Exploited
7.5
CWE
400
Advisory Published
CVE Published
Advisory Published
Advisory Published
Advisory Published
Updated

CVE-2023-44487: - Rapid Reset HTTP/2 vulnerability

First published: Mon Oct 09 2023(Updated: )

## HTTP/2 Rapid reset attack The HTTP/2 protocol allows clients to indicate to the server that a previous stream should be canceled by sending a RST_STREAM frame. The protocol does not require the client and server to coordinate the cancellation in any way, the client may do it unilaterally. The client may also assume that the cancellation will take effect immediately when the server receives the RST_STREAM frame, before any other data from that TCP connection is processed. Abuse of this feature is called a Rapid Reset attack because it relies on the ability for an endpoint to send a RST_STREAM frame immediately after sending a request frame, which makes the other endpoint start working and then rapidly resets the request. The request is canceled, but leaves the HTTP/2 connection open. The HTTP/2 Rapid Reset attack built on this capability is simple: The client opens a large number of streams at once as in the standard HTTP/2 attack, but rather than waiting for a response to each request stream from the server or proxy, the client cancels each request immediately. The ability to reset streams immediately allows each connection to have an indefinite number of requests in flight. By explicitly canceling the requests, the attacker never exceeds the limit on the number of concurrent open streams. The number of in-flight requests is no longer dependent on the round-trip time (RTT), but only on the available network bandwidth. In a typical HTTP/2 server implementation, the server will still have to do significant amounts of work for canceled requests, such as allocating new stream data structures, parsing the query and doing header decompression, and mapping the URL to a resource. For reverse proxy implementations, the request may be proxied to the backend server before the RST_STREAM frame is processed. The client on the other hand paid almost no costs for sending the requests. This creates an exploitable cost asymmetry between the server and the client. Multiple software artifacts implementing HTTP/2 are affected. This advisory was originally ingested from the `swift-nio-http2` repo advisory and their original conent follows. ## swift-nio-http2 specific advisory swift-nio-http2 is vulnerable to a denial-of-service vulnerability in which a malicious client can create and then reset a large number of HTTP/2 streams in a short period of time. This causes swift-nio-http2 to commit to a large amount of expensive work which it then throws away, including creating entirely new `Channel`s to