ID

VAR-202310-0175


CVE

CVE-2023-44487


TITLE

Internet Technology Task Force  (IETF)  of  http  Vulnerability related to resource exhaustion in products from multiple vendors such as

Trust: 0.8

sources: JVNDB: JVNDB-2023-015462

DESCRIPTION

The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023. Internet Technology Task Force (IETF) of http vulnerabilities related to resource exhaustion exist in products from multiple vendors.Service operation interruption (DoS) It may be in a state. Description: nghttp2 contains the Hypertext Transfer Protocol version 2 (HTTP/2) client, server, and proxy programs as well as a library implementing the HTTP/2 protocol in C. Description: Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Description: Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache Tomcat Servlet container, JBoss HTTP Connector (mod_cluster), the PicketLink Vault extension for Apache Tomcat, and the Tomcat Native library. This release of Red Hat JBoss Web Server 5.7.5 serves as a replacement for Red Hat JBoss Web Server 5.7.4. This release includes bug fixes, enhancements and component upgrades, which are documented in the Release Notes, linked to in the References section. ========================================================================== Ubuntu Security Notice USN-6754-1 April 25, 2024 nghttp2 vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 23.10 - Ubuntu 22.04 LTS - Ubuntu 20.04 LTS - Ubuntu 18.04 LTS (Available with Ubuntu Pro) - Ubuntu 16.04 LTS (Available with Ubuntu Pro) Summary: Several security issues were fixed in nghttp2. Software Description: - nghttp2: HTTP/2 C Library and tools Details: It was discovered that nghttp2 incorrectly handled the HTTP/2 implementation. A remote attacker could possibly use this issue to cause nghttp2 to consume resources, leading to a denial of service. This issue only affected Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. (CVE-2019-9511, CVE-2019-9513) It was discovered that nghttp2 incorrectly handled request cancellation. A remote attacker could possibly use this issue to cause nghttp2 to consume resources, leading to a denial of service. This issue only affected Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. (CVE-2023-44487) It was discovered that nghttp2 could be made to process an unlimited number of HTTP/2 CONTINUATION frames. A remote attacker could possibly use this issue to cause nghttp2 to consume resources, leading to a denial of service. (CVE-2024-28182) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 23.10: libnghttp2-14 1.55.1-1ubuntu0.2 nghttp2 1.55.1-1ubuntu0.2 nghttp2-client 1.55.1-1ubuntu0.2 nghttp2-proxy 1.55.1-1ubuntu0.2 nghttp2-server 1.55.1-1ubuntu0.2 Ubuntu 22.04 LTS: libnghttp2-14 1.43.0-1ubuntu0.2 nghttp2 1.43.0-1ubuntu0.2 nghttp2-client 1.43.0-1ubuntu0.2 nghttp2-proxy 1.43.0-1ubuntu0.2 nghttp2-server 1.43.0-1ubuntu0.2 Ubuntu 20.04 LTS: libnghttp2-14 1.40.0-1ubuntu0.3 nghttp2 1.40.0-1ubuntu0.3 nghttp2-client 1.40.0-1ubuntu0.3 nghttp2-proxy 1.40.0-1ubuntu0.3 nghttp2-server 1.40.0-1ubuntu0.3 Ubuntu 18.04 LTS (Available with Ubuntu Pro): libnghttp2-14 1.30.0-1ubuntu1+esm2 nghttp2 1.30.0-1ubuntu1+esm2 nghttp2-client 1.30.0-1ubuntu1+esm2 nghttp2-proxy 1.30.0-1ubuntu1+esm2 nghttp2-server 1.30.0-1ubuntu1+esm2 Ubuntu 16.04 LTS (Available with Ubuntu Pro): libnghttp2-14 1.7.1-1ubuntu0.1~esm2 nghttp2 1.7.1-1ubuntu0.1~esm2 nghttp2-client 1.7.1-1ubuntu0.1~esm2 nghttp2-proxy 1.7.1-1ubuntu0.1~esm2 nghttp2-server 1.7.1-1ubuntu0.1~esm2 In general, a standard system update will make all the necessary changes. The following data is constructed from data provided by Red Hat's json file at: https://access.redhat.com/security/data/csaf/v2/advisories/2023/rhsa-2023_6048.json Red Hat officially shut down their mailing list notifications October 10, 2023. Due to this, Packet Storm has recreated the below data as a reference point to raise awareness. It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment. - Packet Storm Staff ==================================================================== Red Hat Security Advisory Synopsis: Important: ACS 4.2 enhancement and security update Advisory ID: RHSA-2023:6048-01 Product: Red Hat Advanced Cluster Security for Kubernetes Advisory URL: https://access.redhat.com/errata/RHSA-2023:6048 Issue date: 2023-10-23 Revision: 01 CVE Names: CVE-2023-39325 ==================================================================== Summary: Updated images are now available for Red Hat Advanced Cluster Security. The updated image includes new features and bug fixes. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Description: This release of RHACS 4.2.2 includes fixes for the following security vulnerabilities: Security Fix(es): * golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-44487) (CVE-2023-39325) * HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack) (CVE-2023-44487) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. It contains the following bug fixes and changes: * Previously, Red Hat OpenShift Container Platform customers using the downloaded manifest bundle with automatic upgrades enabled found that Sensor did not automatically upgrade, and failed with a `PRE_FLIGHT_CHECKS_FAILED` error. This issue has been fixed. (ROX-19955) * RHACS 4.2.2 includes a new default policy called \"Rapid Reset: Denial of Service Vulnerability in HTTP/2 Protocol\". This policy alerts on deployments with images containing components that are susceptible to a Denial of Service (DoS) vulnerability for HTTP/2 servers, based on CVE-2023-44487 and CVE-2023-39325. This policy applies to the build or deploy life cycle stage. Solution: CVEs: CVE-2023-39325 References: https://access.redhat.com/security/updates/classification/#important https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_security_for_kubernetes/4.2/html/release_notes/release-notes-42 https://access.redhat.com/security/cve/CVE-2023-39325 https://access.redhat.com/security/cve/CVE-2023-44487 https://access.redhat.com/security/vulnerabilities/RHSB-2023-003 . Description: Varnish Cache is a high-performance HTTP accelerator. It stores web pages in memory so web servers don't have to create the same web page over and over again, giving the website a significant speed up

Trust: 2.34

sources: NVD: CVE-2023-44487 // JVNDB: JVNDB-2023-015462 // PACKETSTORM: 175129 // PACKETSTORM: 175119 // PACKETSTORM: 175172 // PACKETSTORM: 175162 // PACKETSTORM: 178284 // PACKETSTORM: 177716 // PACKETSTORM: 175298 // PACKETSTORM: 175289

AFFECTED PRODUCTS

vendor:f5model:big-ip ddos hybrid defenderscope:lteversion:13.1.5

Trust: 1.0

vendor:f5model:big-ip analyticsscope:lteversion:14.1.5

Trust: 1.0

vendor:f5model:big-ip analyticsscope:lteversion:16.1.4

Trust: 1.0

vendor:microsoftmodel:visual studio 2022scope:ltversion:17.6.8

Trust: 1.0

vendor:redhatmodel:jboss enterprise application platformscope:eqversion:6.0.0

Trust: 1.0

vendor:f5model:big-ip websafescope:gteversion:16.1.0

Trust: 1.0

vendor:f5model:big-ip domain name systemscope:gteversion:14.1.0

Trust: 1.0

vendor:f5model:big-ip access policy managerscope:lteversion:15.1.10

Trust: 1.0

vendor:redhatmodel:self node remediation operatorscope:eqversion: -

Trust: 1.0

vendor:f5model:big-ip websafescope:lteversion:13.1.5

Trust: 1.0

vendor:redhatmodel:migration toolkit for virtualizationscope:eqversion: -

Trust: 1.0

vendor:redhatmodel:openshift sandboxed containersscope:eqversion: -

Trust: 1.0

vendor:ciscomodel:unified contact center enterprise - live data serverscope:ltversion:12.6.2

