First published: Mon Oct 09 2023(Updated: )
## HTTP/2 Rapid reset attack The HTTP/2 protocol allows clients to indicate to the server that a previous stream should be canceled by sending a RST_STREAM frame. The protocol does not require the client and server to coordinate the cancellation in any way, the client may do it unilaterally. The client may also assume that the cancellation will take effect immediately when the server receives the RST_STREAM frame, before any other data from that TCP connection is processed. Abuse of this feature is called a Rapid Reset attack because it relies on the ability for an endpoint to send a RST_STREAM frame immediately after sending a request frame, which makes the other endpoint start working and then rapidly resets the request. The request is canceled, but leaves the HTTP/2 connection open. The HTTP/2 Rapid Reset attack built on this capability is simple: The client opens a large number of streams at once as in the standard HTTP/2 attack, but rather than waiting for a response to each request stream from the server or proxy, the client cancels each request immediately. The ability to reset streams immediately allows each connection to have an indefinite number of requests in flight. By explicitly canceling the requests, the attacker never exceeds the limit on the number of concurrent open streams. The number of in-flight requests is no longer dependent on the round-trip time (RTT), but only on the available network bandwidth. In a typical HTTP/2 server implementation, the server will still have to do significant amounts of work for canceled requests, such as allocating new stream data structures, parsing the query and doing header decompression, and mapping the URL to a resource. For reverse proxy implementations, the request may be proxied to the backend server before the RST_STREAM frame is processed. The client on the other hand paid almost no costs for sending the requests. This creates an exploitable cost asymmetry between the server and the client. Multiple software artifacts implementing HTTP/2 are affected. This advisory was originally ingested from the `swift-nio-http2` repo advisory and their original conent follows. ## swift-nio-http2 specific advisory swift-nio-http2 is vulnerable to a denial-of-service vulnerability in which a malicious client can create and then reset a large number of HTTP/2 streams in a short period of time. This causes swift-nio-http2 to commit to a large amount of expensive work which it then throws away, including creating entirely new `Channel`s to serve the traffic. This can easily overwhelm an `EventLoop` and prevent it from making forward progress. swift-nio-http2 1.28 contains a remediation for this issue that applies reset counter using a sliding window. This constrains the number of stream resets that may occur in a given window of time. Clients violating this limit will have their connections torn down. This allows clients to continue to cancel streams for legitimate reasons, while constraining malicious actors.
Credit: cve@mitre.org cve@mitre.org cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Microsoft Windows 11 | =21H2 | |