serve the traffic. This can easily overwhelm an `EventLoop` and prevent it from making forward progress. swift-nio-http2 1.28 contains a remediation for this issue that applies reset counter using a sliding window. This constrains the number of stream resets that may occur in a given window of time. Clients violating this limit will have their connections torn down. This allows clients to continue to cancel streams for legitimate reasons, while constraining malicious actors.

Credit: cve@mitre.org cve@mitre.org cve@mitre.org

Affected SoftwareAffected VersionHow to fix
Microsoft Windows 11=21H2
Microsoft Windows 11=21H2
Microsoft Windows Server 2022
Microsoft Windows Server 2022
Microsoft Windows 11=22H2
Microsoft Windows 11=22H2
Microsoft Windows Server 2019
Microsoft Windows Server 2019
Microsoft Windows 10=21H2
Microsoft Windows 10=21H2
Microsoft Windows 10=21H2
Microsoft Windows 10=22H2
Microsoft Windows 10=1809
Microsoft Windows 10=1607
Microsoft Windows 10=1607
Microsoft Windows 10=1809
Microsoft Windows 10=22H2
Microsoft Windows 10=22H2
Microsoft Windows 10=1809
debian/netty<=1:4.1.48-7<=1:4.1.48-4
1:4.1.48-8
1:4.1.48-4+deb11u2
1:4.1.48-7+deb12u1
Microsoft ASP.NET Core=7.0
Microsoft ASP.NET Core=6.0
Microsoft Visual Studio 2022=17.6
Microsoft Visual Studio 2022=17.2
Microsoft Visual Studio 2022=17.7
Microsoft Windows Server 2016
Microsoft Windows Server 2016
F5 BIG-IP Next=20.0.1
20.1.0
F5 BIG-IP Next SPK>=1.5.0<=1.8.2
F5 BIG-IP>=17.1.0<=17.1.1
17.1.1.3
F5 BIG-IP>=16.1.0<=16.1.4
16.1.4.3
F5 BIG-IP>=15.1.0<=15.1.10
15.1.10.4
F5 BIG-IP>=14.1.0<=14.1.5
F5 BIG-IP>=13.1.0<=13.1.5
F5 NGINX Plus=25
30
F5 NGINX Open Source>=1.9.5<=1.25.2
F5 NGINX Ingress Controller>=3.0.0<=3.3.0
3.3.1
F5 NGINX Ingress Controller>=2.0.0<=2.4.2
F5 NGINX Ingress Controller=1.12.2
Ietf Http=2.0
Nghttp2 Nghttp2<1.57.0
Netty Netty<4.1.100
Envoyproxy Envoy=1.24.10
Envoyproxy Envoy=1.25.9
Envoyproxy Envoy=1.26.4
Envoyproxy Envoy=1.27.0
Eclipse Jetty<9.4.53
Eclipse Jetty>=10.0.0<10.0.17
Eclipse Jetty>=11.0.0<11.0.17
Eclipse Jetty>=12.0.0<12.0.2
Caddyserver Caddy<2.7.5
Golang Go<1.20.10
Golang Go>=1.21.0<1.21.3
Golang Http2 Go<0.17.0
Golang Networking Go<0.17.0
F5 BIG-IP Access Policy Manager>=13.1.0<=13.1.5
F5 BIG-IP Access Policy Manager>=14.1.0<=14.1.5
F5 BIG-IP Access Policy Manager>=15.1.0<=15.1.10
F5 BIG-IP Access Policy Manager>=16.1.0<=16.1.4
F5 BIG-IP Access Policy Manager=17.1.0
F5 BIG-IP Advanced Firewall Manager>=13.1.0<=13.1.5
F5 BIG-IP Advanced Firewall Manager>=14.1.0<=14.1.5
F5 BIG-IP Advanced Firewall Manager>=15.1.0<=15.1.10
F5 BIG-IP Advanced Firewall Manager>=16.1.0<=16.1.4
F5 BIG-IP Advanced Firewall Manager=17.1.0
F5 Big-ip Advanced Web Application Firewall>=13.1.0<=13.1.5
