- Vulnerability/
- https://seclists.org/oss-sec/2023/q4/75
10/10/2023
10/10/2023
https://seclists.org/oss-sec/2023/q4/75: CVE-2023-44487: HTTP/2 Rapid Reset attack against many implementations
First published: Tue Oct 10 2023(Updated: )
Credit: Alan Coopersmith
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Apache HTTP Server | ||
| Caddy | ||
| Envoy Proxy | ||
| Go (Golang) language by Google | ||
| Hastymail | ||
| HAProxy | ||
| Mortbay Jetty | >=9.4.53.v20231009<=12.0.2 | |
| NettyRPC | ||
| CentOS Libnghttp2 | ||
| Nginx | ||
| Node.js | ||
| Proxygen | ||
| Apple SwiftNIO HTTP/2 | ||
| Tomcat | >=8.5.94<11.0.0-M12 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- collector/oss-sec
- alias/CVE-2023-44487
- agent/type
- agent/severity
- agent/last-modified-date
- collector/oss-sec-post
- source/oss-sec
- anchor-related/CVE-2023-44487
- anchor-related/GHSA-2M7V-GC89-FJQF
- agent/references
- agent/author
- agent/body
- agent/title
- agent/first-publish-date
- agent/trending
- agent/source
- agent/softwarecombine
- agent/tags
- agent/guess-ai
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- vendor/apache
- canonical/apache http server
- vendor/caddy
- canonical/caddy
- vendor/envoy
- canonical/envoy proxy
- vendor/go
- canonical/go (golang) language by google
- vendor/h2o
- canonical/hastymail
- vendor/haproxy
- canonical/haproxy
- vendor/jetty
- canonical/mortbay jetty
- vendor/netty
- canonical/nettyrpc
- vendor/nghttp2
- canonical/centos libnghttp2
- vendor/nginx
- canonical/nginx
- vendor/node.js
- canonical/node.js
- vendor/facebook
- canonical/proxygen
- vendor/swift
- canonical/apple swiftnio http/2
- canonical/tomcat