Microsoft Windows 11 | =21H2 | |
Microsoft Windows Server 2022 | ||
Microsoft Windows Server 2022 | ||
Microsoft Windows 11 | =22H2 | |
Microsoft Windows 11 | =22H2 | |
Microsoft Windows Server 2019 | ||
Microsoft Windows Server 2019 | ||
Microsoft Windows 10 | =21H2 | |
Microsoft Windows 10 | =21H2 | |
Microsoft Windows 10 | =21H2 | |
Microsoft Windows 10 | =22H2 | |
Microsoft Windows 10 | =1809 | |
Microsoft Windows 10 | =1607 | |
Microsoft Windows 10 | =1607 | |
Microsoft Windows 10 | =1809 | |
Microsoft Windows 10 | =22H2 | |
Microsoft Windows 10 | =22H2 | |
Microsoft Windows 10 | =1809 | |
debian/netty | <=1:4.1.48-7<=1:4.1.48-4 | 1:4.1.48-8 1:4.1.48-4+deb11u2 1:4.1.48-7+deb12u1 |
Microsoft ASP.NET Core | =7.0 | |
Microsoft ASP.NET Core | =6.0 | |
Microsoft Visual Studio 2022 | =17.6 | |
Microsoft Visual Studio 2022 | =17.2 | |
Microsoft Visual Studio 2022 | =17.7 | |
Microsoft Windows Server 2016 | ||
Microsoft Windows Server 2016 | ||
F5 BIG-IP Next | =20.0.1 | 20.1.0 |
F5 BIG-IP Next SPK | >=1.5.0<=1.8.2 | |
F5 BIG-IP | >=17.1.0<=17.1.1 | 17.1.1.3 |
F5 BIG-IP | >=16.1.0<=16.1.4 | 16.1.4.3 |
F5 BIG-IP | >=15.1.0<=15.1.10 | 15.1.10.4 |
F5 BIG-IP | >=14.1.0<=14.1.5 | |
F5 BIG-IP | >=13.1.0<=13.1.5 | |
F5 NGINX Plus | =25 | 30 |
F5 NGINX Open Source | >=1.9.5<=1.25.2 | |
F5 NGINX Ingress Controller | >=3.0.0<=3.3.0 | 3.3.1 |
F5 NGINX Ingress Controller | >=2.0.0<=2.4.2 | |
F5 NGINX Ingress Controller | =1.12.2 | |
Ietf Http | =2.0 | |
Nghttp2 Nghttp2 | <1.57.0 | |
Netty Netty | <4.1.100 | |
Envoyproxy Envoy | =1.24.10 | |
Envoyproxy Envoy | =1.25.9 | |
Envoyproxy Envoy | =1.26.4 | |
Envoyproxy Envoy | =1.27.0 | |
Eclipse Jetty | <9.4.53 | |
Eclipse Jetty | >=10.0.0<10.0.17 | |
Eclipse Jetty | >=11.0.0<11.0.17 | |
Eclipse Jetty | >=12.0.0<12.0.2 | |
Caddyserver Caddy | <2.7.5 | |
Golang Go | <1.20.10 | |
Golang Go | >=1.21.0<1.21.3 | |
Golang Http2 Go | <0.17.0 | |
Golang Networking Go | <0.17.0 | |
F5 BIG-IP Access Policy Manager | >=13.1.0<=13.1.5 | |
F5 BIG-IP Access Policy Manager | >=14.1.0<=14.1.5 | |
F5 BIG-IP Access Policy Manager | >=15.1.0<=15.1.10 | |
F5 BIG-IP Access Policy Manager | >=16.1.0<=16.1.4 | |
F5 BIG-IP Access Policy Manager | =17.1.0 | |
F5 BIG-IP Advanced Firewall Manager | >=13.1.0<=13.1.5 | |
F5 BIG-IP Advanced Firewall Manager | >=14.1.0<=14.1.5 | |
F5 BIG-IP Advanced Firewall Manager | >=15.1.0<=15.1.10 | |
F5 BIG-IP Advanced Firewall Manager | >=16.1.0<=16.1.4 | |
F5 BIG-IP Advanced Firewall Manager | =17.1.0 | |
F5 Big-ip Advanced Web Application Firewall | >=13.1.0<=13.1.5 | |
F5 Big-ip Advanced Web Application Firewall | >=14.1.0<=14.1.5 | |
F5 Big-ip Advanced Web Application Firewall | >=15.1.0<=15.1.10 | |
F5 Big-ip Advanced Web Application Firewall | >=16.1.0<=16.1.4 | |
F5 Big-ip Advanced Web Application Firewall | =17.1.0 | |
F5 BIG-IP Analytics | >=13.1.0<=13.1.5 | |
F5 BIG-IP Analytics | >=14.1.0<=14.1.5 | |
F5 BIG-IP Analytics | >=15.1.0<=15.1.10 | |
F5 BIG-IP Analytics | >=16.1.0<=16.1.4 | |
F5 BIG-IP Analytics | =17.1.0 | |
F5 Big-ip Application Acceleration Manager | >=13.1.0<=13.1.5 | |