F5 Big-ip Advanced Web Application Firewall>=14.1.0<=14.1.5
F5 Big-ip Advanced Web Application Firewall>=15.1.0<=15.1.10
F5 Big-ip Advanced Web Application Firewall>=16.1.0<=16.1.4
F5 Big-ip Advanced Web Application Firewall=17.1.0
F5 BIG-IP Analytics>=13.1.0<=13.1.5
F5 BIG-IP Analytics>=14.1.0<=14.1.5
F5 BIG-IP Analytics>=15.1.0<=15.1.10
F5 BIG-IP Analytics>=16.1.0<=16.1.4
F5 BIG-IP Analytics=17.1.0
F5 Big-ip Application Acceleration Manager>=13.1.0<=13.1.5
F5 Big-ip Application Acceleration Manager>=14.1.0<=14.1.5
F5 Big-ip Application Acceleration Manager>=15.1.0<=15.1.10
F5 Big-ip Application Acceleration Manager>=16.1.0<=16.1.4
F5 Big-ip Application Acceleration Manager=17.1.0
F5 BIG-IP Application Security Manager>=13.1.0<=13.1.5
F5 BIG-IP Application Security Manager>=14.1.0<=14.1.5
F5 BIG-IP Application Security Manager>=15.1.0<=15.1.10
F5 BIG-IP Application Security Manager>=16.1.0<=16.1.4
F5 BIG-IP Application Security Manager=17.1.0
F5 Big-ip Application Visibility And Reporting>=13.1.0<=13.1.5
F5 Big-ip Application Visibility And Reporting>=14.1.0<=14.1.5
F5 Big-ip Application Visibility And Reporting>=15.1.0<=15.1.10
F5 Big-ip Application Visibility And Reporting>=16.1.0<=16.1.4
F5 Big-ip Application Visibility And Reporting=17.1.0
F5 Big-ip Carrier-grade Nat>=13.1.0<=13.1.5
F5 Big-ip Carrier-grade Nat>=14.1.0<=14.1.5
F5 Big-ip Carrier-grade Nat>=15.1.0<=15.1.10
F5 Big-ip Carrier-grade Nat>=16.1.0<=16.1.4
F5 Big-ip Carrier-grade Nat=17.1.0
F5 Big-ip Ddos Hybrid Defender>=13.1.0<=13.1.5
F5 Big-ip Ddos Hybrid Defender>=14.1.0<=14.1.5
F5 Big-ip Ddos Hybrid Defender>=15.1.0<=15.1.10
F5 Big-ip Ddos Hybrid Defender>=16.1.0<=16.1.4
F5 Big-ip Ddos Hybrid Defender=17.1.0
F5 Big-ip Domain Name System>=13.1.0<=13.1.5
F5 Big-ip Domain Name System>=14.1.0<=14.1.5
F5 Big-ip Domain Name System>=15.1.0<=15.1.10
F5 Big-ip Domain Name System>=16.1.0<=16.1.4
F5 Big-ip Domain Name System=17.1.0
F5 Big-ip Fraud Protection Service>=13.1.0<=13.1.5
F5 Big-ip Fraud Protection Service>=14.1.0<=14.1.5
F5 Big-ip Fraud Protection Service>=15.1.0<=15.1.10
F5 Big-ip Fraud Protection Service>=16.1.0<=16.1.4
F5 Big-ip Fraud Protection Service=17.1.0
F5 Big-ip Global Traffic Manager>=13.1.0<=13.1.5
F5 Big-ip Global Traffic Manager>=14.1.0<=14.1.5
F5 Big-ip Global Traffic Manager>=15.1.0<=15.1.10
F5 Big-ip Global Traffic Manager>=16.1.0<=16.1.4
F5 Big-ip Global Traffic Manager=17.1.0
F5 Big-ip Link Controller>=13.1.0<=13.1.5
F5 Big-ip Link Controller>=14.1.0<=14.1.5
F5 Big-ip Link Controller>=15.1.0<=15.1.10
F5 Big-ip Link Controller>=16.1.0<=16.1.4
F5 Big-ip Link Controller=17.1.0
F5 Big-ip Local Traffic Manager>=13.1.0<=13.1.5
F5 Big-ip Local Traffic Manager>=14.1.0<=14.1.5
F5 Big-ip Local Traffic Manager>=15.1.0<=15.1.10
