:*:*:*:*:*:*
- cpe:2.3:a:apache:traffic_server:*:*:*:*:*:*:*:*
- cpe:2.3:a:apache:apisix:*:*:*:*:*:*:*:*
- cpe:2.3:a:apple:swiftnio_http\/2:*:*:*:*:*:swift:*:*
- F5 » Big-ip Local Traffic ManagerVersions from including (>=) 13.1.0 and up to, including, (<=) 13.1.5cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*
- F5 » Big-ip Local Traffic ManagerVersions from including (>=) 15.1.0 and up to, including, (<=) 15.1.10cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*
- F5 » Big-ip Local Traffic ManagerVersions from including (>=) 16.1.0 and up to, including, (<=) 16.1.4cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*
- F5 » Big-ip Local Traffic ManagerVersions from including (>=) 14.1.0 and up to, including, (<=) 14.1.5cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*
- cpe:2.3:a:f5:big-ip_local_traffic_manager:17.1.0:*:*:*:*:*:*:*
- F5 » Big-ip Global Traffic ManagerVersions from including (>=) 16.1.0 and up to, including, (<=) 16.1.4cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*
- F5 » Big-ip Global Traffic ManagerVersions from including (>=) 14.1.0 and up to, including, (<=) 14.1.5cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*
- F5 » Big-ip Global Traffic ManagerVersions from including (>=) 15.1.0 and up to, including, (<=) 15.1.10cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*
- F5 » Big-ip Global Traffic ManagerVersions from including (>=) 13.1.0 and up to, including, (<=) 13.1.5cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*
- cpe:2.3:a:f5:big-ip_global_traffic_manager:17.1.0:*:*:*:*:*:*:*
- F5 » Big-ip Application Security ManagerVersions from including (>=) 15.1.0 and up to, including, (<=) 15.1.10cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*
- F5 » Big-ip Application Security ManagerVersions from including (>=) 16.1.0 and up to, including, (<=) 16.1.4cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*
- F5 » Big-ip Application Security ManagerVersions from including (>=) 13.1.0 and up to, including, (<=) 13.1.5cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*
- F5 » Big-ip Application Security ManagerVersions from including (>=) 14.1.0 and up to, including, (<=) 14.1.5cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*
- cpe:2.3:a:f5:big-ip_application_security_manager:17.1.0:*:*:*:*:*:*:*
- F5 » Big-ip Access Policy ManagerVersions from including (>=) 15.1.0 and up to, including, (<=) 15.1.10cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*
- F5 » Big-ip Access Policy ManagerVersions from including (>=) 14.1.0 and up to, including, (<=) 14.1.5cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*
- F5 » Big-ip Access Policy ManagerVersions from including (>=) 16.1.0 and up to, including, (<=) 16.1.4cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*
- F5 » Big-ip Access Policy ManagerVersions from including (>=) 13.1.0 and up to, including, (<=) 13.1.5cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*
- cpe:2.3:a:f5:big-ip_access_policy_manager:17.1.0:*:*:*:*:*:*:*
- cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:*
- cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:*
- cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:*
- cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:*
- cpe:2.3:a:f5:big-ip_webaccelerator:17.1.0:*:*:*:*:*:*:*
- cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*
- cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*
- cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*
- cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*
- cpe:2.3:a:f5:big-ip_link_controller:17.1.0:*:*:*:*:*:*:*
- cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*
- cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*
- cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*
- cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*
- cpe:2.3:a:f5:big-ip_analytics:17.1.0:*:*:*:*:*:*:*
- F5 » Big-ip Application Acceleration ManagerVersions from including (>=) 16.1.0 and up to, including, (<=) 16.1.4cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*
- F5 » Big-ip Application Acceleration ManagerVersions from including (>=) 13.1.0 and up to, including, (<=) 13.1.5cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*
- F5 » Big-ip Application Acceleration ManagerVersions from including (>=) 14.1.0 and up to, including, (<=) 14.1.5cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*
- F5 » Big-ip Application Acceleration ManagerVersions from including (>=) 15.1.0 and up to, including, (<=) 15.1.10cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*
- cpe:2.3:a:f5:big-ip_application_acceleration_manager:17.1.0:*:*:*:*:*:*:*
- F5 » Big-ip Advanced Firewall ManagerVersions from including (>=) 15.1.0 and up to, including, (<=) 15.1.10cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*
- F5 » Big-ip Advanced Firewall ManagerVersions from including (>=) 13.1.0 and up to, including, (<=) 13.1.5cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*
- F5 » Big-ip Advanced Firewall ManagerVersions from including (>=) 14.1.0 and up to, including, (<=) 14.1.5cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*
- F5 » Big-ip Advanced Firewall ManagerVersions from including (>=) 16.1.0 and up to, including, (<=) 16.1.4cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*
- cpe:2.3:a:f5:big-ip_advanced_firewall_manager:17.1.0:*:*:*:*:*:*:*