F5 Big-ip Application Acceleration Manager | >=14.1.0<=14.1.5 | |
F5 Big-ip Application Acceleration Manager | >=15.1.0<=15.1.10 | |
F5 Big-ip Application Acceleration Manager | >=16.1.0<=16.1.4 | |
F5 Big-ip Application Acceleration Manager | =17.1.0 | |
F5 BIG-IP Application Security Manager | >=13.1.0<=13.1.5 | |
F5 BIG-IP Application Security Manager | >=14.1.0<=14.1.5 | |
F5 BIG-IP Application Security Manager | >=15.1.0<=15.1.10 | |
F5 BIG-IP Application Security Manager | >=16.1.0<=16.1.4 | |
F5 BIG-IP Application Security Manager | =17.1.0 | |
F5 Big-ip Application Visibility And Reporting | >=13.1.0<=13.1.5 | |
F5 Big-ip Application Visibility And Reporting | >=14.1.0<=14.1.5 | |
F5 Big-ip Application Visibility And Reporting | >=15.1.0<=15.1.10 | |
F5 Big-ip Application Visibility And Reporting | >=16.1.0<=16.1.4 | |
F5 Big-ip Application Visibility And Reporting | =17.1.0 | |
F5 Big-ip Carrier-grade Nat | >=13.1.0<=13.1.5 | |
F5 Big-ip Carrier-grade Nat | >=14.1.0<=14.1.5 | |
F5 Big-ip Carrier-grade Nat | >=15.1.0<=15.1.10 | |
F5 Big-ip Carrier-grade Nat | >=16.1.0<=16.1.4 | |
F5 Big-ip Carrier-grade Nat | =17.1.0 | |
F5 Big-ip Ddos Hybrid Defender | >=13.1.0<=13.1.5 | |
F5 Big-ip Ddos Hybrid Defender | >=14.1.0<=14.1.5 | |
F5 Big-ip Ddos Hybrid Defender | >=15.1.0<=15.1.10 | |
F5 Big-ip Ddos Hybrid Defender | >=16.1.0<=16.1.4 | |
F5 Big-ip Ddos Hybrid Defender | =17.1.0 | |
F5 Big-ip Domain Name System | >=13.1.0<=13.1.5 | |
F5 Big-ip Domain Name System | >=14.1.0<=14.1.5 | |
F5 Big-ip Domain Name System | >=15.1.0<=15.1.10 | |
F5 Big-ip Domain Name System | >=16.1.0<=16.1.4 | |
F5 Big-ip Domain Name System | =17.1.0 | |
F5 Big-ip Fraud Protection Service | >=13.1.0<=13.1.5 | |
F5 Big-ip Fraud Protection Service | >=14.1.0<=14.1.5 | |
F5 Big-ip Fraud Protection Service | >=15.1.0<=15.1.10 | |
F5 Big-ip Fraud Protection Service | >=16.1.0<=16.1.4 | |
F5 Big-ip Fraud Protection Service | =17.1.0 | |
F5 Big-ip Global Traffic Manager | >=13.1.0<=13.1.5 | |
F5 Big-ip Global Traffic Manager | >=14.1.0<=14.1.5 | |
F5 Big-ip Global Traffic Manager | >=15.1.0<=15.1.10 | |
F5 Big-ip Global Traffic Manager | >=16.1.0<=16.1.4 | |
F5 Big-ip Global Traffic Manager | =17.1.0 | |
F5 Big-ip Link Controller | >=13.1.0<=13.1.5 | |
F5 Big-ip Link Controller | >=14.1.0<=14.1.5 | |
F5 Big-ip Link Controller | >=15.1.0<=15.1.10 | |
F5 Big-ip Link Controller | >=16.1.0<=16.1.4 | |
F5 Big-ip Link Controller | =17.1.0 | |
F5 Big-ip Local Traffic Manager | >=13.1.0<=13.1.5 | |
F5 Big-ip Local Traffic Manager | >=14.1.0<=14.1.5 | |
F5 Big-ip Local Traffic Manager | >=15.1.0<=15.1.10 | |
F5 Big-ip Local Traffic Manager | >=16.1.0<=16.1.4 | |
F5 Big-ip Local Traffic Manager | =17.1.0 | |
F5 BIG-IP Next | =20.0.1 | |
F5 Big-ip Next Service Proxy For Kubernetes | >=1.5.0<=1.8.2 | |
F5 Big-ip Policy Enforcement Manager | >=13.1.0<=13.1.5 | |
F5 Big-ip Policy Enforcement Manager | >=14.1.0<=14.1.5 | |
F5 Big-ip Policy Enforcement Manager | >=15.1.0<=15.1.10 | |
F5 Big-ip Policy Enforcement Manager | >=16.1.0<=16.1.4 | |
F5 Big-ip Policy Enforcement Manager | =17.1.0 | |
F5 Big-ip Ssl Orchestrator | >=13.1.0<=13.1.5 | |