F5 Big-ip Local Traffic Manager>=16.1.0<=16.1.4
F5 Big-ip Local Traffic Manager=17.1.0
F5 BIG-IP Next=20.0.1
F5 Big-ip Next Service Proxy For Kubernetes>=1.5.0<=1.8.2
F5 Big-ip Policy Enforcement Manager>=13.1.0<=13.1.5
F5 Big-ip Policy Enforcement Manager>=14.1.0<=14.1.5
F5 Big-ip Policy Enforcement Manager>=15.1.0<=15.1.10
F5 Big-ip Policy Enforcement Manager>=16.1.0<=16.1.4
F5 Big-ip Policy Enforcement Manager=17.1.0
F5 Big-ip Ssl Orchestrator>=13.1.0<=13.1.5
F5 Big-ip Ssl Orchestrator>=14.1.0<=14.1.5
F5 Big-ip Ssl Orchestrator>=15.1.0<=15.1.10
F5 Big-ip Ssl Orchestrator>=16.1.0<=16.1.4
F5 Big-ip Ssl Orchestrator=17.1.0
F5 Big-ip Webaccelerator>=13.1.0<=13.1.5
F5 Big-ip Webaccelerator>=14.1.0<=14.1.5
F5 Big-ip Webaccelerator>=15.1.0<=15.1.10
F5 Big-ip Webaccelerator>=16.1.0<=16.1.4
F5 Big-ip Webaccelerator=17.1.0
F5 Big-ip Websafe>=13.1.0<=13.1.5
F5 Big-ip Websafe>=14.1.0<=14.1.5
F5 Big-ip Websafe>=15.1.0<=15.1.10
F5 Big-ip Websafe>=16.1.0<=16.1.4
F5 Big-ip Websafe=17.1.0
F5 Nginx>=1.9.5<=1.25.2
F5 NGINX Ingress Controller>=2.0.0<=2.4.2
F5 NGINX Ingress Controller>=3.0.0<=3.3.0
F5 NGINX Plus>=r25<r29
F5 NGINX Plus=r29
F5 NGINX Plus=r30
Apache Tomcat>=8.5.0<=8.5.93
Apache Tomcat>=9.0.0<=9.0.80
Apache Tomcat>=10.1.0<=10.1.13
Apache Tomcat=11.0.0-milestone1
Apache Tomcat=11.0.0-milestone10
Apache Tomcat=11.0.0-milestone11
Apache Tomcat=11.0.0-milestone2
Apache Tomcat=11.0.0-milestone3
Apache Tomcat=11.0.0-milestone4
Apache Tomcat=11.0.0-milestone5
Apache Tomcat=11.0.0-milestone6
Apache Tomcat=11.0.0-milestone7
Apache Tomcat=11.0.0-milestone8
Apache Tomcat=11.0.0-milestone9
Apple Swiftnio Http\/2 Swift<1.28.0
Grpc Grpc Go<1.56.3
Grpc Grpc Go>=1.58.0<1.58.3
Grpc Grpc Go=1.57.0
Microsoft .NET>=6.0.0<6.0.23
Microsoft .NET>=7.0.0<7.0.12
Microsoft ASP.NET Core>=6.0.0<6.0.23
Microsoft ASP.NET Core>=7.0.0<7.0.12
Microsoft Azure Kubernetes Service<2023-10-08
Microsoft Visual Studio 2022>=17.0<17.2.20
Microsoft Visual Studio 2022>=17.4<17.4.12
Microsoft Visual Studio 2022>=17.6<17.6.8
Microsoft Visual Studio 2022>=17.7<17.7.5
Microsoft Windows 10 1607<10.0.14393.6351
Microsoft Windows 10 1607<10.0.14393.6351
Microsoft Windows 10 1809<10.0.17763.4974
Microsoft Windows 10 21h2<10.0.19044.3570
Microsoft Windows 10 22h2<10.0.19045.3570
Microsoft Windows 11 21h2<10.0.22000.2538
Microsoft Windows 11 22h2<10.0.22621.2428
Microsoft Windows Server 2016
Microsoft Windows Server 2019
Microsoft Windows Server 2022
Nodejs Node.js<21.0.0
Microsoft Cbl-mariner<2023-10-11
Dena H2o<2023-10-10
Facebook Proxygen<2023.10.16.00
Apache APISIX<3.6.1
Apache Traffic Server>=8.0.0<8.1.9
Apache Traffic Server>=9.0.0<9.2.3
Amazon Opensearch Data Prepper<2.5.0
Debian Debian Linux=10.0
Debian Debian Linux=11.0
Debian Debian Linux=12.0
Kazu-yamamoto Http2<4.2.2