Trust: 1.0

vendor:f5model:big-ip global traffic managerscope:lteversion:13.1.5

Trust: 1.0

vendor:f5model:big-ip ddos hybrid defenderscope:gteversion:13.1.0

Trust: 1.0

vendor:ciscomodel:prime cable provisioningscope:ltversion:7.2.1

Trust: 1.0

vendor:f5model:big-ip domain name systemscope:lteversion:14.1.5

Trust: 1.0

vendor:f5model:big-ip policy enforcement managerscope:lteversion:13.1.5

Trust: 1.0

vendor:f5model:big-ip domain name systemscope:lteversion:16.1.4

Trust: 1.0

vendor:microsoftmodel:windows 10 22h2scope:ltversion:10.0.19045.3570

Trust: 1.0

vendor:redhatmodel:jboss core servicesscope:eqversion: -

Trust: 1.0

vendor:f5model:big-ip websafescope:gteversion:13.1.0

Trust: 1.0

vendor:apachemodel:tomcatscope:gteversion:10.1.0

Trust: 1.0

vendor:grpcmodel:grpcscope:gteversion:1.58.0

Trust: 1.0

vendor:netappmodel:oncommand insightscope:eqversion: -

Trust: 1.0

vendor:apachemodel:tomcatscope:lteversion:9.0.80

Trust: 1.0

vendor:ietfmodel:httpscope:eqversion:2.0

Trust: 1.0

vendor:redhatmodel:openshift pipelinesscope:eqversion: -

Trust: 1.0

vendor:f5model:big-ip application visibility and reportingscope:lteversion:13.1.5

Trust: 1.0

vendor:ciscomodel:nx-osscope:ltversion:10.2\(7\)

Trust: 1.0

vendor:apachemodel:tomcatscope:lteversion:10.1.13

Trust: 1.0

vendor:linkerdmodel:linkerdscope:eqversion:2.14.1

Trust: 1.0

vendor:f5model:big-ip analyticsscope:gteversion:14.1.0

Trust: 1.0

vendor:redhatmodel:3scale api management platformscope:eqversion:2.0

Trust: 1.0

vendor:redhatmodel:advanced cluster securityscope:eqversion:4.0

Trust: 1.0

vendor:konghqmodel:kong gatewayscope:ltversion:3.4.2

Trust: 1.0

vendor:microsoftmodel:asp.net corescope:gteversion:6.0.0

Trust: 1.0

vendor:microsoftmodel:visual studio 2022scope:ltversion:17.2.20

Trust: 1.0

vendor:f5model:big-ip advanced web application firewallscope:lteversion:15.1.10

Trust: 1.0

vendor:redhatmodel:jboss fusescope:eqversion:7.0.0

Trust: 1.0

vendor:redhatmodel:certification for red hat enterprise linuxscope:eqversion:8.0

Trust: 1.0

vendor:f5model:big-ip webacceleratorscope:gteversion:14.1.0

Trust: 1.0

vendor:eclipsemodel:jettyscope:gteversion:12.0.0

Trust: 1.0

vendor:microsoftmodel:windows server 2022scope:eqversion: -

Trust: 1.0

vendor:apachemodel:traffic serverscope:gteversion:9.0.0

Trust: 1.0

vendor:f5model:big-ip advanced firewall managerscope:eqversion:17.1.0

Trust: 1.0

vendor:redhatmodel:openshift service meshscope:eqversion:2.0

Trust: 1.0

vendor:f5model:big-ip link controllerscope:gteversion:15.1.0

Trust: 1.0

vendor:microsoftmodel:windows 10 1809scope:ltversion:10.0.17763.4974

Trust: 1.0

vendor:f5model:big-ip ssl orchestratorscope:lteversion:15.1.10

Trust: 1.0

vendor:istiomodel:istioscope:gteversion:1.18.0

Trust: 1.0

vendor:f5model:big-ip webacceleratorscope:lteversion:14.1.5

Trust: 1.0

vendor:f5model:big-ip carrier-grade natscope:gteversion:15.1.0

Trust: 1.0

vendor:f5model:big-ip local traffic managerscope:lteversion:14.1.5

Trust: 1.0

vendor:f5model:big-ip webacceleratorscope:lteversion:16.1.4

Trust: 1.0

vendor:f5model:big-ip local traffic managerscope:lteversion:16.1.4

Trust: 1.0

vendor:microsoftmodel:.netscope:ltversion:6.0.23

Trust: 1.0

vendor:ciscomodel:firepower threat defensescope:ltversion:7.4.2

Trust: 1.0

vendor:ciscomodel:ios xrscope:ltversion:7.11.2

Trust: 1.0

vendor:ciscomodel:prime access registrarscope:ltversion:9.3.3

Trust: 1.0

vendor:f5model:big-ip advanced firewall managerscope:gteversion:15.1.0

Trust: 1.0

vendor:microsoftmodel:azure kubernetes servicescope:ltversion:2023-10-08

Trust: 1.0

vendor:openrestymodel:openrestyscope:ltversion:1.21.4.3

Trust: 1.0

vendor:ciscomodel:connected mobile experiencesscope:ltversion:11.1

Trust: 1.0

vendor:f5model:big-ip ssl orchestratorscope:gteversion:16.1.0

Trust: 1.0

vendor:f5model:big-ip application security managerscope:lteversion:15.1.10

Trust: 1.0

vendor:f5model:big-ip application security managerscope:gteversion:16.1.0

Trust: 1.0

vendor:apachemodel:tomcatscope:gteversion:8.5.0

Trust: 1.0

vendor:f5model:big-ip application acceleration managerscope:gteversion:16.1.0

Trust: 1.0

vendor:applemodel:swiftnio http\/2scope:ltversion:1.28.0

Trust: 1.0

vendor:microsoftmodel:asp.net corescope:ltversion:6.0.23

Trust: 1.0

vendor:f5model:big-ip application acceleration managerscope:lteversion:13.1.5

Trust: 1.0

vendor:nghttp2model:nghttp2scope:ltversion:1.57.0

Trust: 1.0

vendor:f5model:big-ip analyticsscope:eqversion:17.1.0

Trust: 1.0

vendor:jenkinsmodel:jenkinsscope:lteversion:2.414.2

Trust: 1.0

vendor:f5model:big-ip carrier-grade natscope:eqversion:17.1.0

Trust: 1.0

vendor:f5model:big-ip local traffic managerscope:lteversion:13.1.5

Trust: 1.0

vendor:f5model:big-ip application security managerscope:gteversion:13.1.0

Trust: 1.0

vendor:f5model:big-ip application acceleration managerscope:gteversion:13.1.0

Trust: 1.0

vendor:nodejsmodel:node.jsscope:gteversion:20.0.0

Trust: 1.0

vendor:f5model:big-ip advanced web application firewallscope:gteversion:16.1.0

Trust: 1.0

vendor:f5model:big-ip global traffic managerscope:lteversion:15.1.10

Trust: 1.0

vendor:f5model:nginx ingress controllerscope:lteversion:3.3.0

Trust: 1.0

vendor:f5model:big-ip advanced web application firewallscope:lteversion:13.1.5

Trust: 1.0

vendor:f5model:big-ip fraud protection servicescope:gteversion:16.1.0

Trust: 1.0

vendor:f5model:big-ip analyticsscope:gteversion:15.1.0

Trust: 1.0

vendor:f5model:big-ip domain name systemscope:eqversion:17.1.0

Trust: 1.0

vendor:f5model:big-ip policy enforcement managerscope:lteversion:15.1.10

Trust: 1.0

vendor:f5model:big-ip link controllerscope:lteversion:14.1.5

Trust: 1.0

vendor:f5model:big-ip link controllerscope:lteversion:16.1.4

Trust: 1.0

vendor:nodejsmodel:node.jsscope:ltversion:18.18.2

Trust: 1.0

vendor:traefikmodel:traefikscope:ltversion:2.10.5

Trust: 1.0

vendor:netappmodel:astra control centerscope:eqversion: -

Trust: 1.0

vendor:f5model:nginx plusscope:eqversion:r30

Trust: 1.0

vendor:redhatmodel:cert-manager operator for red hat openshiftscope:eqversion: -

Trust: 1.0

vendor:f5model:big-ip application visibility and reportingscope:lteversion:15.1.10

Trust: 1.0

vendor:golangmodel:goscope:ltversion:1.21.3

Trust: 1.0

vendor:f5model:big-ip websafescope:gteversion:14.1.0

Trust: 1.0

vendor:redhatmodel:jboss data gridscope:eqversion:7.0.0

Trust: 1.0

vendor:f5model:big-ip global traffic managerscope:gteversion:16.1.0

Trust: 1.0

vendor:f5model:big-ip advanced web application firewallscope:gteversion:13.1.0

Trust: 1.0

vendor:f5model:big-ip advanced firewall managerscope:lteversion:14.1.5

Trust: 1.0

vendor:ciscomodel:prime infrastructurescope:ltversion:3.10.4

Trust: 1.0

vendor:f5model:big-ip advanced firewall managerscope:lteversion:16.1.4

Trust: 1.0

vendor:f5model:big-ip fraud protection servicescope:gteversion:13.1.0

Trust: 1.0

vendor:golangmodel:networkingscope:ltversion:0.17.0

Trust: 1.0

vendor:apachemodel:apisixscope:ltversion:3.6.1

Trust: 1.0

vendor:f5model:nginx plusscope:eqversion:r29

Trust: 1.0

vendor:redhatmodel:enterprise linuxscope:eqversion:9.0

Trust: 1.0

vendor:istiomodel:istioscope:ltversion:1.18.3

Trust: 1.0

vendor:redhatmodel:decision managerscope:eqversion:7.0

Trust: 1.0

vendor:ciscomodel:secure web appliancescope:ltversion:15.1.0

Trust: 1.0

vendor:f5model:big-ip application visibility and reportingscope:gteversion:16.1.0