- F5 » Big-ip Policy Enforcement ManagerVersions from including (>=) 14.1.0 and up to, including, (<=) 14.1.5cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*
- F5 » Big-ip Policy Enforcement ManagerVersions from including (>=) 13.1.0 and up to, including, (<=) 13.1.5cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*
- F5 » Big-ip Policy Enforcement ManagerVersions from including (>=) 16.1.0 and up to, including, (<=) 16.1.4cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*
- F5 » Big-ip Policy Enforcement ManagerVersions from including (>=) 15.1.0 and up to, including, (<=) 15.1.10cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*
- cpe:2.3:a:f5:big-ip_policy_enforcement_manager:17.1.0:*:*:*:*:*:*:*
- F5 » Big-ip Domain Name SystemVersions from including (>=) 13.1.0 and up to, including, (<=) 13.1.5cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*
- F5 » Big-ip Domain Name SystemVersions from including (>=) 15.1.0 and up to, including, (<=) 15.1.10cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*
- F5 » Big-ip Domain Name SystemVersions from including (>=) 16.1.0 and up to, including, (<=) 16.1.4cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*
- F5 » Big-ip Domain Name SystemVersions from including (>=) 14.1.0 and up to, including, (<=) 14.1.5cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*
- cpe:2.3:a:f5:big-ip_domain_name_system:17.1.0:*:*:*:*:*:*:*
- cpe:2.3:a:f5:big-ip_websafe:*:*:*:*:*:*:*:*
- cpe:2.3:a:f5:big-ip_websafe:*:*:*:*:*:*:*:*
- cpe:2.3:a:f5:big-ip_websafe:*:*:*:*:*:*:*:*
- cpe:2.3:a:f5:big-ip_websafe:*:*:*:*:*:*:*:*
- cpe:2.3:a:f5:big-ip_websafe:17.1.0:*:*:*:*:*:*:*
- F5 » Big-ip Fraud Protection ServiceVersions from including (>=) 15.1.0 and up to, including, (<=) 15.1.10cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:*
- F5 » Big-ip Fraud Protection ServiceVersions from including (>=) 14.1.0 and up to, including, (<=) 14.1.5cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:*
- F5 » Big-ip Fraud Protection ServiceVersions from including (>=) 16.1.0 and up to, including, (<=) 16.1.4cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:*
- F5 » Big-ip Fraud Protection ServiceVersions from including (>=) 13.1.0 and up to, including, (<=) 13.1.5cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:*
- cpe:2.3:a:f5:big-ip_fraud_protection_service:17.1.0:*:*:*:*:*:*:*
- F5 » Big-ip Application Visibility And ReportingVersions from including (>=) 15.1.0 and up to, including, (<=) 15.1.10cpe:2.3:a:f5:big-ip_application_visibility_and_reporting:*:*:*:*:*:*:*:*
- F5 » Big-ip Application Visibility And ReportingVersions from including (>=) 16.1.0 and up to, including, (<=) 16.1.4cpe:2.3:a:f5:big-ip_application_visibility_and_reporting:*:*:*:*:*:*:*:*
- F5 » Big-ip Application Visibility And ReportingVersions from including (>=) 13.1.0 and up to, including, (<=) 13.1.5cpe:2.3:a:f5:big-ip_application_visibility_and_reporting:*:*:*:*:*:*:*:*
- F5 » Big-ip Application Visibility And ReportingVersions from including (>=) 14.1.0 and up to, including, (<=) 14.1.5cpe:2.3:a:f5:big-ip_application_visibility_and_reporting:*:*:*:*:*:*:*:*
- cpe:2.3:a:f5:big-ip_application_visibility_and_reporting:17.1.0:*:*:*:*:*:*:*
- F5 » Big-ip Advanced Web Application FirewallVersions from including (>=) 13.1.0 and up to, including, (<=) 13.1.5cpe:2.3:a:f5:big-ip_advanced_web_application_firewall:*:*:*:*:*:*:*:*
- F5 » Big-ip Advanced Web Application FirewallVersions from including (>=) 14.1.0 and up to, including, (<=) 14.1.5cpe:2.3:a:f5:big-ip_advanced_web_application_firewall:*:*:*:*:*:*:*:*
- F5 » Big-ip Advanced Web Application FirewallVersions from including (>=) 15.1.0 and up to, including, (<=) 15.1.10cpe:2.3:a:f5:big-ip_advanced_web_application_firewall:*:*:*:*:*:*:*:*
- F5 » Big-ip Advanced Web Application FirewallVersions from including (>=) 16.1.0 and up to, including, (<=) 16.1.4cpe:2.3:a:f5:big-ip_advanced_web_application_firewall:*:*:*:*:*:*:*:*
- cpe:2.3:a:f5:big-ip_advanced_web_application_firewall:17.1.0:*:*:*:*:*:*:*
- F5 » Big-ip Ddos Hybrid DefenderVersions from including (>=) 14.1.0 and up to, including, (<=) 14.1.5cpe:2.3:a:f5:big-ip_ddos_hybrid_defender:*:*:*:*:*:*:*:*
- F5 » Big-ip Ddos Hybrid DefenderVersions from including (>=) 15.1.0 and up to, including, (<=) 15.1.10cpe:2.3:a:f5:big-ip_ddos_hybrid_defender:*:*:*:*:*:*:*:*
- F5 » Big-ip Ddos Hybrid DefenderVersions from including (>=) 16.1.0 and up to, including, (<=) 16.1.4cpe:2.3:a:f5:big-ip_ddos_hybrid_defender:*:*:*:*:*:*:*:*
- F5 » Big-ip Ddos Hybrid DefenderVersions from including (>=) 13.1.0 and up to, including, (<=) 13.1.5cpe:2.3:a:f5:big-ip_ddos_hybrid_defender:*:*:*:*:*:*:*:*
- cpe:2.3:a:f5:big-ip_ddos_hybrid_defender:17.1.0:*:*:*:*:*:*:*
- cpe:2.3:a:f5:big-ip_ssl_orchestrator:*:*:*:*:*:*:*:*
- cpe:2.3:a:f5:big-ip_ssl_orchestrator:*:*:*:*:*:*:*:*
- cpe:2.3:a:f5:big-ip_ssl_orchestrator:*:*:*:*:*:*:*:*
- cpe:2.3:a:f5:big-ip_ssl_orchestrator:*:*:*:*:*:*:*:*
- cpe:2.3:a:f5:big-ip_ssl_orchestrator:17.1.0:*:*:*:*:*:*:*
- cpe:2.3:a:f5:big-ip_carrier-grade_nat:*:*:*:*:*:*:*:*
- cpe:2.3:a:f5:big-ip_carrier-grade_nat:*:*:*:*:*:*:*:*
- cpe:2.3:a:f5:big-ip_carrier-grade_nat:*:*:*:*:*:*:*:*
- F5 » Big-ip Carrier-grade NatVersions from including (>=) 15.1.0 and up to, including, (<=) 15.1.10cpe:2.3:a:f5:big-ip_carrier-grade_nat:*:*:*:*:*:*:*:*