Istio Istio<1.17.6
Istio Istio>=1.18.0<1.18.3
Istio Istio>=1.19.0<1.19.1
Varnish Cache Project Varnish Cache<2023-10-10
Traefik Traefik<2.10.5
Traefik Traefik=3.0.0-beta1
Traefik Traefik=3.0.0-beta2
Traefik Traefik=3.0.0-beta3
Projectcontour Contour Kubernetes<2023-10-11
Linkerd Linkerd>=2.12.0<=2.12.5
Linkerd Linkerd=2.13.0
Linkerd Linkerd=2.13.1
Linkerd Linkerd=2.14.0
Linkerd Linkerd=2.14.1
Linecorp Armeria<1.26.0
Redhat 3scale Api Management Platform=2.0
Redhat Advanced Cluster Management For Kubernetes=2.0
Redhat Advanced Cluster Security=3.0
Redhat Advanced Cluster Security=4.0
Redhat Ansible Automation Platform=2.0
Redhat Build Of Optaplanner=8.0
Redhat Build Of Quarkus
Redhat Ceph Storage=5.0
Redhat Cert-manager Operator For Red Hat Openshift
Redhat Certification For Red Hat Enterprise Linux=8.0
Redhat Certification For Red Hat Enterprise Linux=9.0
Redhat Cost Management
Redhat Cryostat=2.0
Redhat Decision Manager=7.0
Redhat Fence Agents Remediation Operator
Redhat Integration Camel For Spring Boot
Redhat Integration Camel K
Redhat Integration Service Registry
Redhat Jboss A-mq=7
Redhat Jboss A-mq Streams
Redhat Jboss Core Services
Redhat Jboss Data Grid=7.0.0
Redhat Jboss Enterprise Application Platform=6.0.0
Redhat Jboss Enterprise Application Platform=7.0.0
Redhat Jboss Fuse=6.0.0
Redhat Jboss Fuse=7.0.0
Redhat Logging Subsystem For Red Hat Openshift
Redhat Machine Deletion Remediation Operator
Redhat Migration Toolkit For Applications=6.0
Redhat Migration Toolkit For Containers
Redhat Migration Toolkit For Virtualization
Redhat Network Observability Operator
Redhat Node Healthcheck Operator
Redhat Node Maintenance Operator
Redhat Openshift Aws
Redhat Openshift Api For Data Protection
Redhat Openshift Container Platform=4.0
Redhat Openshift Container Platform Assisted Installer
Redhat Openshift Data Science
Redhat Openshift Dev Spaces
Redhat Openshift Developer Tools And Services
Redhat Openshift Distributed Tracing
Redhat Openshift Gitops
Redhat Openshift Pipelines
Redhat Openshift Sandboxed Containers
Redhat Openshift Secondary Scheduler Operator
Redhat Openshift Serverless
Redhat Openshift Service Mesh=2.0
Redhat Openshift Virtualization=4
Redhat Openstack Platform=16.1
Redhat Openstack Platform=16.2
Redhat Openstack Platform=17.1
Redhat Process Automation=7.0
Redhat Quay=3.0.0
Redhat Run Once Duration Override Operator
Redhat Satellite=6.0
Redhat Self Node Remediation Operator
Redhat Service Interconnect=1.0
Redhat Single Sign-on=7.0
Redhat Support For Spring Boot
Redhat Web Terminal
Redhat Enterprise Linux=6.0
Redhat Enterprise Linux=8.0
Redhat Enterprise Linux=9.0
Redhat Service Telemetry Framework=1.5
Redhat Enterprise Linux=8.0
Fedoraproject Fedora=38
Netapp Astra Control Center