Trust: 1.0

vendor:ciscomodel:ultra cloud core - policy control functionscope:ltversion:2024.01.0

Trust: 1.0

vendor:istiomodel:istioscope:ltversion:1.19.1

Trust: 1.0

vendor:f5model:big-ip access policy managerscope:gteversion:14.1.0

Trust: 1.0

vendor:f5model:big-ip global traffic managerscope:gteversion:13.1.0

Trust: 1.0

vendor:ciscomodel:secure malware analyticsscope:ltversion:2.19.2

Trust: 1.0

vendor:nodejsmodel:node.jsscope:gteversion:18.0.0

Trust: 1.0

vendor:redhatmodel:node maintenance operatorscope:eqversion: -

Trust: 1.0

vendor:f5model:big-ip link controllerscope:gteversion:14.1.0

Trust: 1.0

vendor:f5model:big-ip next service proxy for kubernetesscope:gteversion:1.5.0

Trust: 1.0

vendor:f5model:big-ip access policy managerscope:lteversion:14.1.5

Trust: 1.0

vendor:f5model:big-ip access policy managerscope:lteversion:16.1.4

Trust: 1.0

vendor:jenkinsmodel:jenkinsscope:lteversion:2.427

Trust: 1.0

vendor:f5model:big-ip domain name systemscope:gteversion:16.1.0

Trust: 1.0

vendor:f5model:big-ip fraud protection servicescope:lteversion:13.1.5

Trust: 1.0

vendor:f5model:big-ip advanced firewall managerscope:gteversion:14.1.0

Trust: 1.0

vendor:ciscomodel:secure dynamic attributes connectorscope:ltversion:2.2.0

Trust: 1.0

vendor:f5model:big-ip policy enforcement managerscope:gteversion:15.1.0

Trust: 1.0

vendor:f5model:big-ip webacceleratorscope:eqversion:17.1.0

Trust: 1.0

vendor:amazonmodel:opensearch data prepperscope:ltversion:2.5.0

Trust: 1.0

vendor:ciscomodel:ultra cloud core - policy control functionscope:eqversion:2024.01.0

Trust: 1.0

vendor:f5model:big-ip carrier-grade natscope:lteversion:14.1.5

Trust: 1.0

vendor:f5model:big-ip carrier-grade natscope:lteversion:16.1.4

Trust: 1.0

vendor:redhatmodel:node healthcheck operatorscope:eqversion: -

Trust: 1.0

vendor:microsoftmodel:visual studio 2022scope:gteversion:17.7

Trust: 1.0

vendor:redhatmodel:integration camel kscope:eqversion: -

Trust: 1.0

vendor:redhatmodel:openshift distributed tracingscope:eqversion: -

Trust: 1.0

vendor:microsoftmodel:asp.net corescope:gteversion:7.0.0

Trust: 1.0

vendor:redhatmodel:service interconnectscope:eqversion:1.0

Trust: 1.0

vendor:redhatmodel:openshift container platformscope:eqversion:4.0

Trust: 1.0

vendor:f5model:big-ip ddos hybrid defenderscope:eqversion:17.1.0

Trust: 1.0

vendor:f5model:big-ip domain name systemscope:gteversion:13.1.0

Trust: 1.0

vendor:redhatmodel:run once duration override operatorscope:eqversion: -

Trust: 1.0

vendor:eclipsemodel:jettyscope:ltversion:9.4.53

Trust: 1.0

vendor:redhatmodel:enterprise linuxscope:eqversion:6.0

Trust: 1.0

vendor:ciscomodel:prime network registrarscope:ltversion:11.2

Trust: 1.0

vendor:f5model:big-ip websafescope:eqversion:17.1.0

Trust: 1.0

vendor:f5model:big-ip application acceleration managerscope:lteversion:15.1.10

Trust: 1.0

vendor:ciscomodel:unified contact center domain managerscope:eqversion: -

Trust: 1.0

vendor:redhatmodel:process automationscope:eqversion:7.0

Trust: 1.0

vendor:apachemodel:tomcatscope:eqversion:11.0.0

Trust: 1.0

vendor:f5model:nginx ingress controllerscope:lteversion:2.4.2

Trust: 1.0

vendor:f5model:big-ip ddos hybrid defenderscope:gteversion:15.1.0

Trust: 1.0

vendor:f5model:big-ip analyticsscope:lteversion:13.1.5

Trust: 1.0

vendor:apachemodel:traffic serverscope:ltversion:9.2.3

Trust: 1.0

vendor:f5model:big-ip websafescope:gteversion:15.1.0

Trust: 1.0

vendor:f5model:big-ip carrier-grade natscope:lteversion:13.1.5

Trust: 1.0

vendor:eclipsemodel:jettyscope:gteversion:10.0.0

Trust: 1.0

vendor:f5model:big-ip local traffic managerscope:lteversion:15.1.10

Trust: 1.0

vendor:redhatmodel:openshift api for data protectionscope:eqversion: -

Trust: 1.0

vendor:ciscomodel:crosswork data gatewayscope:ltversion:4.1.3

Trust: 1.0

vendor:redhatmodel:support for spring bootscope:eqversion: -

Trust: 1.0

vendor:f5model:big-ip ssl orchestratorscope:gteversion:14.1.0

Trust: 1.0

vendor:ciscomodel:nx-osscope:ltversion:10.3\(5\)

Trust: 1.0

vendor:linecorpmodel:armeriascope:ltversion:1.26.0

Trust: 1.0

vendor:f5model:big-ip application security managerscope:gteversion:14.1.0

Trust: 1.0

vendor:f5model:big-ip analyticsscope:gteversion:13.1.0

Trust: 1.0

vendor:f5model:big-ip domain name systemscope:lteversion:13.1.5

Trust: 1.0

vendor:microsoftmodel:visual studio 2022scope:ltversion:17.4.12

Trust: 1.0

vendor:f5model:big-ip link controllerscope:eqversion:17.1.0

Trust: 1.0

vendor:fedoraprojectmodel:fedorascope:eqversion:38

Trust: 1.0

vendor:traefikmodel:traefikscope:eqversion:3.0.0

Trust: 1.0

vendor:f5model:big-ip webacceleratorscope:gteversion:16.1.0

Trust: 1.0

vendor:f5model:big-ip access policy managerscope:gteversion:15.1.0

Trust: 1.0

vendor:f5model:big-ip local traffic managerscope:gteversion:16.1.0

Trust: 1.0

vendor:grpcmodel:grpcscope:ltversion:1.58.3

Trust: 1.0

vendor:redhatmodel:openshift gitopsscope:eqversion: -

Trust: 1.0

vendor:ciscomodel:crosswork data gatewayscope:eqversion:5.0

Trust: 1.0

vendor:caddyservermodel:caddyscope:ltversion:2.7.5

Trust: 1.0

vendor:apachemodel:traffic serverscope:gteversion:8.0.0

Trust: 1.0

vendor:f5model:big-ip webacceleratorscope:gteversion:13.1.0

Trust: 1.0

vendor:istiomodel:istioscope:ltversion:1.17.6

Trust: 1.0

vendor:f5model:big-ip local traffic managerscope:gteversion:13.1.0

Trust: 1.0

vendor:redhatmodel:enterprise linuxscope:eqversion:8.0

Trust: 1.0

vendor:ciscomodel:ios xescope:ltversion:17.15.1

Trust: 1.0

vendor:f5model:big-ip application security managerscope:lteversion:14.1.5

Trust: 1.0

vendor:f5model:big-ip application security managerscope:lteversion:16.1.4

Trust: 1.0

vendor:f5model:big-ip ddos hybrid defenderscope:lteversion:14.1.5

Trust: 1.0

vendor:f5model:big-ip ddos hybrid defenderscope:lteversion:16.1.4

Trust: 1.0

vendor:f5model:big-ip global traffic managerscope:gteversion:14.1.0

Trust: 1.0

vendor:f5model:big-ip access policy managerscope:eqversion:17.1.0

Trust: 1.0

vendor:redhatmodel:openshift serverlessscope:eqversion: -

Trust: 1.0

vendor:f5model:big-ip policy enforcement managerscope:gteversion:14.1.0

Trust: 1.0

vendor:f5model:big-ip websafescope:lteversion:14.1.5

Trust: 1.0

vendor:f5model:big-ip websafescope:lteversion:16.1.4

Trust: 1.0

vendor:f5model:nginx plusscope:gteversion:r25

Trust: 1.0

vendor:microsoftmodel:.netscope:gteversion:6.0.0

Trust: 1.0

vendor:f5model:big-ip application visibility and reportingscope:gteversion:14.1.0