- cpe:2.3:a:f5:big-ip_carrier-grade_nat:17.1.0:*:*:*:*:*:*:*
- cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*
- cpe:2.3:a:f5:nginx_ingress_controller:*:*:*:*:*:*:*:*
- cpe:2.3:a:f5:nginx_ingress_controller:*:*:*:*:*:*:*:*
- cpe:2.3:a:f5:nginx_plus:*:*:*:*:*:*:*:*
- cpe:2.3:a:f5:nginx_plus:r29:-:*:*:*:*:*:*
- cpe:2.3:a:f5:nginx_plus:r30:-:*:*:*:*:*:*
- F5 » Big-ip Next Service Proxy For KubernetesVersions from including (>=) 1.5.0 and up to, including, (<=) 1.8.2cpe:2.3:a:f5:big-ip_next_service_proxy_for_kubernetes:*:*:*:*:*:*:*:*
- cpe:2.3:a:f5:big-ip_next:20.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:ietf:http:2.0:*:*:*:*:*:*:*
- cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*
- cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*
- cpe:2.3:a:facebook:proxygen:*:*:*:*:*:*:*:*
- cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*
- cpe:2.3:a:netapp:astra_control_center:-:*:*:*:*:*:*:*
- cpe:2.3:a:eclipse:jetty:*:*:*:*:*:*:*:*
- cpe:2.3:a:eclipse:jetty:*:*:*:*:*:*:*:*
- cpe:2.3:a:eclipse:jetty:*:*:*:*:*:*:*:*
- cpe:2.3:a:eclipse:jetty:*:*:*:*:*:*:*:*
- cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*
- cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:*
- cpe:2.3:a:amazon:opensearch_data_prepper:*:*:*:*:*:*:*:*
- cpe:2.3:a:linecorp:armeria:*:*:*:*:*:*:*:*
- cpe:2.3:a:golang:go:*:*:*:*:*:*:*:*
- cpe:2.3:a:golang:go:*:*:*:*:*:*:*:*
- cpe:2.3:a:golang:http2:*:*:*:*:*:go:*:*
- cpe:2.3:a:golang:networking:*:*:*:*:*:go:*:*
- cpe:2.3:a:dena:h2o:*:*:*:*:*:*:*:*
- cpe:2.3:a:nghttp2:nghttp2:*:*:*:*:*:*:*:*
- cpe:2.3:a:jenkins:jenkins:*:*:*:*:-:*:*:*
- cpe:2.3:a:jenkins:jenkins:*:*:*:*:lts:*:*:*
- cpe:2.3:a:grpc:grpc:*:*:*:*:*:go:*:*
- cpe:2.3:a:grpc:grpc:*:*:*:*:*:go:*:*
- cpe:2.3:a:grpc:grpc:*:*:*:*:*:-:*:*
- cpe:2.3:a:grpc:grpc:1.57.0:-:*:*:*:go:*:*
- cpe:2.3:a:akka:http_server:*:*:*:*:*:*:*:*
- cpe:2.3:a:envoyproxy:envoy:1.24.10:*:*:*:*:*:*:*
- cpe:2.3:a:envoyproxy:envoy:1.25.9:*:*:*:*:*:*:*
- cpe:2.3:a:envoyproxy:envoy:1.26.4:*:*:*:*:*:*:*
- cpe:2.3:a:envoyproxy:envoy:1.27.0:*:*:*:*:*:*:*
- cpe:2.3:a:istio:istio:*:*:*:*:*:*:*:*
- cpe:2.3:a:istio:istio:*:*:*:*:*:*:*:*
- cpe:2.3:a:istio:istio:*:*:*:*:*:*:*:*
- cpe:2.3:a:netty:netty:*:*:*:*:*:*:*:*
- cpe:2.3:a:caddyserver:caddy:*:*:*:*:*:*:*:*
- cpe:2.3:a:openresty:openresty:*:*:*:*:*:*:*:*
- cpe:2.3:a:konghq:kong_gateway:*:*:*:*:enterprise:*:*:*
- cpe:2.3:a:projectcontour:contour:*:*:*:*:*:kubernetes:*:*
- cpe:2.3:a:traefik:traefik:*:*:*:*:*:*:*:*
- cpe:2.3:a:traefik:traefik:3.0.0:beta1:*:*:*:*:*:*
- cpe:2.3:a:traefik:traefik:3.0.0:beta2:*:*:*:*:*:*
- cpe:2.3:a:traefik:traefik:3.0.0:beta3:*:*:*:*:*:*
- cpe:2.3:a:varnish_cache_project:varnish_cache:*:*:*:*:*:*:*:*
- cpe:2.3:a:kazu-yamamoto:http2:*:*:*:*:*:*:*:*
- Linkerd » Linkerd » Stable Edition For KubernetesVersions from including (>=) 2.12.0 and up to, including, (<=) 2.12.5cpe:2.3:a:linkerd:linkerd:*:*:*:*:stable:kubernetes:*:*
- cpe:2.3:a:linkerd:linkerd:2.13.0:*:*:*:stable:kubernetes:*:*
- cpe:2.3:a:linkerd:linkerd:2.13.1:*:*:*:stable:kubernetes:*:*
- cpe:2.3:a:linkerd:linkerd:2.14.0:*:*:*:stable:kubernetes:*:*
- cpe:2.3:a:linkerd:linkerd:2.14.1:*:*:*:stable:kubernetes:*:*
CVE-2023-44487 is in the CISA Known Exploited Vulnerabilities Catalog
CISA vulnerability name:
HTTP/2 Rapid Reset Attack Vulnerability
CISA required action:
Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
CISA description:
HTTP/2 contains a rapid reset vulnerability that allows for a distributed denial-of-service attack (DDoS).
Notes:
This vulnerability affects a common open-source component, third-party library, or a protocol used by different products. Please check with specific vendors for information on patching status. For more information, please see: https://blog.cloudflare.com/technical-breakdown-http2-rapid-reset-ddos-
Added on
2023-10-10
Action due date
2023-10-31
Exploit prediction scoring system (EPSS) score for CVE-2023-44487
80.09%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 99 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2023-44487
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
7.5
|
HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
3.9
|
3.6
|
134c704f-9b21-4f2e-91b3-4a467353bcc0 | 2024-08-01 |
7.5
|
HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
3.9
|
3.6
|
NIST | |
7.5
|
HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
N/A
|
N/A
|
RedHat-CVE-2023-44487 |
CWE ids for CVE-2023-44487
-
The product does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.Assigned by:
- 134c704f-9b21-4f2e-91b3-4a467353bcc0 (Secondary)
- nvd@nist.gov (Primary)
References for CVE-2023-44487
-
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZLU6U2R2IC2K64NDPNMV55AUAO65MAF4/
[SECURITY] Fedora 37 Update: folly-2023.10.16.00-1.fc37 - package-announce - Fedora Mailing-Lists
-
https://github.com/netty/netty/commit/58f75f665aa81a8cbcf6ffa74820042a285c5e61
Merge pull request from GHSA-xpw8-rcwv-8f8p · netty/netty@58f75f6 · GitHubPatch
-
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BFQD3KUEMFBHPAPBGLWQC34L4OWL5HAZ/
[SECURITY] Fedora 38 Update: mod_http2-2.0.25-1.fc38 - package-announce - Fedora Mailing-Lists
-
https://lists.apache.org/thread/5py8h42mxfsn8l1wy6o41xwhsjlsd87q
ATS is vulnerable to a HTTP/2 and s3 auth plugin attacks-Apache Mail ArchivesMailing List
-
https://github.com/kazu-yamamoto/http2/commit/f61d41a502bd0f60eb24e1ce14edc7b6df6722a1