F5 Big-ip Ssl Orchestrator | >=14.1.0<=14.1.5 | |
F5 Big-ip Ssl Orchestrator | >=15.1.0<=15.1.10 | |
F5 Big-ip Ssl Orchestrator | >=16.1.0<=16.1.4 | |
F5 Big-ip Ssl Orchestrator | =17.1.0 | |
F5 Big-ip Webaccelerator | >=13.1.0<=13.1.5 | |
F5 Big-ip Webaccelerator | >=14.1.0<=14.1.5 | |
F5 Big-ip Webaccelerator | >=15.1.0<=15.1.10 | |
F5 Big-ip Webaccelerator | >=16.1.0<=16.1.4 | |
F5 Big-ip Webaccelerator | =17.1.0 | |
F5 Big-ip Websafe | >=13.1.0<=13.1.5 | |
F5 Big-ip Websafe | >=14.1.0<=14.1.5 | |
F5 Big-ip Websafe | >=15.1.0<=15.1.10 | |
F5 Big-ip Websafe | >=16.1.0<=16.1.4 | |
F5 Big-ip Websafe | =17.1.0 | |
F5 Nginx | >=1.9.5<=1.25.2 | |
F5 NGINX Ingress Controller | >=2.0.0<=2.4.2 | |
F5 NGINX Ingress Controller | >=3.0.0<=3.3.0 | |
F5 NGINX Plus | >=r25<r29 | |
F5 NGINX Plus | =r29 | |
F5 NGINX Plus | =r30 | |
Apache Tomcat | >=8.5.0<=8.5.93 | |
Apache Tomcat | >=9.0.0<=9.0.80 | |
Apache Tomcat | >=10.1.0<=10.1.13 | |
Apache Tomcat | =11.0.0-milestone1 | |
Apache Tomcat | =11.0.0-milestone10 | |
Apache Tomcat | =11.0.0-milestone11 | |
Apache Tomcat | =11.0.0-milestone2 | |
Apache Tomcat | =11.0.0-milestone3 | |
Apache Tomcat | =11.0.0-milestone4 | |
Apache Tomcat | =11.0.0-milestone5 | |
Apache Tomcat | =11.0.0-milestone6 | |
Apache Tomcat | =11.0.0-milestone7 | |
Apache Tomcat | =11.0.0-milestone8 | |
Apache Tomcat | =11.0.0-milestone9 | |
Apple Swiftnio Http\/2 Swift | <1.28.0 | |
Grpc Grpc Go | <1.56.3 | |
Grpc Grpc Go | >=1.58.0<1.58.3 | |
Grpc Grpc Go | =1.57.0 | |
Microsoft .NET | >=6.0.0<6.0.23 | |
Microsoft .NET | >=7.0.0<7.0.12 | |
Microsoft ASP.NET Core | >=6.0.0<6.0.23 | |
Microsoft ASP.NET Core | >=7.0.0<7.0.12 | |
Microsoft Azure Kubernetes Service | <2023-10-08 | |
Microsoft Visual Studio 2022 | >=17.0<17.2.20 | |
Microsoft Visual Studio 2022 | >=17.4<17.4.12 | |
Microsoft Visual Studio 2022 | >=17.6<17.6.8 | |
Microsoft Visual Studio 2022 | >=17.7<17.7.5 | |
Microsoft Windows 10 1607 | <10.0.14393.6351 | |
Microsoft Windows 10 1607 | <10.0.14393.6351 | |
Microsoft Windows 10 1809 | <10.0.17763.4974 | |
Microsoft Windows 10 21h2 | <10.0.19044.3570 | |
Microsoft Windows 10 22h2 | <10.0.19045.3570 | |
Microsoft Windows 11 21h2 | <10.0.22000.2538 | |
Microsoft Windows 11 22h2 | <10.0.22621.2428 | |
Microsoft Windows Server 2016 | ||
Microsoft Windows Server 2019 | ||
Microsoft Windows Server 2022 | ||
Nodejs Node.js | <21.0.0 | |
Microsoft Cbl-mariner | <2023-10-11 | |
Dena H2o | <2023-10-10 | |
Facebook Proxygen | <2023.10.16.00 | |
Apache APISIX | <3.6.1 | |
Apache Traffic Server | >=8.0.0<8.1.9 | |
Apache Traffic Server | >=9.0.0<9.2.3 | |
Amazon Opensearch Data Prepper | <2.5.0 | |
Debian Debian Linux | =10.0 | |
Debian Debian Linux | =11.0 | |
Debian Debian Linux | =12.0 | |
Kazu-yamamoto Http2 | <4.2.2 | |
Istio Istio | <1.17.6 | |
Istio Istio | >=1.18.0<1.18.3 | |
Istio Istio | >=1.19.0<1.19.1 | |
Varnish Cache Project Varnish Cache | <2023-10-10 | |
Traefik Traefik | <2.10.5 | |
Traefik Traefik | =3.0.0-beta1 | |
Traefik Traefik | =3.0.0-beta2 | |
Traefik Traefik | =3.0.0-beta3 | |
Projectcontour Contour Kubernetes | <2023-10-11 | |
Linkerd Linkerd | >=2.12.0<=2.12.5 | |