Trust: 1.0

vendor:varnish cachemodel:varnish cachescope:ltversion:2023-10-10

Trust: 1.0

vendor:eclipsemodel:jettyscope:gteversion:11.0.0

Trust: 1.0

vendor:f5model:big-ip advanced firewall managerscope:lteversion:15.1.10

Trust: 1.0

vendor:nodejsmodel:node.jsscope:ltversion:20.8.1

Trust: 1.0

vendor:f5model:big-ip fraud protection servicescope:lteversion:15.1.10

Trust: 1.0

vendor:ciscomodel:crosswork zero touch provisioningscope:ltversion:6.0.0

Trust: 1.0

vendor:f5model:big-ip policy enforcement managerscope:lteversion:14.1.5

Trust: 1.0

vendor:redhatmodel:satellitescope:eqversion:6.0

Trust: 1.0

vendor:f5model:big-ip policy enforcement managerscope:lteversion:16.1.4

Trust: 1.0

vendor:akkamodel:http serverscope:ltversion:10.5.3

Trust: 1.0

vendor:f5model:big-ip webacceleratorscope:lteversion:13.1.5

Trust: 1.0

vendor:f5model:big-ip application security managerscope:eqversion:17.1.0

Trust: 1.0

vendor:f5model:big-ip application acceleration managerscope:eqversion:17.1.0

Trust: 1.0

vendor:f5model:big-ip nextscope:eqversion:20.0.1

Trust: 1.0

vendor:redhatmodel:openshift secondary scheduler operatorscope:eqversion: -

Trust: 1.0

vendor:ciscomodel:ultra cloud core - session management functionscope:ltversion:2024.02.0

Trust: 1.0

vendor:f5model:big-ip ddos hybrid defenderscope:gteversion:14.1.0

Trust: 1.0

vendor:f5model:nginx ingress controllerscope:gteversion:3.0.0

Trust: 1.0

vendor:ciscomodel:iot field network directorscope:ltversion:4.11.0

Trust: 1.0

vendor:f5model:big-ip ssl orchestratorscope:gteversion:15.1.0

Trust: 1.0

vendor:golangmodel:goscope:gteversion:1.21.0

Trust: 1.0

vendor:golangmodel:http2scope:ltversion:0.17.0

Trust: 1.0

vendor:f5model:big-ip application security managerscope:gteversion:15.1.0

Trust: 1.0

vendor:redhatmodel:machine deletion remediation operatorscope:eqversion: -

Trust: 1.0

vendor:redhatmodel:openshiftscope:eqversion: -

Trust: 1.0

vendor:f5model:big-ip application acceleration managerscope:gteversion:15.1.0

Trust: 1.0

vendor:redhatmodel:build of optaplannerscope:eqversion:8.0

Trust: 1.0

vendor:fedoraprojectmodel:fedorascope:eqversion:37

Trust: 1.0

vendor:eclipsemodel:jettyscope:ltversion:10.0.17

Trust: 1.0

vendor:f5model:big-ip advanced web application firewallscope:eqversion:17.1.0

Trust: 1.0

vendor:f5model:big-ip analyticsscope:lteversion:15.1.10

Trust: 1.0

vendor:envoyproxymodel:envoyscope:eqversion:1.25.9

Trust: 1.0

vendor:f5model:big-ip fraud protection servicescope:eqversion:17.1.0

Trust: 1.0

vendor:eclipsemodel:jettyscope:ltversion:12.0.2

Trust: 1.0

vendor:denamodel:h2oscope:ltversion:2023-10-10

Trust: 1.0

vendor:redhatmodel:jboss enterprise application platformscope:eqversion:7.0.0

Trust: 1.0

vendor:f5model:big-ip access policy managerscope:gteversion:16.1.0

Trust: 1.0

vendor:f5model:big-ip carrier-grade natscope:lteversion:15.1.10

Trust: 1.0

vendor:redhatmodel:openstack platformscope:eqversion:17.1

Trust: 1.0

vendor:linkerdmodel:linkerdscope:eqversion:2.13.1

Trust: 1.0

vendor:microsoftmodel:cbl-marinerscope:ltversion:2023-10-11

Trust: 1.0

vendor:grpcmodel:grpcscope:ltversion:1.56.3

Trust: 1.0

vendor:f5model:big-ip advanced web application firewallscope:gteversion:15.1.0

Trust: 1.0

vendor:microsoftmodel:visual studio 2022scope:gteversion:17.0

Trust: 1.0

vendor:f5model:big-ip domain name systemscope:lteversion:15.1.10

Trust: 1.0

vendor:f5model:big-ip link controllerscope:gteversion:16.1.0

Trust: 1.0

vendor:f5model:big-ip fraud protection servicescope:gteversion:15.1.0

Trust: 1.0

vendor:f5model:big-ip link controllerscope:lteversion:13.1.5

Trust: 1.0

vendor:microsoftmodel:windows 11 22h2scope:ltversion:10.0.22621.2428

Trust: 1.0

vendor:microsoftmodel:visual studio 2022scope:ltversion:17.7.5

Trust: 1.0

vendor:f5model:big-ip carrier-grade natscope:gteversion:16.1.0

Trust: 1.0

vendor:envoyproxymodel:envoyscope:eqversion:1.26.4

Trust: 1.0

vendor:f5model:big-ip access policy managerscope:gteversion:13.1.0

Trust: 1.0

vendor:f5model:big-ip ssl orchestratorscope:eqversion:17.1.0

Trust: 1.0

vendor:kazu yamamotomodel:http2scope:ltversion:4.2.2

Trust: 1.0

vendor:eclipsemodel:jettyscope:ltversion:11.0.17

Trust: 1.0

vendor:f5model:nginx plusscope:ltversion:r29

Trust: 1.0

vendor:linkerdmodel:linkerdscope:gteversion:2.12.0

Trust: 1.0

vendor:redhatmodel:cost managementscope:eqversion: -

Trust: 1.0

vendor:apachemodel:solrscope:ltversion:9.4.0

Trust: 1.0

vendor:apachemodel:traffic serverscope:ltversion:8.1.9

Trust: 1.0

vendor:projectcontourmodel:contourscope:ltversion:2023-10-11

Trust: 1.0

vendor:ciscomodel:telepresence video communication serverscope:ltversion:x14.3.3

Trust: 1.0

vendor:f5model:big-ip advanced firewall managerscope:gteversion:16.1.0

Trust: 1.0

vendor:f5model:big-ip global traffic managerscope:gteversion:15.1.0

Trust: 1.0

vendor:f5model:big-ip advanced firewall managerscope:lteversion:13.1.5

Trust: 1.0

vendor:redhatmodel:integration camel for spring bootscope:eqversion: -

Trust: 1.0

vendor:microsoftmodel:windows 10 21h2scope:ltversion:10.0.19044.3570

Trust: 1.0

vendor:redhatmodel:fence agents remediation operatorscope:eqversion: -

Trust: 1.0

vendor:ciscomodel:ultra cloud core - serving gateway functionscope:ltversion:2024.02.0

Trust: 1.0

vendor:f5model:big-ip link controllerscope:gteversion:13.1.0

Trust: 1.0

vendor:linkerdmodel:linkerdscope:eqversion:2.14.0

Trust: 1.0

vendor:redhatmodel:integration service registryscope:eqversion: -

Trust: 1.0

vendor:redhatmodel:openstack platformscope:eqversion:16.2

Trust: 1.0

vendor:redhatmodel:openshift virtualizationscope:eqversion:4

Trust: 1.0

vendor:f5model:big-ip carrier-grade natscope:gteversion:13.1.0

Trust: 1.0

vendor:redhatmodel:openshift dev spacesscope:eqversion: -

Trust: 1.0

vendor:redhatmodel:logging subsystem for red hat openshiftscope:eqversion: -

Trust: 1.0

vendor:nettymodel:nettyscope:ltversion:4.1.100

Trust: 1.0

vendor:redhatmodel:openshift data sciencescope:eqversion: -

Trust: 1.0

vendor:f5model:big-ip application visibility and reportingscope:gteversion:15.1.0