ver bump up · kazu-yamamoto/http2@f61d41a · GitHubPatch
-
https://www.phoronix.com/news/HTTP2-Rapid-Reset-Attack
HTTP/2 "Rapid Reset" DDoS Attack Disclosed By Google, Cloudflare & AWS - PhoronixPress/Media Coverage
-
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WLPRQ5TWUQQXYWBJM7ECYDAIL2YVKIUH/
[SECURITY] Fedora 38 Update: mcrouter-0.41.0.20231016-1.fc38 - package-announce - Fedora Mailing-Lists
-
https://github.com/apache/apisix/issues/10320
help request: What's the action for CVE-2023-44487 ? · Issue #10320 · apache/apisix · GitHubIssue Tracking
-
https://security.paloaltonetworks.com/CVE-2023-44487
CVE-2023-44487 Impact of Rapid Reset and HTTP/2 DoS Vulnerabilities (CVE-2023-44487, CVE-2023-35945)Vendor Advisory
-
https://my.f5.com/manage/s/article/K000137106
HTTP/2 vulnerability CVE-2023-44487Vendor Advisory
-
https://www.debian.org/security/2023/dsa-5522
Debian -- Security Information -- DSA-5522-1 tomcat9Vendor Advisory
-
https://istio.io/latest/news/security/istio-security-2023-004/
Istio / ISTIO-SECURITY-2023-004Vendor Advisory
-
https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487
HTTP/2 Rapid Reset Vulnerability, CVE-2023-44487 | CISAThird Party Advisory;US Government Resource
-
https://chaos.social/@icing/111210915918780532
Stefan Eissing: "More details: httpd keeps a „m…" - chaos.social
-
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WE2I52RHNNU42PX6NZ2RBUHSFFJ2LVZX/
[SECURITY] Fedora 39 Update: mod_http2-2.0.25-1.fc39 - package-announce - Fedora Mailing-ListsMailing List
-
https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/
HTTP/2 Rapid Reset Attack Impacting NGINX Products - NGINXMitigation;Vendor Advisory
-
https://github.com/nghttp2/nghttp2/releases/tag/v1.57.0
Release nghttp2 v1.57.0 · nghttp2/nghttp2 · GitHubRelease Notes
-
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZKQSIKIAT5TJ3WSLU3RDBQ35YX4GY4V3/
[SECURITY] Fedora 37 Update: trafficserver-9.2.3-1.fc37 - package-announce - Fedora Mailing-ListsMailing List
-
https://news.ycombinator.com/item?id=37831062
Google mitigated the largest DDoS attack to date, peaking above 398M rps | Hacker NewsIssue Tracking
-
https://github.com/ninenines/cowboy/issues/1615
Is Cowboy affected by the HTTP/2 Rapid Reset attack? · Issue #1615 · ninenines/cowboy · GitHubIssue Tracking
-
https://github.com/microsoft/CBL-Mariner/pull/6381
Fix for nginx and golang for CVE-2023-44487 by ddstreetmicrosoft · Pull Request #6381 · microsoft/CBL-Mariner · GitHubIssue Tracking;Patch
-
https://github.com/hyperium/hyper/issues/3337
Pick a default for HTTP/2 server max concurrent streams · Issue #3337 · hyperium/hyper · GitHub
-
https://www.debian.org/security/2023/dsa-5521
Debian -- Security Information -- DSA-5521-1 tomcat10Vendor Advisory
-
https://bugzilla.suse.com/show_bug.cgi?id=1216123
1216123 – (CVE-2023-44487) VUL-0: CVE-2023-44487: TRACKER-BUG: HTTP/2 Rapid Reset AttackIssue Tracking;Vendor Advisory
-
https://github.com/line/armeria/pull/5232
Limit max reset frames to mitigate HTTP/2 RST floods by ikhoon · Pull Request #5232 · line/armeria · GitHubIssue Tracking;Patch
-
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VSRDIV77HNKUSM7SJC5BKE5JSHLHU2NK/
[SECURITY] Fedora 39 Update: nghttp2-1.55.1-4.fc39 - package-announce - Fedora Mailing-Lists
-
https://www.haproxy.com/blog/haproxy-is-not-affected-by-the-http-2-rapid-reset-attack-cve-2023-44487
HAProxy is not affected by the HTTP/2 Rapid Reset Attack (CVE-2023-44487)Vendor Advisory
-
https://lists.debian.org/debian-lts-announce/2023/11/msg00012.html
[SECURITY] [DLA 3656-1] netty security updateMailing List
-
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-44487
CVE-2023-44487 - Security Update Guide - Microsoft - MITRE: CVE-2023-44487 HTTP/2 Rapid Reset AttackMitigation;Patch;Vendor Advisory
-
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JMEXY22BFG5Q64HQCM5CK2Q7KDKVV4TY/
[SECURITY] Fedora 38 Update: nghttp2-1.52.0-2.fc38 - package-announce - Fedora Mailing-ListsMailing List;Third Party Advisory
-
https://github.com/facebook/proxygen/pull/466
Re-sync with internal repository following CVE-2023-44487 by facebook-github-bot · Pull Request #466 · facebook/proxygen · GitHubIssue Tracking;Patch
-
https://blog.litespeedtech.com/2023/10/11/rapid-reset-http-2-vulnerablilty/
Rapid Reset HTTP/2 Vulnerablilty ⋆ LiteSpeed BlogVendor Advisory
-
https://access.redhat.com/security/cve/cve-2023-44487
CVE-2023-44487- Red Hat Customer PortalVendor Advisory
-
https://github.com/caddyserver/caddy/issues/5877
HTTP/2 Rapid Reset : CVE-2023-44487 · Issue #5877 · caddyserver/caddy · GitHubIssue Tracking;Vendor Advisory
-
https://github.com/envoyproxy/envoy/pull/30055
http: Fix CVE CVE-2023-44487 by phlax · Pull Request #30055 · envoyproxy/envoy · GitHubIssue Tracking;Patch
-
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CLB4TW7KALB3EEQWNWCN7OUIWWVWWCG2/
[SECURITY] Fedora 37 Update: golang-1.20.10-3.fc37 - package-announce - Fedora Mailing-ListsMailing List
-
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3N4NJ7FR4X4FPZUGNTQAPSTVB2HB2Y4A/
[SECURITY] Fedora 39 Update: nodejs20-20.8.1-1.fc39 - package-announce - Fedora Mailing-Lists
-
https://github.com/apache/trafficserver/pull/10564
Add an HTTP/2 related rate limiting by maskit · Pull Request #10564 · apache/trafficserver · GitHubIssue Tracking;Patch
-
http://www.openwall.com/lists/oss-security/2023/10/18/8