Linkerd Linkerd | =2.13.0 | |
Linkerd Linkerd | =2.13.1 | |
Linkerd Linkerd | =2.14.0 | |
Linkerd Linkerd | =2.14.1 | |
Linecorp Armeria | <1.26.0 | |
Redhat 3scale Api Management Platform | =2.0 | |
Redhat Advanced Cluster Management For Kubernetes | =2.0 | |
Redhat Advanced Cluster Security | =3.0 | |
Redhat Advanced Cluster Security | =4.0 | |
Redhat Ansible Automation Platform | =2.0 | |
Redhat Build Of Optaplanner | =8.0 | |
Redhat Build Of Quarkus | ||
Redhat Ceph Storage | =5.0 | |
Redhat Cert-manager Operator For Red Hat Openshift | ||
Redhat Certification For Red Hat Enterprise Linux | =8.0 | |
Redhat Certification For Red Hat Enterprise Linux | =9.0 | |
Redhat Cost Management | ||
Redhat Cryostat | =2.0 | |
Redhat Decision Manager | =7.0 | |
Redhat Fence Agents Remediation Operator | ||
Redhat Integration Camel For Spring Boot | ||
Redhat Integration Camel K | ||
Redhat Integration Service Registry | ||
Redhat Jboss A-mq | =7 | |
Redhat Jboss A-mq Streams | ||
Redhat Jboss Core Services | ||
Redhat Jboss Data Grid | =7.0.0 | |
Redhat Jboss Enterprise Application Platform | =6.0.0 | |
Redhat Jboss Enterprise Application Platform | =7.0.0 | |
Redhat Jboss Fuse | =6.0.0 | |
Redhat Jboss Fuse | =7.0.0 | |
Redhat Logging Subsystem For Red Hat Openshift | ||
Redhat Machine Deletion Remediation Operator | ||
Redhat Migration Toolkit For Applications | =6.0 | |
Redhat Migration Toolkit For Containers | ||
Redhat Migration Toolkit For Virtualization | ||
Redhat Network Observability Operator | ||
Redhat Node Healthcheck Operator | ||
Redhat Node Maintenance Operator | ||
Redhat Openshift Aws | ||
Redhat Openshift Api For Data Protection | ||
Redhat Openshift Container Platform | =4.0 | |
Redhat Openshift Container Platform Assisted Installer | ||
Redhat Openshift Data Science | ||
Redhat Openshift Dev Spaces | ||
Redhat Openshift Developer Tools And Services | ||
Redhat Openshift Distributed Tracing | ||
Redhat Openshift Gitops | ||
Redhat Openshift Pipelines | ||
Redhat Openshift Sandboxed Containers | ||
Redhat Openshift Secondary Scheduler Operator | ||
Redhat Openshift Serverless | ||
Redhat Openshift Service Mesh | =2.0 | |
Redhat Openshift Virtualization | =4 | |
Redhat Openstack Platform | =16.1 | |
Redhat Openstack Platform | =16.2 | |
Redhat Openstack Platform | =17.1 | |
Redhat Process Automation | =7.0 | |
Redhat Quay | =3.0.0 | |
Redhat Run Once Duration Override Operator | ||
Redhat Satellite | =6.0 | |
Redhat Self Node Remediation Operator | ||
Redhat Service Interconnect | =1.0 | |
Redhat Single Sign-on | =7.0 | |
Redhat Support For Spring Boot | ||
Redhat Web Terminal | ||
Redhat Enterprise Linux | =6.0 | |
Redhat Enterprise Linux | =8.0 | |
Redhat Enterprise Linux | =9.0 | |
Redhat Service Telemetry Framework | =1.5 | |
Redhat Enterprise Linux | =8.0 | |
Fedoraproject Fedora | =38 | |
Netapp Astra Control Center | ||
Akka Http Server | <10.5.3 | |
Konghq Kong Gateway | <3.4.2 | |
maven/org.apache.tomcat:tomcat-coyote | >=8.5.0<8.5.94 | 8.5.94 |
maven/org.apache.tomcat:tomcat-coyote | >=9.0.0<9.0.81 | 9.0.81 |
maven/org.apache.tomcat:tomcat-coyote | >=10.0.0<10.1.14 | 10.1.14 |