Trust: 1.0

vendor:microsoftmodel:windows server 2019scope:eqversion: -

Trust: 1.0

vendor:f5model:big-ip application acceleration managerscope:lteversion:14.1.5

Trust: 1.0

vendor:f5model:big-ip local traffic managerscope:gteversion:14.1.0

Trust: 1.0

vendor:f5model:big-ip application acceleration managerscope:lteversion:16.1.4

Trust: 1.0

vendor:debianmodel:linuxscope:eqversion:11.0

Trust: 1.0

vendor:f5model:big-ip application visibility and reportingscope:lteversion:16.1.4

Trust: 1.0

vendor:f5model:big-ip advanced firewall managerscope:gteversion:13.1.0

Trust: 1.0

vendor:golangmodel:goscope:ltversion:1.20.10

Trust: 1.0

vendor:ciscomodel:fog directorscope:ltversion:1.22

Trust: 1.0

vendor:ciscomodel:unified contact center enterprisescope:eqversion: -

Trust: 1.0

vendor:linkerdmodel:linkerdscope:lteversion:2.12.5

Trust: 1.0

vendor:f5model:big-ip next service proxy for kubernetesscope:lteversion:1.8.2

Trust: 1.0

vendor:microsoftmodel:.netscope:ltversion:7.0.12

Trust: 1.0

vendor:ciscomodel:nx-osscope:gteversion:10.3\(1\)

Trust: 1.0

vendor:f5model:big-ip access policy managerscope:lteversion:13.1.5

Trust: 1.0

vendor:apachemodel:tomcatscope:gteversion:9.0.0

Trust: 1.0

vendor:redhatmodel:single sign-onscope:eqversion:7.0

Trust: 1.0

vendor:redhatmodel:openshift developer tools and servicesscope:eqversion: -

Trust: 1.0

vendor:facebookmodel:proxygenscope:ltversion:2023.10.16.00

Trust: 1.0

vendor:f5model:big-ip global traffic managerscope:eqversion:17.1.0

Trust: 1.0

vendor:f5model:big-ip analyticsscope:gteversion:16.1.0

Trust: 1.0

vendor:ciscomodel:expresswayscope:ltversion:x14.3.3

Trust: 1.0

vendor:f5model:big-ip advanced web application firewallscope:lteversion:14.1.5

Trust: 1.0

vendor:f5model:big-ip advanced web application firewallscope:lteversion:16.1.4

Trust: 1.0

vendor:f5model:big-ip domain name systemscope:gteversion:15.1.0

Trust: 1.0

vendor:f5model:big-ip policy enforcement managerscope:eqversion:17.1.0

Trust: 1.0

vendor:microsoftmodel:windows 10 1607scope:ltversion:10.0.14393.6351

Trust: 1.0

vendor:redhatmodel:jboss fusescope:eqversion:6.0.0

Trust: 1.0

vendor:microsoftmodel:asp.net corescope:ltversion:7.0.12

Trust: 1.0

vendor:f5model:big-ip webacceleratorscope:lteversion:15.1.10

Trust: 1.0

vendor:ciscomodel:unified attendant console advancedscope:eqversion: -

Trust: 1.0

vendor:debianmodel:linuxscope:eqversion:12.0

Trust: 1.0

vendor:ciscomodel:data center network managerscope:eqversion: -

Trust: 1.0

vendor:redhatmodel:cryostatscope:eqversion:2.0

Trust: 1.0

vendor:f5model:big-ip application visibility and reportingscope:eqversion:17.1.0

Trust: 1.0

vendor:apachemodel:tomcatscope:lteversion:8.5.93

Trust: 1.0

vendor:f5model:big-ip application acceleration managerscope:gteversion:14.1.0

Trust: 1.0

vendor:redhatmodel:build of quarkusscope:eqversion: -

Trust: 1.0

vendor:microsoftmodel:visual studio 2022scope:gteversion:17.6

Trust: 1.0

vendor:f5model:big-ip ddos hybrid defenderscope:lteversion:15.1.10

Trust: 1.0

vendor:redhatmodel:jboss a-mq streamsscope:eqversion: -

Trust: 1.0

vendor:redhatmodel:web terminalscope:eqversion: -

Trust: 1.0

vendor:ciscomodel:unified contact center management portalscope:eqversion: -

Trust: 1.0

vendor:microsoftmodel:visual studio 2022scope:gteversion:17.4

Trust: 1.0

vendor:redhatmodel:migration toolkit for applicationsscope:eqversion:6.0

Trust: 1.0

vendor:redhatmodel:quayscope:eqversion:3.0.0

Trust: 1.0

vendor:f5model:big-ip ssl orchestratorscope:gteversion:13.1.0

Trust: 1.0

vendor:envoyproxymodel:envoyscope:eqversion:1.24.10

Trust: 1.0

vendor:f5model:big-ip ssl orchestratorscope:lteversion:14.1.5

Trust: 1.0

vendor:f5model:big-ip ssl orchestratorscope:lteversion:16.1.4

Trust: 1.0

vendor:f5model:big-ip websafescope:lteversion:15.1.10

Trust: 1.0

vendor:redhatmodel:migration toolkit for containersscope:eqversion: -

Trust: 1.0

vendor:microsoftmodel:windows server 2016scope:eqversion: -

Trust: 1.0

vendor:debianmodel:linuxscope:eqversion:10.0

Trust: 1.0

vendor:microsoftmodel:windows 11 21h2scope:ltversion:10.0.22000.2538

Trust: 1.0

vendor:microsoftmodel:.netscope:gteversion:7.0.0

Trust: 1.0

vendor:f5model:nginxscope:gteversion:1.9.5

Trust: 1.0

vendor:redhatmodel:certification for red hat enterprise linuxscope:eqversion:9.0

Trust: 1.0

vendor:f5model:big-ip advanced web application firewallscope:gteversion:14.1.0

Trust: 1.0

vendor:f5model:big-ip fraud protection servicescope:gteversion:14.1.0

Trust: 1.0

vendor:redhatmodel:service telemetry frameworkscope:eqversion:1.5

Trust: 1.0

vendor:f5model:big-ip local traffic managerscope:eqversion:17.1.0

Trust: 1.0

vendor:redhatmodel:jboss a-mqscope:eqversion:7

Trust: 1.0

vendor:ciscomodel:enterprise chat and emailscope:eqversion: -

Trust: 1.0

vendor:redhatmodel:network observability operatorscope:eqversion: -

Trust: 1.0

vendor:redhatmodel:openstack platformscope:eqversion:16.1

Trust: 1.0

vendor:f5model:nginxscope:lteversion:1.25.2

Trust: 1.0

vendor:redhatmodel:advanced cluster management for kubernetesscope:eqversion:2.0

Trust: 1.0

vendor:redhatmodel:ansible automation platformscope:eqversion:2.0

Trust: 1.0

vendor:grpcmodel:grpcscope:eqversion:1.57.0

Trust: 1.0

vendor:f5model:big-ip fraud protection servicescope:lteversion:14.1.5

Trust: 1.0

vendor:f5model:big-ip policy enforcement managerscope:gteversion:16.1.0

Trust: 1.0

vendor:f5model:big-ip fraud protection servicescope:lteversion:16.1.4

Trust: 1.0

vendor:f5model:big-ip link controllerscope:lteversion:15.1.10

Trust: 1.0

vendor:redhatmodel:advanced cluster securityscope:eqversion:3.0

Trust: 1.0

vendor:f5model:big-ip ssl orchestratorscope:lteversion:13.1.5

Trust: 1.0

vendor:f5model:big-ip webacceleratorscope:gteversion:15.1.0

Trust: 1.0

vendor:f5model:big-ip local traffic managerscope:gteversion:15.1.0

Trust: 1.0

vendor:f5model:nginx ingress controllerscope:gteversion:2.0.0

Trust: 1.0

vendor:grpcmodel:grpcscope:lteversion:1.59.2

Trust: 1.0

vendor:f5model:big-ip global traffic managerscope:lteversion:14.1.5

Trust: 1.0

vendor:istiomodel:istioscope:gteversion:1.19.0

Trust: 1.0

vendor:f5model:big-ip global traffic managerscope:lteversion:16.1.4

Trust: 1.0

vendor:envoyproxymodel:envoyscope:eqversion:1.27.0

Trust: 1.0

vendor:f5model:big-ip policy enforcement managerscope:gteversion:13.1.0

Trust: 1.0

vendor:redhatmodel:openshift container platform assisted installerscope:eqversion: -

Trust: 1.0

vendor:linkerdmodel:linkerdscope:eqversion:2.13.0

Trust: 1.0

vendor:f5model:big-ip application security managerscope:lteversion:13.1.5

Trust: 1.0

vendor:f5model:big-ip application visibility and reportingscope:gteversion:13.1.0