oss-security - Re: CVE-2023-44487: HTTP/2 Rapid Reset attack against many implementationsMailing List;Third Party Advisory
-
https://www.vicarius.io/vsociety/posts/rapid-reset-cve-2023-44487-dos-in-http2-understanding-the-root-cause
Rapid Reset (CVE-2023-44487) - DoS in HTTP/2 - Understanding the root cause - vsocietyThird Party Advisory
-
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2MBEPPC36UBVOZZNAXFHKLFGSLCMN5LI/
[SECURITY] Fedora 37 Update: mod_http2-2.0.25-1.fc37 - package-announce - Fedora Mailing-ListsMailing List
-
https://martinthomson.github.io/h2-stream-limits/draft-thomson-httpbis-h2-stream-limits.html
Using HTTP/3 Stream Limits in HTTP/2Third Party Advisory
-
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/X6QXN4ORIVF6XBW4WWFE7VNPVC74S45Y/
[SECURITY] Fedora 37 Update: nodejs18-18.18.2-1.fc37 - package-announce - Fedora Mailing-Lists
-
https://lists.w3.org/Archives/Public/ietf-http-wg/2023OctDec/0025.html
Prague side meeting: HTTP/2 concurrency and request cancellation (CVE-2023-44487) from Mark Nottingham on 2023-10-10 (ietf-http-wg@w3.org from October to December 2023)Mailing List;Third Party Advisory
-
https://github.com/advisories/GHSA-vx74-f528-fxqg
github.com/nghttp2/nghttp2 has HTTP/2 Rapid Reset · GHSA-vx74-f528-fxqg · GitHub Advisory Database · GitHubMitigation;Patch
-
https://github.com/arkrwn/PoC/tree/main/CVE-2023-44487
PoC/CVE-2023-44487 at main · arkrwn/PoC · GitHubVendor Advisory
-
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KSEGD2IWKNUO3DWY4KQGUQM5BISRWHQE/
[SECURITY] Fedora 38 Update: golang-1.20.10-2.fc38 - package-announce - Fedora Mailing-Lists
-
https://cgit.freebsd.org/ports/commit/?id=c64c329c2c1752f46b73e3e6ce9f4329be6629f9
ports - FreeBSD ports treeMailing List;Patch;Vendor Advisory
-
https://www.theregister.com/2023/10/10/http2_rapid_reset_zeroday/
HTTP/2 'Rapid Reset' zero-day exploited in biggest DDoS yet • The RegisterPress/Media Coverage;Third Party Advisory
-
https://linkerd.io/2023/10/12/linkerd-cve-2023-44487/
How Linkerd became resilient to CVE-2023-44487, a HTTP/2 DDOS vulnerability, six months prior to its disclosure | LinkerdVendor Advisory
-
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XFOIBB4YFICHDM7IBOP7PWXW3FX4HLL2/
[SECURITY] Fedora 39 Update: golang-1.21.3-1.fc39 - package-announce - Fedora Mailing-ListsMailing List
-
https://github.com/linkerd/website/pull/1695/commits/4b9c6836471bc8270ab48aae6fd2181bc73fd632
initial draft of CVE-2023-44487 blog post by wmorgan · Pull Request #1695 · linkerd/website · GitHubPatch
-
https://lists.debian.org/debian-lts-announce/2023/10/msg00045.html
[SECURITY] [DLA 3641-1] jetty9 security updateMailing List
-
https://github.com/tempesta-tech/tempesta/issues/1986
HTTP/2 Rapid Reset DDoS Mitigaton · Issue #1986 · tempesta-tech/tempesta · GitHubIssue Tracking
-
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3N4NJ7FR4X4FPZUGNTQAPSTVB2HB2Y4A/
[SECURITY] Fedora 39 Update: nodejs20-20.8.1-1.fc39 - package-announce - Fedora Mailing-ListsMailing List
-
https://github.com/projectcontour/contour/pull/5826
Set stream limits for HTTP2 protocol - CVE CVE-2023-44487 by akshaysngupta · Pull Request #5826 · projectcontour/contour · GitHubIssue Tracking;Patch
-
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VSRDIV77HNKUSM7SJC5BKE5JSHLHU2NK/
[SECURITY] Fedora 39 Update: nghttp2-1.55.1-4.fc39 - package-announce - Fedora Mailing-ListsMailing List
-
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VHUHTSXLXGXS7JYKBXTA3VINUPHTNGVU/
[SECURITY] Fedora 39 Update: trafficserver-9.2.3-1.fc39 - package-announce - Fedora Mailing-ListsMailing List
-
https://blog.vespa.ai/cve-2023-44487/
HTTP/2 Rapid Reset (CVE-2023-44487) | Vespa BlogVendor Advisory
-
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KSEGD2IWKNUO3DWY4KQGUQM5BISRWHQE/
[SECURITY] Fedora 38 Update: golang-1.20.10-2.fc38 - package-announce - Fedora Mailing-ListsMailing List
-
https://cloud.google.com/blog/products/identity-security/google-cloud-mitigated-largest-ddos-attack-peaking-above-398-million-rps/
Google Cloud mitigated largest DDoS attack, peaking above 398 million rps | Google Cloud BlogTechnical Description;Vendor Advisory
-
http://www.openwall.com/lists/oss-security/2023/10/13/4
oss-security - Re: CVE-2023-44487: HTTP/2 Rapid Reset attack against many implementationsMailing List;Third Party Advisory
-
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HT7T2R4MQKLIF4ODV4BDLPARWFPCJ5CZ/
[SECURITY] Fedora 39 Update: nodejs18-18.18.2-1.fc39 - package-announce - Fedora Mailing-ListsMailing List
-
https://github.com/golang/go/issues/63417
net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-39325) · Issue #63417 · golang/go · GitHubIssue Tracking
-
https://github.com/eclipse/jetty.project/issues/10679
Allow HTTP/2 rate control to mitigate HTTP/2 floods (CVE-2023-44487) · Issue #10679 · eclipse/jetty.project · GitHubIssue Tracking
-
https://www.openwall.com/lists/oss-security/2023/10/10/6
oss-security - CVE-2023-44487: HTTP/2 Rapid Reset attack against many implementationsMailing List;Third Party Advisory
-
https://lists.debian.org/debian-lts-announce/2023/10/msg00024.html
[SECURITY] [DLA 3617-2] tomcat9 regression updateMailing List
-
https://blog.cloudflare.com/technical-breakdown-http2-rapid-reset-ddos-attack/
HTTP/2 Rapid Reset: deconstructing the record-breaking attackTechnical Description;Vendor Advisory