maven/org.apache.tomcat:tomcat-coyote | >=11.0.0-M1<11.0.0-M12 | 11.0.0-M12 |
maven/com.typesafe.akka:akka-http-core_2.11 | <=10.1.15 | |
maven/com.typesafe.akka:akka-http-core_2.12 | <10.5.3 | 10.5.3 |
maven/com.typesafe.akka:akka-http-core_2.13 | <10.5.3 | 10.5.3 |
maven/com.typesafe.akka:akka-http-core | <10.5.3 | 10.5.3 |
maven/org.eclipse.jetty.http2:jetty-http2-server | >=12.0.0<12.0.2 | 12.0.2 |
maven/org.eclipse.jetty.http2:jetty-http2-common | >=12.0.0<12.0.2 | 12.0.2 |
maven/org.eclipse.jetty.http2:http2-server | >=11.0.0<11.0.17 | 11.0.17 |
maven/org.eclipse.jetty.http2:http2-server | >=10.0.0<10.0.17 | 10.0.17 |
maven/org.eclipse.jetty.http2:http2-server | >=9.3.0<9.4.53 | 9.4.53 |
maven/org.eclipse.jetty.http2:http2-common | >=11.0.0<11.0.17 | 11.0.17 |
maven/org.eclipse.jetty.http2:http2-common | >=10.0.0<10.0.17 | 10.0.17 |
maven/org.eclipse.jetty.http2:http2-common | >=9.3.0<9.4.53 | 9.4.53 |
swift/github.com/apple/swift-nio-http2 | <1.28.0 | 1.28.0 |
maven/org.apache.tomcat.embed:tomcat-embed-core | >=8.5.0<8.5.94 | 8.5.94 |
maven/org.apache.tomcat.embed:tomcat-embed-core | >=9.0.0<9.0.81 | 9.0.81 |
maven/org.apache.tomcat.embed:tomcat-embed-core | >=10.0.0<10.1.14 | 10.1.14 |
maven/org.apache.tomcat.embed:tomcat-embed-core | >=11.0.0-M1<11.0.0-M12 | 11.0.0-M12 |
go/google.golang.org/grpc | <1.56.3 | 1.56.3 |
go/google.golang.org/grpc | >=1.57.0<1.57.1 | 1.57.1 |
go/google.golang.org/grpc | >=1.58.0<1.58.3 | 1.58.3 |
go/golang.org/x/net | <0.17.0 | 0.17.0 |
IETF HTTP/2 | ||
Fortinet FortiOS | >=7.4.0<=7.4.1 | |
Fortinet FortiOS | >=7.2.0<=7.2.7 | |
Fortinet FortiOS | >=7.0.0<=7.0.13 | |
Fortinet FortiProxy | >=7.4.0<=7.4.1 | |
Fortinet FortiProxy | >=7.2.0<=7.2.7 | |
Fortinet FortiProxy | >=7.0 | |
redhat/golang | <1.21.3 | 1.21.3 |
redhat/golang | <1.20.10 | 1.20.10 |
redhat/tomcat | <11.0.0 | 11.0.0 |
redhat/tomcat | <10.1.14 | 10.1.14 |
redhat/tomcat | <9.0.81 | 9.0.81 |
redhat/tomcat | <8.5.94 | 8.5.94 |
redhat/nghttp2 | <1.57.0 | 1.57.0 |
redhat/netty | <4.1.100. | 4.1.100. |
Microsoft .NET 6.0 | ||
Microsoft .NET 7.0 | ||
IBM Cognos Analytics | <=12.0.0-12.0.3 | |
IBM Cognos Analytics | <=11.2.0-11.2.4 FP3 | |
Grpc Grpc | <=1.59.2 | |
Nodejs Node.js | >=18.0.0<18.18.2 | |
Nodejs Node.js | >=20.0.0<20.8.1 | |
Linkerd Linkerd Kubernetes | >=2.12.0<=2.12.5 | |
Linkerd Linkerd Kubernetes | =2.13.0 | |
Linkerd Linkerd Kubernetes | =2.13.1 | |
Linkerd Linkerd Kubernetes | =2.14.0 | |
Linkerd Linkerd Kubernetes | =2.14.1 | |
All of | ||
Redhat Service Telemetry Framework | =1.5 | |
Redhat Enterprise Linux | =8.0 | |
Fedoraproject Fedora | =37 | |
NetApp OnCommand Insight | ||
Jenkins Jenkins | <=2.414.2 | |
Jenkins Jenkins | <=2.427 | |
Apache Solr | <9.4.0 | |
Openresty Openresty | <1.21.4.3 | |
Cisco Connected Mobile Experiences | <11.1 | |
Cisco Crosswork Data Gateway | <4.1.3 | |
Cisco Crosswork Data Gateway | =5.0 | |
Cisco Crosswork Zero Touch Provisioning | <6.0.0 | |
Cisco Data Center Network Manager | ||
Cisco Enterprise Chat and Email | ||
Cisco Expressway | <x14.3.3 | |
Cisco Firepower Threat Defense | <7.4.2 | |
Cisco IoT Field Network Director | <4.11.0 | |