Trust: 1.0

vendor:f5model:big-ip application visibility and reportingscope:lteversion:14.1.5

Trust: 1.0

vendor:f5model:big-ip carrier-grade natscope:gteversion:14.1.0

Trust: 1.0

vendor:redhatmodel:ceph storagescope:eqversion:5.0

Trust: 1.0

vendor:f5model:big-ip ddos hybrid defenderscope:gteversion:16.1.0

Trust: 1.0

vendor:日立model:ucosminexus application serverscope: - version: -

Trust: 0.8

vendor:the gomodel:goscope: - version: -

Trust: 0.8

vendor:日立model:ucosminexus application server-rscope: - version: -

Trust: 0.8

vendor:f5model:big-ip analyticsscope: - version: -

Trust: 0.8

vendor:日立model:cosminexus component containerscope: - version: -

Trust: 0.8

vendor:f5model:big-ip global traffic managerscope: - version: -

Trust: 0.8

vendor:f5model:big-ip application acceleration managerscope: - version: -

Trust: 0.8

vendor:apachemodel:tomcatscope: - version: -

Trust: 0.8

vendor:f5model:big-ip access policy managerscope: - version: -

Trust: 0.8

vendor:日立model:ucosminexus primary server basescope: - version: -

Trust: 0.8

vendor:f5model:big-ip fraud protection servicescope: - version: -

Trust: 0.8

vendor:f5model:big-ip advanced firewall managerscope: - version: -

Trust: 0.8

vendor:the nettymodel:nettyscope: - version: -

Trust: 0.8

vendor:envoy proxymodel:envoyscope: - version: -

Trust: 0.8

vendor:日立model:ucosminexus developerscope: - version: -

Trust: 0.8

vendor:アップルmodel:swiftnio http/2scope: - version: -

Trust: 0.8

vendor:light codemodel:caddyscope: - version: -

Trust: 0.8

vendor:nghttp2model:nghttp2scope: - version: -

Trust: 0.8

vendor:the gomodel:networkingscope: - version: -

Trust: 0.8

vendor:f5model:big-ip domain name systemscope: - version: -

Trust: 0.8

vendor:f5model:big-ip application security managerscope: - version: -

Trust: 0.8

vendor:f5model:big-ip ddos hybrid defenderscope: - version: -

Trust: 0.8

vendor:日立model:ucosminexus service platformscope: - version: -

Trust: 0.8

vendor:f5model:big-ip carrier-grade network address translationscope: - version: -

Trust: 0.8

vendor:the gomodel:http2scope: - version: -

Trust: 0.8

vendor:f5model:big-ip advanced web application firewallscope: - version: -

Trust: 0.8

vendor:日立model:ucosminexus service architectscope: - version: -

Trust: 0.8

vendor:eclipsemodel:jettyscope: - version: -

Trust: 0.8

vendor:f5model:big-ip application visibility and reportingscope: - version: -

Trust: 0.8

vendor:インターネット技術タスクフォース ietfmodel:httpscope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2023-015462 // NVD: CVE-2023-44487

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2023-44487
value: HIGH

Trust: 1.0

134c704f-9b21-4f2e-91b3-4a467353bcc0: CVE-2023-44487
value: HIGH

Trust: 1.0

NVD: CVE-2023-44487
value: HIGH

Trust: 0.8

nvd@nist.gov: CVE-2023-44487
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.1

Trust: 2.0

NVD: CVE-2023-44487
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2023-015462 // NVD: CVE-2023-44487 // NVD: CVE-2023-44487

PROBLEMTYPE DATA

problemtype:NVD-CWE-noinfo

Trust: 1.0

problemtype:CWE-400

Trust: 1.0

problemtype:Resource exhaustion (CWE-400) [NVD evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2023-015462 // NVD: CVE-2023-44487

THREAT TYPE

remote

Trust: 0.1

sources: PACKETSTORM: 178284

PATCH

title:hitachi-sec-2024-116 Software product security informationurl:https://github.com/apache/apisix/issues/10320

Trust: 0.8

sources: JVNDB: JVNDB-2023-015462

EXTERNAL IDS

db:NVDid:CVE-2023-44487

Trust: 3.4

db:OPENWALLid:OSS-SECURITY/2023/10/10/6

Trust: 1.8

db:OPENWALLid:OSS-SECURITY/2023/10/19/6

Trust: 1.8

db:OPENWALLid:OSS-SECURITY/2023/10/18/8

Trust: 1.8

db:OPENWALLid:OSS-SECURITY/2023/10/20/8

Trust: 1.8

db:OPENWALLid:OSS-SECURITY/2023/10/13/4

Trust: 1.8

db:OPENWALLid:OSS-SECURITY/2023/10/13/9

Trust: 1.8

db:OPENWALLid:OSS-SECURITY/2023/10/18/4

Trust: 1.8

db:JVNid:JVNVU99084687

Trust: 0.8

db:JVNid:JVNVU93250330

Trust: 0.8

db:JVNid:JVNVU93656033

Trust: 0.8

db:JVNid:JVNVU96191615

Trust: 0.8

db:ICS CERTid:ICSA-24-165-04

Trust: 0.8

db:ICS CERTid:ICSA-24-228-06

Trust: 0.8

db:ICS CERTid:ICSA-24-319-08

Trust: 0.8

db:ICS CERTid:ICSA-24-074-05

Trust: 0.8

db:JVNDBid:JVNDB-2023-015462

Trust: 0.8

db:PACKETSTORMid:175129

Trust: 0.1

db:PACKETSTORMid:175119

Trust: 0.1

db:PACKETSTORMid:175172

Trust: 0.1

db:PACKETSTORMid:175162

Trust: 0.1

db:PACKETSTORMid:178284

Trust: 0.1

db:PACKETSTORMid:177716

Trust: 0.1

db:PACKETSTORMid:175298

Trust: 0.1

db:PACKETSTORMid:175289

Trust: 0.1

sources: JVNDB: JVNDB-2023-015462 // PACKETSTORM: 175129 // PACKETSTORM: 175119 // PACKETSTORM: 175172 // PACKETSTORM: 175162 // PACKETSTORM: 178284 // PACKETSTORM: 177716 // PACKETSTORM: 175298 // PACKETSTORM: 175289 // NVD: CVE-2023-44487

REFERENCES

url:https://access.redhat.com/security/cve/cve-2023-44487

Trust: 1.9

url:https://bugzilla.redhat.com/show_bug.cgi?id=2242803

Trust: 1.9

url:http://www.openwall.com/lists/oss-security/2023/10/13/4

Trust: 1.8

url:http://www.openwall.com/lists/oss-security/2023/10/13/9

Trust: 1.8

url:http://www.openwall.com/lists/oss-security/2023/10/18/4

Trust: 1.8

url:http://www.openwall.com/lists/oss-security/2023/10/18/8

Trust: 1.8

url:http://www.openwall.com/lists/oss-security/2023/10/19/6

Trust: 1.8

url:http://www.openwall.com/lists/oss-security/2023/10/20/8

Trust: 1.8

url:https://arstechnica.com/security/2023/10/how-ddosers-used-the-http-2-protocol-to-deliver-attacks-of-unprecedented-size/

Trust: 1.8

url:https://aws.amazon.com/security/security-bulletins/aws-2023-011/

Trust: 1.8

url:https://blog.cloudflare.com/technical-breakdown-http2-rapid-reset-ddos-attack/

Trust: 1.8

url:https://blog.cloudflare.com/zero-day-rapid-reset-http2-record-breaking-ddos-attack/

Trust: 1.8

url:https://blog.litespeedtech.com/2023/10/11/rapid-reset-http-2-vulnerablilty/

Trust: 1.8

url:https://blog.qualys.com/vulnerabilities-threat-research/2023/10/10/cve-2023-44487-http-2-rapid-reset-attack

Trust: 1.8

url:https://blog.vespa.ai/cve-2023-44487/

Trust: 1.8

url:https://bugzilla.proxmox.com/show_bug.cgi?id=4988

Trust: 1.8

url:https://bugzilla.suse.com/show_bug.cgi?id=1216123

Trust: 1.8

url:https://cgit.freebsd.org/ports/commit/?id=c64c329c2c1752f46b73e3e6ce9f4329be6629f9

Trust: 1.8

url:https://cloud.google.com/blog/products/identity-security/google-cloud-mitigated-largest-ddos-attack-peaking-above-398-million-rps/

Trust: 1.8

url:https://cloud.google.com/blog/products/identity-security/how-it-works-the-novel-http2-rapid-reset-ddos-attack