-
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CLB4TW7KALB3EEQWNWCN7OUIWWVWWCG2/
[SECURITY] Fedora 37 Update: golang-1.20.10-3.fc37 - package-announce - Fedora Mailing-Lists
-
https://github.com/alibaba/tengine/issues/1872
CVE-2023-44487: HTTP/2 Rapid Reset Attack · Issue #1872 · alibaba/tengine · GitHubIssue Tracking
-
https://security.netapp.com/advisory/ntap-20240621-0007/
May 2024 IBM Cognos Analytics Vulnerabilities in NetApp Products | NetApp Product SecurityThird Party Advisory
-
https://blog.cloudflare.com/zero-day-rapid-reset-http2-record-breaking-ddos-attack/
HTTP/2 Zero-Day Vulnerability Results in Record-Breaking DDoS AttacksVendor Advisory
-
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LKYHSZQFDNR7RSA7LHVLLIAQMVYCUGBG/
[SECURITY] Fedora 37 Update: nodejs20-20.8.1-1.fc37 - package-announce - Fedora Mailing-ListsMailing List
-
https://arstechnica.com/security/2023/10/how-ddosers-used-the-http-2-protocol-to-deliver-attacks-of-unprecedented-size/
Biggest DDoSes of all time generated by protocol 0-day in HTTP/2 | Ars TechnicaPress/Media Coverage;Third Party Advisory
-
https://edg.io/lp/blog/resets-leaks-ddos-and-the-tale-of-a-hidden-cve
Resets, Leaks, DDoS and the Tale of a Hidden CVE - EdgioTechnical Description;Third Party Advisory
-
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JMEXY22BFG5Q64HQCM5CK2Q7KDKVV4TY/
[SECURITY] Fedora 38 Update: nghttp2-1.52.0-2.fc38 - package-announce - Fedora Mailing-ListsMailing List
-
https://github.com/openresty/openresty/issues/930
CVE-2023-44487 issue/fix? · Issue #930 · openresty/openresty · GitHubIssue Tracking
-
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JIZSEFC3YKCGABA2BZW6ZJRMDZJMB7PJ/
[SECURITY] Fedora 38 Update: trafficserver-9.2.3-1.fc38 - package-announce - Fedora Mailing-ListsMailing List
-
https://aws.amazon.com/security/security-bulletins/AWS-2023-011/
CVE-2023-44487 - HTTP/2 Rapid Reset AttackThird Party Advisory
-
https://github.com/icing/mod_h2/blob/0a864782af0a942aa2ad4ed960a6b32cd35bcf0a/mod_http2/README.md?plain=1#L239-L244
mod_h2/mod_http2/README.md at 0a864782af0a942aa2ad4ed960a6b32cd35bcf0a · icing/mod_h2 · GitHubProduct
-
https://gist.github.com/adulau/7c2bfb8e9cdbe4b35a5e131c66a0c088
HTTP/2 Rapid Reset DDoS Attack · GitHubPatch
-
https://news.ycombinator.com/item?id=37830987
The novel HTTP/2 'Rapid Reset' DDoS attack | Hacker NewsIssue Tracking
-
https://github.com/micrictor/http2-rst-stream
GitHub - micrictor/http2-rst-streamExploit;Third Party Advisory
-
https://github.com/akka/akka-http/issues/4323
CVE-2023-44487 · Issue #4323 · akka/akka-http · GitHubIssue Tracking
-
http://www.openwall.com/lists/oss-security/2023/10/19/6
oss-security - CVE-2023-45802: Apache HTTP Server: HTTP/2 stream memory not reclaimed right away on RSTMailing List;Third Party Advisory
-
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VHUHTSXLXGXS7JYKBXTA3VINUPHTNGVU/
[SECURITY] Fedora 39 Update: trafficserver-9.2.3-1.fc39 - package-announce - Fedora Mailing-Lists
-
https://lists.debian.org/debian-lts-announce/2023/10/msg00023.html
[SECURITY] [DLA 3621-1] nghttp2 security updateMailing List
-
https://www.bleepingcomputer.com/news/security/new-http-2-rapid-reset-zero-day-attack-breaks-ddos-records/
New 'HTTP/2 Rapid Reset' zero-day attack breaks DDoS recordsThird Party Advisory
-
http://www.openwall.com/lists/oss-security/2023/10/13/9
oss-security - Re: CVE-2023-44487: HTTP/2 Rapid Reset attack against many implementationsMailing List;Third Party Advisory
-
https://community.traefik.io/t/is-traefik-vulnerable-to-cve-2023-44487/20125
Is Traefik vulnerable to CVE-2023-44487? - Traefik / Traefik v2 (latest) - Traefik Labs Community ForumVendor Advisory
-
https://forums.swift.org/t/swift-nio-http2-security-update-cve-2023-44487-http-2-dos/67764
Swift-nio-http2 security update: CVE-2023-44487 HTTP/2 DOS - Related Projects / SwiftNIO - Swift ForumsVendor Advisory
-
https://discuss.hashicorp.com/t/hcsec-2023-32-vault-consul-and-boundary-affected-by-http-2-rapid-reset-denial-of-service-vulnerability-cve-2023-44487/59715
HCSEC-2023-32 - Vault, Consul, and Boundary Affected By HTTP/2 “Rapid Reset” Denial of Service Vulnerability (CVE-2023-44487) - Security - HashiCorp DiscussThird Party Advisory
-
https://bugzilla.redhat.com/show_bug.cgi?id=2242803
2242803 – (CVE-2023-44487) CVE-2023-44487 HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attackIssue Tracking;Vendor Advisory
-
https://github.com/dotnet/core/blob/e4613450ea0da7fd2fc6b61dfb2c1c1dec1ce9ec/release-notes/6.0/6.0.23/6.0.23.md?plain=1#L73
core/release-notes/6.0/6.0.23/6.0.23.md at e4613450ea0da7fd2fc6b61dfb2c1c1dec1ce9ec · dotnet/core · GitHubRelease Notes
-
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XFOIBB4YFICHDM7IBOP7PWXW3FX4HLL2/
[SECURITY] Fedora 39 Update: golang-1.21.3-1.fc39 - package-announce - Fedora Mailing-Lists
-
https://mailman.nginx.org/pipermail/nginx-devel/2023-October/S36Q5HBXR7CAIMPLLPRSSSYR4PCMWILK.html
[PATCH] HTTP/2: per-iteration stream handling limitMailing List;Patch;Third Party Advisory
-
https://github.com/etcd-io/etcd/issues/16740
Resolve CVE-2023-44487 · Issue #16740 · etcd-io/etcd · GitHubIssue Tracking;Patch
-
https://lists.debian.org/debian-lts-announce/2023/10/msg00047.html
[SECURITY] [DLA 3638-1] h2o security updateMailing List
-
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/E72T67UPDRXHIDLO3OROR25YAMN4GGW5/