Cisco Prime Access Registrar | <9.3.3 | |
Cisco Prime Cable Provisioning | <7.2.1 | |
Cisco Prime Infrastructure | <3.10.4 | |
Cisco Prime Network Registrar | <11.2 | |
Cisco Secure Dynamic Attributes Connector | <2.2.0 | |
Cisco Secure Malware Analytics | <2.19.2 | |
Cisco TelePresence Video Communication Server | <x14.3.3 | |
Cisco Ultra Cloud Core - Policy Control Function | <2024.01.0 | |
Cisco Ultra Cloud Core - Policy Control Function | =2024.01.0 | |
Cisco Ultra Cloud Core - Serving Gateway Function | <2024.02.0 | |
Cisco Ultra Cloud Core - Session Management Function | <2024.02.0 | |
Cisco Unified Attendant Console Advanced | ||
Cisco Unified Contact Center Domain Manager | ||
Cisco Unified Contact Center Enterprise | ||
Cisco Unified Contact Center Enterprise - Live Data Server | <12.6.2 | |
Cisco Unified Contact Center Management Portal | ||
Cisco Fog Director | <1.22 | |
Cisco IOS XE | <17.15.1 | |
Cisco IOS XR | <7.11.2 | |
All of | ||
Cisco Secure Web Appliance Firmware | <15.1.0 | |
Cisco Secure Web Appliance | ||
All of | ||
Any of | ||
Cisco Nx-os | <10.2\(7\) | |
Cisco Nx-os | >=10.3\(1\)<10.3\(5\) | |
Any of | ||
Cisco Nexus 3016 | ||
Cisco Nexus 3016q | ||
Cisco Nexus 3048 | ||
Cisco Nexus 3064 | ||
Cisco Nexus 3064-32t | ||
Cisco Nexus 3064-t | ||
Cisco Nexus 3064-x | ||
Cisco Nexus 3064t | ||
Cisco Nexus 3064x | ||
Cisco Nexus 3100 | ||
Cisco Nexus 3100-v | ||
Cisco Nexus 3100-z | ||
Cisco Nexus 3100v | ||
Cisco Nexus 31108pc-v | ||
Cisco Nexus 31108pv-v | ||
Cisco Nexus 31108tc-v | ||
Cisco Nexus 31128pq | ||
Cisco Nexus 3132c-z | ||
Cisco Nexus 3132q | ||
Cisco Nexus 3132q-v | ||
Cisco Nexus 3132q-x | ||
Cisco Nexus 3132q-x\/3132q-xl | ||
Cisco Nexus 3132q-xl | ||
Cisco Nexus 3164q | ||
Cisco Nexus 3172 | ||
Cisco Nexus 3172pq | ||
Cisco Nexus 3172pq-xl | ||
Cisco Nexus 3172pq\/pq-xl | ||
Cisco Nexus 3172tq | ||
Cisco Nexus 3172tq-32t | ||
Cisco Nexus 3172tq-xl | ||
Cisco Nexus 3200 | ||
Cisco Nexus 3232 | ||
Cisco Nexus 3232c | ||
Cisco Nexus 3232c | ||
Cisco Nexus 3264c-e | ||
Cisco Nexus 3264q | ||
Cisco Nexus 3400 | ||
Cisco Nexus 3408-s | ||
Cisco Nexus 34180yc | ||
Cisco Nexus 34200yc-sm | ||
Cisco Nexus 3432d-s | ||
Cisco Nexus 3464c | ||
Cisco Nexus 3500 | ||
Cisco Nexus 3524 | ||
Cisco Nexus 3524-x | ||
Cisco Nexus 3524-x\/xl | ||
Cisco Nexus 3524-xl | ||
Cisco Nexus 3548 | ||
Cisco Nexus 3548-x | ||
Cisco Nexus 3548-x\/xl | ||
Cisco Nexus 3548-xl | ||
Cisco Nexus 3600 | ||
Cisco Nexus 36180yc-r | ||
Cisco Nexus 3636c-r | ||
All of | ||
Any of | ||
Cisco Nx-os | <10.2\(7\) | |
Cisco Nx-os | >=10.3\(1\)<10.3\(5\) | |
Any of | ||
Cisco Nexus 9000v | ||
Cisco Nexus 9200 | ||
Cisco Nexus 9200yc | ||
Cisco Nexus 92160yc-x | ||
Cisco Nexus 92160yc Switch | ||
Cisco Nexus 9221c | ||
Cisco Nexus 92300yc | ||
Cisco Nexus 92300yc Switch | ||
Cisco Nexus 92304qc | ||
Cisco Nexus 92304qc Switch | ||
Cisco Nexus 9232e | ||
Cisco Nexus 92348gc-x | ||
Cisco Nexus 9236c | ||
Cisco Nexus 9236c Switch | ||
Cisco Nexus 9272q | ||
Cisco Nexus 9272q Switch | ||
Cisco Nexus 9300 | ||
Cisco Nexus 93108tc-ex | ||
Cisco Nexus 93108tc-ex-24 | ||
Cisco Nexus 93108tc-ex Switch | ||