Trust: 1.8

url:https://community.traefik.io/t/is-traefik-vulnerable-to-cve-2023-44487/20125

Trust: 1.8

url:https://discuss.hashicorp.com/t/hcsec-2023-32-vault-consul-and-boundary-affected-by-http-2-rapid-reset-denial-of-service-vulnerability-cve-2023-44487/59715

Trust: 1.8

url:https://edg.io/lp/blog/resets-leaks-ddos-and-the-tale-of-a-hidden-cve

Trust: 1.8

url:https://gist.github.com/adulau/7c2bfb8e9cdbe4b35a5e131c66a0c088

Trust: 1.8

url:https://github.com/azure/aks/issues/3947

Trust: 1.8

url:https://github.com/kong/kong/discussions/11741

Trust: 1.8

url:https://github.com/advisories/ghsa-qppj-fm5r-hxr3

Trust: 1.8

url:https://github.com/advisories/ghsa-vx74-f528-fxqg

Trust: 1.8

url:https://github.com/advisories/ghsa-xpw8-rcwv-8f8p

Trust: 1.8

url:https://github.com/akka/akka-http/issues/4323

Trust: 1.8

url:https://github.com/alibaba/tengine/issues/1872

Trust: 1.8

url:https://github.com/arkrwn/poc/tree/main/cve-2023-44487

Trust: 1.8

url:https://github.com/bcdannyboy/cve-2023-44487

Trust: 1.8

url:https://github.com/dotnet/announcements/issues/277

Trust: 1.8

url:https://github.com/dotnet/core/blob/e4613450ea0da7fd2fc6b61dfb2c1c1dec1ce9ec/release-notes/6.0/6.0.23/6.0.23.md?plain=1#l73

Trust: 1.8

url:https://github.com/etcd-io/etcd/issues/16740

Trust: 1.8

url:https://github.com/facebook/proxygen/pull/466

Trust: 1.8

url:https://github.com/grpc/grpc-go/pull/6703

Trust: 1.8

url:https://github.com/h2o/h2o/pull/3291

Trust: 1.8

url:https://github.com/h2o/h2o/security/advisories/ghsa-2m7v-gc89-fjqf

Trust: 1.8

url:https://github.com/haproxy/haproxy/issues/2312

Trust: 1.8

url:https://github.com/icing/mod_h2/blob/0a864782af0a942aa2ad4ed960a6b32cd35bcf0a/mod_http2/readme.md?plain=1#l239-l244

Trust: 1.8

url:https://github.com/junkurihara/rust-rpxy/issues/97

Trust: 1.8

url:https://github.com/kazu-yamamoto/http2/commit/f61d41a502bd0f60eb24e1ce14edc7b6df6722a1

Trust: 1.8

url:https://github.com/kazu-yamamoto/http2/issues/93

Trust: 1.8

url:https://github.com/kubernetes/kubernetes/pull/121120

Trust: 1.8

url:https://github.com/line/armeria/pull/5232

Trust: 1.8

url:https://github.com/linkerd/website/pull/1695/commits/4b9c6836471bc8270ab48aae6fd2181bc73fd632

Trust: 1.8

url:https://github.com/micrictor/http2-rst-stream

Trust: 1.8

url:https://github.com/microsoft/cbl-mariner/pull/6381

Trust: 1.8

url:https://github.com/ninenines/cowboy/issues/1615

Trust: 1.8

url:https://github.com/nodejs/node/pull/50121

Trust: 1.8

url:https://github.com/openresty/openresty/issues/930

Trust: 1.8

url:https://github.com/opensearch-project/data-prepper/issues/3474

Trust: 1.8

url:https://github.com/oqtane/oqtane.framework/discussions/3367

Trust: 1.8

url:https://github.com/projectcontour/contour/pull/5826

Trust: 1.8

url:https://github.com/tempesta-tech/tempesta/issues/1986

Trust: 1.8

url:https://github.com/varnishcache/varnish-cache/issues/3996

Trust: 1.8

url:https://istio.io/latest/news/security/istio-security-2023-004/

Trust: 1.8

url:https://linkerd.io/2023/10/12/linkerd-cve-2023-44487/

Trust: 1.8

url:https://lists.debian.org/debian-lts-announce/2023/10/msg00020.html

Trust: 1.8

url:https://lists.debian.org/debian-lts-announce/2023/10/msg00023.html

Trust: 1.8

url:https://lists.debian.org/debian-lts-announce/2023/10/msg00024.html

Trust: 1.8

url:https://lists.debian.org/debian-lts-announce/2023/10/msg00045.html

Trust: 1.8

url:https://lists.debian.org/debian-lts-announce/2023/10/msg00047.html

Trust: 1.8

url:https://lists.debian.org/debian-lts-announce/2023/11/msg00001.html

Trust: 1.8

url:https://lists.debian.org/debian-lts-announce/2023/11/msg00012.html

Trust: 1.8

url:https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2mbeppc36ubvozznaxfhklfgslcmn5li/

Trust: 1.8

url:https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3n4nj7fr4x4fpzugntqapstvb2hb2y4a/

Trust: 1.8

url:https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/bfqd3kuemfbhpapbglwqc34l4owl5haz/

Trust: 1.8

url:https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/clb4tw7kalb3eeqwnwcn7ouiwwvwwcg2/

Trust: 1.8

url:https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/e72t67updrxhidlo3oror25yamn4ggw5/

Trust: 1.8

url:https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/fna62q767cfafhbcdkynpbmzwb7twyvu/

Trust: 1.8

url:https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ht7t2r4mqklif4odv4bdlparwfpcj5cz/

Trust: 1.8

url:https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/jizsefc3ykcgaba2bzw6zjrmdzjmb7pj/

Trust: 1.8

url:https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/jmexy22bfg5q64hqcm5ck2q7kdkvv4ty/

Trust: 1.8

url:https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ksegd2iwknuo3dwy4kqguqm5bisrwhqe/

Trust: 1.8

url:https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/lkyhszqfdnr7rsa7lhvlliaqmvycugbg/

Trust: 1.8

url:https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/lnmzjcdhgljjlxo4oxwjmtvqrnwoc7ul/

Trust: 1.8

url:https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/vhuhtsxlxgxs7jykbxta3vinuphtngvu/

Trust: 1.8

url:https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/vsrdiv77hnkusm7sjc5bke5jshlhu2nk/

Trust: 1.8

url:https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/we2i52rhnnu42px6nz2rbuhsffj2lvzx/

Trust: 1.8

url:https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/wlprq5twuqqxywbjm7ecydail2yvkiuh/

Trust: 1.8

url:https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/x6qxn4orivf6xbw4wwfe7vnpvc74s45y/

Trust: 1.8

url:https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/xfoibb4yfichdm7ibop7pwxw3fx4hll2/

Trust: 1.8

url:https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/zb43remkrqr62njei7i5nq4fsxnlbkrt/

Trust: 1.8

url:https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/zkqsikiat5tj3wslu3rdbq35yx4gy4v3/

Trust: 1.8

url:https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/zlu6u2r2ic2k64ndpnmv55auao65maf4/

Trust: 1.8

url:https://lists.w3.org/archives/public/ietf-http-wg/2023octdec/0025.html

Trust: 1.8

url:https://mailman.nginx.org/pipermail/nginx-devel/2023-october/s36q5hbxr7caimpllprsssyr4pcmwilk.html

Trust: 1.8

url:https://martinthomson.github.io/h2-stream-limits/draft-thomson-httpbis-h2-stream-limits.html

Trust: 1.8

url:https://msrc.microsoft.com/blog/2023/10/microsoft-response-to-distributed-denial-of-service-ddos-attacks-against-http/2/

Trust: 1.8

url:https://msrc.microsoft.com/update-guide/vulnerability/cve-2023-44487

Trust: 1.8

url:https://news.ycombinator.com/item?id=37830987

Trust: 1.8

url:https://news.ycombinator.com/item?id=37830998

Trust: 1.8

url:https://news.ycombinator.com/item?id=37831062

Trust: 1.8

url:https://news.ycombinator.com/item?id=37837043

Trust: 1.8

url:https://openssf.org/blog/2023/10/10/http-2-rapid-reset-vulnerability-highlights-need-for-rapid-response/

Trust: 1.8

url:https://seanmonstar.com/post/730794151136935936/hyper-http2-rapid-reset-unaffected

Trust: 1.8

url:https://security.gentoo.org/glsa/202311-09

Trust: 1.8

url:https://security.netapp.com/advisory/ntap-20231016-0001/

Trust: 1.8

url:https://security.paloaltonetworks.com/cve-2023-44487

Trust: 1.8

url:https://tomcat.apache.org/security-10.html#fixed_in_apache_tomcat_10.1.14

Trust: 1.8

url:https://ubuntu.com/security/cve-2023-44487

Trust: 1.8

url:https://www.bleepingcomputer.com/news/security/new-http-2-rapid-reset-zero-day-attack-breaks-ddos-records/