[SECURITY] Fedora 38 Update: nodejs18-18.18.2-1.fc38 - package-announce - Fedora Mailing-Lists
-
https://github.com/grpc/grpc-go/pull/6703
server: prohibit more than MaxConcurrentStreams handlers from running at once by dfawley · Pull Request #6703 · grpc/grpc-go · GitHubIssue Tracking;Patch
-
https://github.com/apache/tomcat/tree/main/java/org/apache/coyote/http2
tomcat/java/org/apache/coyote/http2 at main · apache/tomcat · GitHubProduct
-
https://github.com/kubernetes/kubernetes/pull/121120
Prevent rapid reset http2 DOS on API server by enj · Pull Request #121120 · kubernetes/kubernetes · GitHubIssue Tracking;Patch
-
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/E72T67UPDRXHIDLO3OROR25YAMN4GGW5/
[SECURITY] Fedora 38 Update: nodejs18-18.18.2-1.fc38 - package-announce - Fedora Mailing-ListsMailing List
-
https://lists.debian.org/debian-lts-announce/2023/11/msg00001.html
[SECURITY] [DLA 3645-1] trafficserver security updateMailing List
-
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HT7T2R4MQKLIF4ODV4BDLPARWFPCJ5CZ/
[SECURITY] Fedora 39 Update: nodejs18-18.18.2-1.fc39 - package-announce - Fedora Mailing-Lists
-
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LNMZJCDHGLJJLXO4OXWJMTVQRNWOC7UL/
[SECURITY] Fedora 37 Update: nghttp2-1.51.0-2.fc37 - package-announce - Fedora Mailing-Lists
-
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FNA62Q767CFAFHBCDKYNPBMZWB7TWYVU/
[SECURITY] Fedora 38 Update: nodejs20-20.8.1-1.fc38 - package-announce - Fedora Mailing-ListsMailing List
-
https://github.com/opensearch-project/data-prepper/issues/3474
CVE-2023-44487 (High) detected in multiple libraries · Issue #3474 · opensearch-project/data-prepper · GitHubIssue Tracking;Patch
-
https://www.netlify.com/blog/netlify-successfully-mitigates-cve-2023-44487/
Netlify Successfully Mitigates CVE-2023-44487Vendor Advisory
-
https://www.debian.org/security/2023/dsa-5540
Debian -- Security Information -- DSA-5540-1 jetty9Third Party Advisory
-
https://github.com/Kong/kong/discussions/11741
HTTP2 Rapid Reset - CVE-2023-44487 · Kong/kong · Discussion #11741 · GitHubIssue Tracking
-
https://github.com/haproxy/haproxy/issues/2312
h2 RST bug aka CVE-2023-44487 · Issue #2312 · haproxy/haproxy · GitHubIssue Tracking
-
https://lists.debian.org/debian-lts-announce/2023/10/msg00020.html
[SECURITY] [DLA 3617-1] tomcat9 security updateMailing List
-
https://cloud.google.com/blog/products/identity-security/how-it-works-the-novel-http2-rapid-reset-ddos-attack
How it works: The novel HTTP/2 ‘Rapid Reset’ DDoS attack | Google Cloud BlogTechnical Description;Vendor Advisory
-
https://github.com/h2o/h2o/pull/3291
[http2] rapid reset attack by kazuho · Pull Request #3291 · h2o/h2o · GitHubIssue Tracking;Patch
-
https://security.gentoo.org/glsa/202311-09
Go: Multiple Vulnerabilities (GLSA 202311-09) — Gentoo securityThird Party Advisory
-
https://github.com/nghttp2/nghttp2/pull/1961
Rework session management by tatsuhiro-t · Pull Request #1961 · nghttp2/nghttp2 · GitHubIssue Tracking;Patch
-
https://seanmonstar.com/post/730794151136935936/hyper-http2-rapid-reset-unaffected
hyper HTTP/2 Rapid Reset Attack: Unaffected - seanmonstarThird Party Advisory
-
https://security.netapp.com/advisory/ntap-20240621-0006/
February 2024 IBM Cognos Analytics Vulnerabilities in NetApp Products | NetApp Product SecurityThird Party Advisory
-
https://security.netapp.com/advisory/ntap-20231016-0001/
CVE-2023-44487 HTTP/2 Vulnerability in NetApp Products | NetApp Product SecurityThird Party Advisory
-
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WLPRQ5TWUQQXYWBJM7ECYDAIL2YVKIUH/
[SECURITY] Fedora 38 Update: mcrouter-0.41.0.20231016-1.fc38 - package-announce - Fedora Mailing-ListsMailing List
-
https://www.darkreading.com/cloud/internet-wide-zero-day-bug-fuels-largest-ever-ddos-event
Internet-Wide Zero-Day Bug Fuels Largest-Ever DDoS EventPress/Media Coverage;Third Party Advisory
-
https://groups.google.com/g/golang-announce/c/iNNxDTCjZvo
[security] Go 1.21.3 and Go 1.20.10 are releasedMailing List;Vendor Advisory
-
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JIZSEFC3YKCGABA2BZW6ZJRMDZJMB7PJ/
[SECURITY] Fedora 38 Update: trafficserver-9.2.3-1.fc38 - package-announce - Fedora Mailing-ListsMailing List
-
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LNMZJCDHGLJJLXO4OXWJMTVQRNWOC7UL/
[SECURITY] Fedora 37 Update: nghttp2-1.51.0-2.fc37 - package-announce - Fedora Mailing-ListsMailing List
-
https://github.com/apache/httpd-site/pull/10
Document non-impact of CVE-2023-44487 by raboof · Pull Request #10 · apache/httpd-site · GitHubIssue Tracking
-
http://www.openwall.com/lists/oss-security/2023/10/20/8
oss-security - Re: CVE-2023-44487: HTTP/2 Rapid Reset attack against many implementationsMailing List
-
https://github.com/apache/httpd/blob/afcdbeebbff4b0c50ea26cdd16e178c0d1f24152/modules/http2/h2_mplx.c#L1101-L1113
httpd/modules/http2/h2_mplx.c at afcdbeebbff4b0c50ea26cdd16e178c0d1f24152 · apache/httpd · GitHubProduct
-
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZLU6U2R2IC2K64NDPNMV55AUAO65MAF4/
[SECURITY] Fedora 37 Update: folly-2023.10.16.00-1.fc37 - package-announce - Fedora Mailing-ListsMailing List
-
https://github.com/dotnet/announcements/issues/277
Microsoft Security Advisory CVE-2023-44487: .NET Denial of Service Vulnerability · Issue #277 · dotnet/announcements · GitHubMitigation;Vendor Advisory