Cisco Nexus 93108tc-fx | ||
Cisco Nexus 93108tc-fx-24 | ||
Cisco Nexus 93108tc-fx3h | ||
Cisco Nexus 93108tc-fx3p | ||
Cisco Nexus 93120tx | ||
Cisco Nexus 93120tx Switch | ||
Cisco Nexus 93128 | ||
Cisco Nexus 93128tx | ||
Cisco Nexus 93128tx Switch | ||
Cisco Nexus 9316d-gx | ||
Cisco Nexus 93180lc-ex | ||
Cisco Nexus 93180lc-ex Switch | ||
Cisco Nexus 93180tc-ex | ||
Cisco Nexus 93180yc-ex | ||
Cisco Nexus 93180yc-ex-24 | ||
Cisco Nexus 93180yc-ex Switch | ||
Cisco Nexus 93180yc-fx | ||
Cisco Nexus 93180yc-fx-24 | ||
Cisco Nexus 93180yc-fx3 | ||
Cisco Nexus 93180yc-fx3h | ||
Cisco Nexus 93180yc-fx3s | ||
Cisco Nexus 93216tc-fx2 | ||
Cisco Nexus 93240tc-fx2 | ||
Cisco Nexus 93240yc-fx2 | ||
Cisco Nexus 9332c | ||
Cisco Nexus 9332d-gx2b | ||
Cisco Nexus 9332d-h2r | ||
Cisco Nexus 9332pq | ||
Cisco Nexus 9332pq Switch | ||
Cisco Nexus 93360yc-fx2 | ||
Cisco Nexus 9336c-fx2 | ||
Cisco Nexus 9336c-fx2-e | ||
Cisco Nexus 9336pq | ||
Cisco Nexus 9336pq Aci | ||
Cisco Nexus 9336pq Aci Spine | ||
Cisco Nexus 9336pq Aci Spine Switch | ||
Cisco Nexus 9348d-gx2a | ||
Cisco Nexus 9348gc-fx3 | ||
Cisco Nexus 9348gc-fxp | ||
Cisco Nexus 93600cd-gx | ||
Cisco Nexus 9364c | ||
Cisco Nexus 9364c-gx | ||
Cisco Nexus 9364d-gx2a | ||
Cisco Nexus 9372px | ||
Cisco Nexus 9372px-e | ||
Cisco Nexus 9372px-e Switch | ||
Cisco Nexus 9372px Switch | ||
Cisco Nexus 9372tx | ||
Cisco Nexus 9372tx-e | ||
Cisco Nexus 9372tx-e Switch | ||
Cisco Nexus 9372tx Switch | ||
Cisco Nexus 9396px | ||
Cisco Nexus 9396px Switch | ||
Cisco Nexus 9396tx | ||
Cisco Nexus 9396tx Switch | ||
Cisco Nexus 9408 | ||
Cisco Nexus 9432pq | ||
Cisco Nexus 9500 | ||
Cisco Nexus 9500 16-slot | ||
Cisco Nexus 9500 4-slot | ||
Cisco Nexus 9500 8-slot | ||
Cisco Nexus 9500 Supervisor A | ||
Cisco Nexus 9500 Supervisor A\+ | ||
Cisco Nexus 9500 Supervisor B | ||
Cisco Nexus 9500 Supervisor B\+ | ||
Cisco Nexus 9500r | ||
Cisco Nexus 9504 | ||
Cisco Nexus 9504 Switch | ||
Cisco Nexus 9508 | ||
Cisco Nexus 9508 Switch | ||
Cisco Nexus 9516 | ||
Cisco Nexus 9516 Switch | ||
Cisco Nexus 9536pq | ||
Cisco Nexus 9636pq | ||
Cisco Nexus 9716d-gx | ||
Cisco Nexus 9736pq | ||
Cisco Nexus 9800 | ||
Cisco Nexus 9804 | ||
Cisco Nexus 9808 | ||
debian/dnsdist | <=1.5.1-3<=1.7.3-2 | 1.9.6-1 1.9.8-1 |
debian/grpc | <=1.30.2-3<=1.51.1-3<=1.51.1-5 | |
debian/h2o | <=2.2.5+dfsg2-6<=2.2.5+dfsg2-7 | 2.2.5+dfsg2-9 |
debian/haproxy | 2.2.9-2+deb11u6 2.6.12-1+deb12u1 3.0.7-1 | |
debian/jetty9 | 9.4.50-4+deb11u2 9.4.50-4+deb12u3 9.4.56-1 | |
debian/netty | 1:4.1.48-4+deb11u2 1:4.1.48-7+deb12u1 1:4.1.48-10 | |
debian/nghttp2 | 1.43.0-1+deb11u1 1.43.0-1+deb11u2 1.52.0-1+deb12u2 1.52.0-1+deb12u1 1.64.0-1 | |
debian/nginx | <=1.18.0-6.1+deb11u3<=1.22.1-9 | 1.26.0-3 |
debian/tomcat10 | 10.1.6-1+deb12u2 10.1.33-1 10.1.34-1 | |
debian/tomcat9 | 9.0.43-2~deb11u10 9.0.70-2 9.0.95-1 | |
debian/trafficserver | 8.1.10+ds-1~deb11u1 8.1.11+ds-0+deb11u1 9.2.5+ds-0+deb12u1 9.2.5+ds-1 | |
debian/varnish | <=6.5.1-1+deb11u3<=7.1.1-1.1 | 7.6.1-2 |
https://mailman.nginx.org/pipermail/nginx-devel/2023-October/S36Q5HBXR7CAIMPLLPRSSSYR4PCMWILK.html
Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.