Trust: 1.8

url:https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487

Trust: 1.8

url:https://www.darkreading.com/cloud/internet-wide-zero-day-bug-fuels-largest-ever-ddos-event

Trust: 1.8

url:https://www.debian.org/security/2023/dsa-5521

Trust: 1.8

url:https://www.debian.org/security/2023/dsa-5522

Trust: 1.8

url:https://www.debian.org/security/2023/dsa-5540

Trust: 1.8

url:https://www.debian.org/security/2023/dsa-5549

Trust: 1.8

url:https://www.debian.org/security/2023/dsa-5558

Trust: 1.8

url:https://www.debian.org/security/2023/dsa-5570

Trust: 1.8

url:https://www.haproxy.com/blog/haproxy-is-not-affected-by-the-http-2-rapid-reset-attack-cve-2023-44487

Trust: 1.8

url:https://www.netlify.com/blog/netlify-successfully-mitigates-cve-2023-44487/

Trust: 1.8

url:https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/

Trust: 1.8

url:https://www.openwall.com/lists/oss-security/2023/10/10/6

Trust: 1.8

url:https://www.phoronix.com/news/http2-rapid-reset-attack

Trust: 1.8

url:https://www.theregister.com/2023/10/10/http2_rapid_reset_zeroday/

Trust: 1.8

url:https://nvd.nist.gov/vuln/detail/cve-2023-44487

Trust: 1.5

url:https://forums.swift.org/t/swift-nio-http2-security-update-cve-2023-44487-http-2-dos/67764

Trust: 1.0

url:https://github.com/apache/apisix/issues/10320

Trust: 1.0

url:https://github.com/apache/httpd-site/pull/10

Trust: 1.0

url:https://github.com/apache/httpd/blob/afcdbeebbff4b0c50ea26cdd16e178c0d1f24152/modules/http2/h2_mplx.c#l1101-l1113

Trust: 1.0

url:https://github.com/apache/tomcat/tree/main/java/org/apache/coyote/http2

Trust: 1.0

url:https://github.com/apache/trafficserver/pull/10564

Trust: 1.0

url:https://github.com/caddyserver/caddy/issues/5877

Trust: 1.0

url:https://github.com/caddyserver/caddy/releases/tag/v2.7.5

Trust: 1.0

url:https://github.com/eclipse/jetty.project/issues/10679

Trust: 1.0

url:https://github.com/envoyproxy/envoy/pull/30055

Trust: 1.0

url:https://github.com/golang/go/issues/63417

Trust: 1.0

url:https://github.com/netty/netty/commit/58f75f665aa81a8cbcf6ffa74820042a285c5e61

Trust: 1.0

url:https://github.com/nghttp2/nghttp2/pull/1961

Trust: 1.0

url:https://github.com/nghttp2/nghttp2/releases/tag/v1.57.0

Trust: 1.0

url:https://groups.google.com/g/golang-announce/c/innxdtcjzvo

Trust: 1.0

url:https://lists.apache.org/thread/5py8h42mxfsn8l1wy6o41xwhsjlsd87q

Trust: 1.0

url:https://my.f5.com/manage/s/article/k000137106

Trust: 1.0

url:https://netty.io/news/2023/10/10/4-1-100-final.html

Trust: 1.0

url:https://security.netapp.com/advisory/ntap-20240426-0007/

Trust: 1.0

url:https://security.netapp.com/advisory/ntap-20240621-0006/

Trust: 1.0

url:https://security.netapp.com/advisory/ntap-20240621-0007/

Trust: 1.0

url:https://jvn.jp/vu/jvnvu93656033/

Trust: 0.8

url:https://jvn.jp/vu/jvnvu93250330/index.html

Trust: 0.8

url:https://jvn.jp/vu/jvnvu99084687/index.html

Trust: 0.8

url:https://jvn.jp/vu/jvnvu96191615/

Trust: 0.8

url:https://www.cisa.gov/known-exploited-vulnerabilities-catalog

Trust: 0.8

url:https://www.cisa.gov/news-events/ics-advisories/icsa-24-074-05

Trust: 0.8

url:https://www.cisa.gov/news-events/ics-advisories/icsa-24-165-04

Trust: 0.8

url:https://www.cisa.gov/news-events/ics-advisories/icsa-24-228-06

Trust: 0.8

url:https://www.cisa.gov/news-events/ics-advisories/icsa-24-319-08

Trust: 0.8

url:https://access.redhat.com/security/vulnerabilities/rhsb-2023-003

Trust: 0.7

url:https://access.redhat.com/security/updates/classification/#important

Trust: 0.7

url:https://access.redhat.com/articles/11258

Trust: 0.5

url:https://access.redhat.com/security/data/csaf/v2/advisories/2023/rhsa-2023_5769.json

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2023:5769

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2023:5724

Trust: 0.1

url:https://access.redhat.com/security/data/csaf/v2/advisories/2023/rhsa-2023_5724.json

Trust: 0.1

url:https://access.redhat.com/articles/4966181

Trust: 0.1

url:https://access.redhat.com/documentation/en-us/red_hat_build_of_quarkus/2.13/

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2023:5803

Trust: 0.1

url:https://access.redhat.com/security/data/csaf/v2/advisories/2023/rhsa-2023_5803.json

Trust: 0.1

url:https://access.redhat.com/security/data/csaf/v2/advisories/2023/rhsa-2023_5784.json

Trust: 0.1

url:https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?product=webserver&downloadtype=securitypatches&version=5.7

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2023:5784

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/nghttp2/1.40.0-1ubuntu0.3

Trust: 0.1

url:https://ubuntu.com/security/notices/usn-6754-1

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/nghttp2/1.43.0-1ubuntu0.2

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/nghttp2/1.55.1-1ubuntu0.2

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-9513

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-9511

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2024-28182

Trust: 0.1

url:https://bugzilla.redhat.com/show_bug.cgi?id=2264574

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2024:1444

Trust: 0.1

url:https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_1444.json

Trust: 0.1

url:https://access.redhat.com/security/data/csaf/v2/advisories/2023/rhsa-2023_6048.json

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2023-39325

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2023-39325

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2023:6048

Trust: 0.1

url:https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_security_for_kubernetes/4.2/html/release_notes/release-notes-42

Trust: 0.1

url:https://access.redhat.com/security/data/csaf/v2/advisories/2023/rhsa-2023_6020.json

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2023:6020

Trust: 0.1

sources: JVNDB: JVNDB-2023-015462 // PACKETSTORM: 175129 // PACKETSTORM: 175119 // PACKETSTORM: 175172 // PACKETSTORM: 175162 // PACKETSTORM: 178284 // PACKETSTORM: 177716 // PACKETSTORM: 175298 // PACKETSTORM: 175289 // NVD: CVE-2023-44487

CREDITS

Red Hat

Trust: 0.7

sources: PACKETSTORM: 175129 // PACKETSTORM: 175119 // PACKETSTORM: 175172 // PACKETSTORM: 175162 // PACKETSTORM: 177716 // PACKETSTORM: 175298 // PACKETSTORM: 175289

SOURCES

db:JVNDBid:JVNDB-2023-015462
db:PACKETSTORMid:175129
db:PACKETSTORMid:175119
db:PACKETSTORMid:175172
db:PACKETSTORMid:175162
db:PACKETSTORMid:178284
db:PACKETSTORMid:177716
db:PACKETSTORMid:175298
db:PACKETSTORMid:175289
db:NVDid:CVE-2023-44487

LAST UPDATE DATE

2024-11-20T20:48:36.089000+00:00


SOURCES UPDATE DATE

db:JVNDBid:JVNDB-2023-015462date:2024-11-19T02:29:00
db:NVDid:CVE-2023-44487date:2024-08-14T19:57:18.860

SOURCES RELEASE DATE

db:JVNDBid:JVNDB-2023-015462date:2023-12-27T00:00:00
db:PACKETSTORMid:175129date:2023-10-17T15:40:32
db:PACKETSTORMid:175119date:2023-10-17T15:37:58
db:PACKETSTORMid:175172date:2023-10-18T16:26:02
db:PACKETSTORMid:175162date:2023-10-18T16:23:39
db:PACKETSTORMid:178284date:2024-04-26T15:13:40
db:PACKETSTORMid:177716date:2024-03-21T14:25:59
db:PACKETSTORMid:175298date:2023-10-24T15:55:29
db:PACKETSTORMid:175289date:2023-10-24T15:51:35
db:NVDid:CVE-2023-44487date:2023-10-10T14:15:10.883