Akka Http Server<10.5.3
Konghq Kong Gateway<3.4.2
maven/org.apache.tomcat:tomcat-coyote>=8.5.0<8.5.94
8.5.94
maven/org.apache.tomcat:tomcat-coyote>=9.0.0<9.0.81
9.0.81
maven/org.apache.tomcat:tomcat-coyote>=10.0.0<10.1.14
10.1.14
maven/org.apache.tomcat:tomcat-coyote>=11.0.0-M1<11.0.0-M12
11.0.0-M12
maven/com.typesafe.akka:akka-http-core_2.11<=10.1.15
maven/com.typesafe.akka:akka-http-core_2.12<10.5.3
10.5.3
maven/com.typesafe.akka:akka-http-core_2.13<10.5.3
10.5.3
maven/com.typesafe.akka:akka-http-core<10.5.3
10.5.3
maven/org.eclipse.jetty.http2:jetty-http2-server>=12.0.0<12.0.2
12.0.2
maven/org.eclipse.jetty.http2:jetty-http2-common>=12.0.0<12.0.2
12.0.2
maven/org.eclipse.jetty.http2:http2-server>=11.0.0<11.0.17
11.0.17
maven/org.eclipse.jetty.http2:http2-server>=10.0.0<10.0.17
10.0.17
maven/org.eclipse.jetty.http2:http2-server>=9.3.0<9.4.53
9.4.53
maven/org.eclipse.jetty.http2:http2-common>=11.0.0<11.0.17
11.0.17
maven/org.eclipse.jetty.http2:http2-common>=10.0.0<10.0.17
10.0.17
maven/org.eclipse.jetty.http2:http2-common>=9.3.0<9.4.53
9.4.53
swift/github.com/apple/swift-nio-http2<1.28.0
1.28.0
maven/org.apache.tomcat.embed:tomcat-embed-core>=8.5.0<8.5.94
8.5.94
maven/org.apache.tomcat.embed:tomcat-embed-core>=9.0.0<9.0.81
9.0.81
maven/org.apache.tomcat.embed:tomcat-embed-core>=10.0.0<10.1.14
10.1.14
maven/org.apache.tomcat.embed:tomcat-embed-core>=11.0.0-M1<11.0.0-M12
11.0.0-M12
go/google.golang.org/grpc<1.56.3
1.56.3
go/google.golang.org/grpc>=1.57.0<1.57.1
1.57.1
go/google.golang.org/grpc>=1.58.0<1.58.3
1.58.3
go/golang.org/x/net<0.17.0
0.17.0
IETF HTTP/2
Fortinet FortiOS>=7.4.0<=7.4.1
Fortinet FortiOS>=7.2.0<=7.2.7
Fortinet FortiOS>=7.0.0<=7.0.13
Fortinet FortiProxy>=7.4.0<=7.4.1
Fortinet FortiProxy>=7.2.0<=7.2.7
Fortinet FortiProxy>=7.0
redhat/golang<1.21.3
1.21.3
redhat/golang<1.20.10
1.20.10
redhat/tomcat<11.0.0
11.0.0
redhat/tomcat<10.1.14
10.1.14
redhat/tomcat<9.0.81
9.0.81
redhat/tomcat<8.5.94
8.5.94
redhat/nghttp2<1.57.0
1.57.0
redhat/netty<4.1.100.
4.1.100.
Microsoft .NET 6.0
Microsoft .NET 7.0
IBM Cognos Analytics<=12.0.0-12.0.3
IBM Cognos Analytics<=11.2.0-11.2.4 FP3
Grpc Grpc<=1.59.2
Nodejs Node.js>=18.0.0<18.18.2
Nodejs Node.js>=20.0.0<20.8.1
Linkerd Linkerd Kubernetes>=2.12.0<=2.12.5
Linkerd Linkerd Kubernetes=2.13.0
Linkerd Linkerd Kubernetes=2.13.1
Linkerd Linkerd Kubernetes=2.14.0
Linkerd Linkerd Kubernetes=2.14.1
All of
Redhat Service Telemetry Framework=1.5
Redhat Enterprise Linux=8.0
Fedoraproject Fedora=37
NetApp OnCommand Insight
Jenkins Jenkins<=2.414.2
Jenkins Jenkins<=2.427
Apache Solr<9.4.0
Openresty Openresty<1.21.4.3
Cisco Connected Mobile Experiences<11.1
Cisco Crosswork Data Gateway<4.1.3
Cisco Crosswork Data Gateway=5.0
Cisco Crosswork Zero Touch Provisioning<6.0.0