-
https://openssf.org/blog/2023/10/10/http-2-rapid-reset-vulnerability-highlights-need-for-rapid-response/
HTTP/2 Rapid Reset Vulnerability Highlights Need for Rapid Response - Open Source Security FoundationThird Party Advisory
-
https://news.ycombinator.com/item?id=37837043
HAProxy is not affected by the HTTP/2 Rapid Reset Attack | Hacker NewsIssue Tracking
-
https://netty.io/news/2023/10/10/4-1-100-Final.html
Netty.news: Netty 4.1.100.Final releasedRelease Notes;Vendor Advisory
-
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LKYHSZQFDNR7RSA7LHVLLIAQMVYCUGBG/
[SECURITY] Fedora 37 Update: nodejs20-20.8.1-1.fc37 - package-announce - Fedora Mailing-Lists
-
https://tomcat.apache.org/security-10.html#Fixed_in_Apache_Tomcat_10.1.14
Apache Tomcat® - Apache Tomcat 10 vulnerabilitiesRelease Notes
-
https://github.com/kazu-yamamoto/http2/issues/93
Does this recent http2 CVE affect this package? · Issue #93 · kazu-yamamoto/http2 · GitHubIssue Tracking
-
https://github.com/advisories/GHSA-qppj-fm5r-hxr3
swift-nio-http2 vulnerable to HTTP/2 Stream Cancellation Attack · CVE-2023-44487 · GitHub Advisory Database · GitHubVendor Advisory
-
https://msrc.microsoft.com/blog/2023/10/microsoft-response-to-distributed-denial-of-service-ddos-attacks-against-http/2/
Microsoft Response to Distributed Denial of Service (DDoS) Attacks against HTTP/2 | MSRC Blog | Microsoft Security Response CenterPatch;Vendor Advisory
-
https://github.com/advisories/GHSA-xpw8-rcwv-8f8p
io.netty:netty-codec-http2 vulnerable to HTTP/2 Rapid Reset Attack · GHSA-xpw8-rcwv-8f8p · GitHub Advisory Database · GitHubPatch;Vendor Advisory
-
https://github.com/bcdannyboy/CVE-2023-44487
GitHub - bcdannyboy/CVE-2023-44487: Basic vulnerability scanning to see if web servers may be vulnerable to CVE-2023-44487Third Party Advisory
-
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FNA62Q767CFAFHBCDKYNPBMZWB7TWYVU/
[SECURITY] Fedora 38 Update: nodejs20-20.8.1-1.fc38 - package-announce - Fedora Mailing-Lists
-
https://bugzilla.proxmox.com/show_bug.cgi?id=4988
4988 – HTTP/2 Rapid Reset : CVE-2023-44487Issue Tracking;Third Party Advisory
-
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BFQD3KUEMFBHPAPBGLWQC34L4OWL5HAZ/
[SECURITY] Fedora 38 Update: mod_http2-2.0.25-1.fc38 - package-announce - Fedora Mailing-ListsMailing List
-
https://github.com/Azure/AKS/issues/3947
CVE-2023-44487: Distributed Denial of Service (DDoS) Attacks against HTTP/2 · Issue #3947 · Azure/AKS · GitHubIssue Tracking
-
https://www.debian.org/security/2023/dsa-5570
Debian -- Security Information -- DSA-5570-1 nghttp2Third Party Advisory
-
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZKQSIKIAT5TJ3WSLU3RDBQ35YX4GY4V3/
[SECURITY] Fedora 37 Update: trafficserver-9.2.3-1.fc37 - package-announce - Fedora Mailing-ListsMailing List
-
https://www.debian.org/security/2023/dsa-5558
Debian -- Security Information -- DSA-5558-1 nettyThird Party Advisory
-
https://github.com/junkurihara/rust-rpxy/issues/97
[Announcement] CVE-2023-44487 (HTTP/2 Rapid Reset Attack) does not affect `rpxy` · Issue #97 · junkurihara/rust-rpxy · GitHubIssue Tracking
-
https://github.com/oqtane/oqtane.framework/discussions/3367
.NET 7 security vulernability Kestrel Server HTTP/2 · oqtane/oqtane.framework · Discussion #3367 · GitHubIssue Tracking
-
https://news.ycombinator.com/item?id=37830998
HTTP/2 Zero-Day Vulnerability Results in Record-Breaking DDoS Attacks | Hacker NewsIssue Tracking;Press/Media Coverage
-
https://github.com/varnishcache/varnish-cache/issues/3996
Handling of CVE-2023-44487 / HTTP2 Rapid Reset · Issue #3996 · varnishcache/varnish-cache · GitHubIssue Tracking
-
https://ubuntu.com/security/CVE-2023-44487
CVE-2023-44487 | UbuntuVendor Advisory
-
https://github.com/h2o/h2o/security/advisories/GHSA-2m7v-gc89-fjqf
HTTP/2 Rapid Reset · Advisory · h2o/h2o · GitHubVendor Advisory
-
https://security.netapp.com/advisory/ntap-20240426-0007/
CVE-2023-44487 MySQL Cluster Vulnerability in NetApp Products | NetApp Product SecurityThird Party Advisory
-
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X6QXN4ORIVF6XBW4WWFE7VNPVC74S45Y/
[SECURITY] Fedora 37 Update: nodejs18-18.18.2-1.fc37 - package-announce - Fedora Mailing-ListsMailing List
-
https://github.com/nodejs/node/pull/50121
deps: update nghttp2 to 1.57.0 by jasnell · Pull Request #50121 · nodejs/node · GitHubIssue Tracking
-
https://www.debian.org/security/2023/dsa-5549
Debian -- Security Information -- DSA-5549-1 trafficserverThird Party Advisory
-
https://blog.qualys.com/vulnerabilities-threat-research/2023/10/10/cve-2023-44487-http-2-rapid-reset-attack
CVE-2023-44487 HTTP/2 Rapid Reset Attack | Qualys Security BlogPress/Media Coverage;Third Party Advisory
-
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZB43REMKRQR62NJEI7I5NQ4FSXNLBKRT/
[SECURITY] Fedora 39 Update: mvfst-2023.10.16.00-1.fc39 - package-announce - Fedora Mailing-ListsMailing List
-
https://github.com/caddyserver/caddy/releases/tag/v2.7.5
Release v2.7.5 · caddyserver/caddy · GitHubRelease Notes;Third Party Advisory
-
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZB43REMKRQR62NJEI7I5NQ4FSXNLBKRT/
[SECURITY] Fedora 39 Update: mvfst-2023.10.16.00-1.fc39 - package-announce - Fedora Mailing-Lists
-
http://www.openwall.com/lists/oss-security/2023/10/18/4
oss-security - Vulnerability in JenkinsMailing List;Third Party Advisory
Jump to