Cisco Data Center Network Manager
Cisco Enterprise Chat and Email
Cisco Expressway<x14.3.3
Cisco Firepower Threat Defense<7.4.2
Cisco IoT Field Network Director<4.11.0
Cisco Prime Access Registrar<9.3.3
Cisco Prime Cable Provisioning<7.2.1
Cisco Prime Infrastructure<3.10.4
Cisco Prime Network Registrar<11.2
Cisco Secure Dynamic Attributes Connector<2.2.0
Cisco Secure Malware Analytics<2.19.2
Cisco TelePresence Video Communication Server<x14.3.3
Cisco Ultra Cloud Core - Policy Control Function<2024.01.0
Cisco Ultra Cloud Core - Policy Control Function=2024.01.0
Cisco Ultra Cloud Core - Serving Gateway Function<2024.02.0
Cisco Ultra Cloud Core - Session Management Function<2024.02.0
Cisco Unified Attendant Console Advanced
Cisco Unified Contact Center Domain Manager
Cisco Unified Contact Center Enterprise
Cisco Unified Contact Center Enterprise - Live Data Server<12.6.2
Cisco Unified Contact Center Management Portal
Cisco Fog Director<1.22
Cisco IOS XE<17.15.1
Cisco IOS XR<7.11.2
All of
Cisco Secure Web Appliance Firmware<15.1.0
Cisco Secure Web Appliance
All of
Any of
Cisco Nx-os<10.2\(7\)
Cisco Nx-os>=10.3\(1\)<10.3\(5\)
Any of
Cisco Nexus 3016
Cisco Nexus 3016q
Cisco Nexus 3048
Cisco Nexus 3064
Cisco Nexus 3064-32t
Cisco Nexus 3064-t
Cisco Nexus 3064-x
Cisco Nexus 3064t
Cisco Nexus 3064x
Cisco Nexus 3100
Cisco Nexus 3100-v
Cisco Nexus 3100-z
Cisco Nexus 3100v
Cisco Nexus 31108pc-v
Cisco Nexus 31108pv-v
Cisco Nexus 31108tc-v
Cisco Nexus 31128pq
Cisco Nexus 3132c-z
Cisco Nexus 3132q
Cisco Nexus 3132q-v
Cisco Nexus 3132q-x
Cisco Nexus 3132q-x\/3132q-xl
Cisco Nexus 3132q-xl
Cisco Nexus 3164q
Cisco Nexus 3172
Cisco Nexus 3172pq
Cisco Nexus 3172pq-xl
Cisco Nexus 3172pq\/pq-xl
Cisco Nexus 3172tq
Cisco Nexus 3172tq-32t
Cisco Nexus 3172tq-xl
Cisco Nexus 3200
Cisco Nexus 3232
Cisco Nexus 3232c
Cisco Nexus 3232c
Cisco Nexus 3264c-e
Cisco Nexus 3264q
Cisco Nexus 3400
Cisco Nexus 3408-s
Cisco Nexus 34180yc
Cisco Nexus 34200yc-sm
Cisco Nexus 3432d-s
Cisco Nexus 3464c
Cisco Nexus 3500
Cisco Nexus 3524
Cisco Nexus 3524-x
Cisco Nexus 3524-x\/xl
Cisco Nexus 3524-xl
Cisco Nexus 3548
Cisco Nexus 3548-x
Cisco Nexus 3548-x\/xl
Cisco Nexus 3548-xl
Cisco Nexus 3600
Cisco Nexus 36180yc-r
Cisco Nexus 3636c-r
All of
Any of
Cisco Nx-os<10.2\(7\)
Cisco Nx-os>=10.3\(1\)<10.3\(5\)
Any of
Cisco Nexus 9000v
Cisco Nexus 9200
Cisco Nexus 9200yc
Cisco Nexus 92160yc-x
Cisco Nexus 92160yc Switch
Cisco Nexus 9221c
Cisco Nexus 92300yc
Cisco Nexus 92300yc Switch
Cisco Nexus 92304qc
Cisco Nexus 92304qc Switch
Cisco Nexus 9232e
Cisco Nexus 92348gc-x
Cisco Nexus 9236c
Cisco Nexus 9236c Switch
Cisco Nexus 9272q
Cisco Nexus 9272q Switch
Cisco Nexus 9300
Cisco Nexus 93108tc-ex
Cisco Nexus 93108tc-ex-24
Cisco Nexus 93108tc-ex Switch
Cisco Nexus 93108tc-fx
Cisco Nexus 93108tc-fx-24
Cisco Nexus 93108tc-fx3h
Cisco Nexus 93108tc-fx3p
Cisco Nexus 93120tx
Cisco Nexus 93120tx Switch
Cisco Nexus 93128
Cisco Nexus 93128tx
Cisco Nexus 93128tx Switch
Cisco Nexus 9316d-gx
Cisco Nexus 93180lc-ex
Cisco Nexus 93180lc-ex Switch
Cisco Nexus 93180tc-ex
Cisco Nexus 93180yc-ex
Cisco Nexus 93180yc-ex-24
Cisco Nexus 93180yc-ex Switch
Cisco Nexus 93180yc-fx
Cisco Nexus 93180yc-fx-24
Cisco Nexus 93180yc-fx3
Cisco Nexus 93180yc-fx3h
Cisco Nexus 93180yc-fx3s
Cisco Nexus 93216tc-fx2
Cisco Nexus 93240tc-fx2
Cisco Nexus 93240yc-fx2
Cisco Nexus 9332c
Cisco Nexus 9332d-gx2b
Cisco Nexus 9332d-h2r
Cisco Nexus 9332pq
Cisco Nexus 9332pq Switch
Cisco Nexus 93360yc-fx2
Cisco Nexus 9336c-fx2
Cisco Nexus 9336c-fx2-e
Cisco Nexus 9336pq
Cisco Nexus 9336pq Aci
Cisco Nexus 9336pq Aci Spine
Cisco Nexus 9336pq Aci Spine Switch
Cisco Nexus 9348d-gx2a
Cisco Nexus 9348gc-fx3
Cisco Nexus 9348gc-fxp
Cisco Nexus 93600cd-gx
Cisco Nexus 9364c
Cisco Nexus 9364c-gx
Cisco Nexus 9364d-gx2a
Cisco Nexus 9372px
Cisco Nexus 9372px-e
Cisco Nexus 9372px-e Switch
Cisco Nexus 9372px Switch
Cisco Nexus 9372tx
Cisco Nexus 9372tx-e
Cisco Nexus 9372tx-e Switch
Cisco Nexus 9372tx Switch
Cisco Nexus 9396px
Cisco Nexus 9396px Switch
Cisco Nexus 9396tx
Cisco Nexus 9396tx Switch
Cisco Nexus 9408
Cisco Nexus 9432pq
Cisco Nexus 9500
Cisco Nexus 9500 16-slot
Cisco Nexus 9500 4-slot
Cisco Nexus 9500 8-slot
Cisco Nexus 9500 Supervisor A
Cisco Nexus 9500 Supervisor A\+
Cisco Nexus 9500 Supervisor B
Cisco Nexus 9500 Supervisor B\+
Cisco Nexus 9500r
Cisco Nexus 9504
Cisco Nexus 9504 Switch
Cisco Nexus 9508
Cisco Nexus 9508 Switch
Cisco Nexus 9516
Cisco Nexus 9516 Switch
Cisco Nexus 9536pq
Cisco Nexus 9636pq
Cisco Nexus 9716d-gx
Cisco Nexus 9736pq
Cisco Nexus 9800
Cisco Nexus 9804
Cisco Nexus 9808
debian/dnsdist<=1.5.1-3<=1.7.3-2
1.9.6-1
1.9.8-1
debian/grpc<=1.30.2-3<=1.51.1-3<=1.51.1-5
debian/h2o<=2.2.5+dfsg2-6<=2.2.5+dfsg2-7
2.2.5+dfsg2-9
debian/haproxy
2.2.9-2+deb11u6
2.6.12-1+deb12u1
3.0.7-1
debian/jetty9
9.4.50-4+deb11u2
9.4.50-4+deb12u3
9.4.56-1
debian/netty
1:4.1.48-4+deb11u2
1:4.1.48-7+deb12u1
1:4.1.48-10
debian/nghttp2
1.43.0-1+deb11u1
1.43.0-1+deb11u2
1.52.0-1+deb12u2
1.52.0-1+deb12u1
1.64.0-1
debian/nginx<=1.18.0-6.1+deb11u3<=1.22.1-9
1.26.0-3
debian/tomcat10
10.1.6-1+deb12u2
10.1.33-1
10.1.34-1
debian/tomcat9
9.0.43-2~deb11u10
9.0.70-2
9.0.95-1
debian/trafficserver
8.1.10+ds-1~deb11u1
8.1.11+ds-0+deb11u1
9.2.5+ds-0+deb12u1
9.2.5+ds-1
debian/varnish<=6.5.1-1+deb11u3<=7.1.1-1.1
7.6.1-2

Remedy

Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Reference Links

Parent vulnerabilities

(Appears in the following advisories)

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203