CVE-2023-44487

The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.
References
Link Resource
http://www.openwall.com/lists/oss-security/2023/10/13/4 Mailing List Third Party Advisory
http://www.openwall.com/lists/oss-security/2023/10/13/9 Mailing List Third Party Advisory
http://www.openwall.com/lists/oss-security/2023/10/18/4 Mailing List Third Party Advisory
http://www.openwall.com/lists/oss-security/2023/10/18/8 Mailing List Third Party Advisory
http://www.openwall.com/lists/oss-security/2023/10/19/6 Mailing List Third Party Advisory
http://www.openwall.com/lists/oss-security/2023/10/20/8 Mailing List
https://access.redhat.com/security/cve/cve-2023-44487 Vendor Advisory
https://arstechnica.com/security/2023/10/how-ddosers-used-the-http-2-protocol-to-deliver-attacks-of-unprecedented-size/ Press/Media Coverage Third Party Advisory
https://aws.amazon.com/security/security-bulletins/AWS-2023-011/ Third Party Advisory
https://blog.cloudflare.com/technical-breakdown-http2-rapid-reset-ddos-attack/ Technical Description Vendor Advisory
https://blog.cloudflare.com/zero-day-rapid-reset-http2-record-breaking-ddos-attack/ Vendor Advisory
https://blog.litespeedtech.com/2023/10/11/rapid-reset-http-2-vulnerablilty/ Vendor Advisory
https://blog.qualys.com/vulnerabilities-threat-research/2023/10/10/cve-2023-44487-http-2-rapid-reset-attack Press/Media Coverage Third Party Advisory
https://blog.vespa.ai/cve-2023-44487/ Vendor Advisory
https://bugzilla.proxmox.com/show_bug.cgi?id=4988 Issue Tracking Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=2242803 Issue Tracking Vendor Advisory
https://bugzilla.suse.com/show_bug.cgi?id=1216123 Issue Tracking Vendor Advisory
https://cgit.freebsd.org/ports/commit/?id=c64c329c2c1752f46b73e3e6ce9f4329be6629f9 Mailing List Patch Vendor Advisory
https://cloud.google.com/blog/products/identity-security/google-cloud-mitigated-largest-ddos-attack-peaking-above-398-million-rps/ Technical Description Vendor Advisory
https://cloud.google.com/blog/products/identity-security/how-it-works-the-novel-http2-rapid-reset-ddos-attack Technical Description Vendor Advisory
https://community.traefik.io/t/is-traefik-vulnerable-to-cve-2023-44487/20125 Vendor Advisory
https://discuss.hashicorp.com/t/hcsec-2023-32-vault-consul-and-boundary-affected-by-http-2-rapid-reset-denial-of-service-vulnerability-cve-2023-44487/59715 Third Party Advisory
https://edg.io/lp/blog/resets-leaks-ddos-and-the-tale-of-a-hidden-cve Technical Description Third Party Advisory
https://forums.swift.org/t/swift-nio-http2-security-update-cve-2023-44487-http-2-dos/67764 Vendor Advisory
https://gist.github.com/adulau/7c2bfb8e9cdbe4b35a5e131c66a0c088 Third Party Advisory
https://github.com/Azure/AKS/issues/3947 Issue Tracking Vendor Advisory
https://github.com/Kong/kong/discussions/11741 Issue Tracking Vendor Advisory
https://github.com/advisories/GHSA-qppj-fm5r-hxr3 Vendor Advisory
https://github.com/advisories/GHSA-vx74-f528-fxqg Mitigation Patch Vendor Advisory
https://github.com/advisories/GHSA-xpw8-rcwv-8f8p Patch Vendor Advisory
https://github.com/akka/akka-http/issues/4323 Issue Tracking Vendor Advisory
https://github.com/alibaba/tengine/issues/1872 Issue Tracking Vendor Advisory
https://github.com/apache/apisix/issues/10320 Issue Tracking Vendor Advisory
https://github.com/apache/httpd-site/pull/10 Issue Tracking Vendor Advisory
https://github.com/apache/httpd/blob/afcdbeebbff4b0c50ea26cdd16e178c0d1f24152/modules/http2/h2_mplx.c#L1101-L1113 Product Third Party Advisory
https://github.com/apache/tomcat/tree/main/java/org/apache/coyote/http2 Product Third Party Advisory
https://github.com/apache/trafficserver/pull/10564 Patch Vendor Advisory
https://github.com/arkrwn/PoC/tree/main/CVE-2023-44487 Vendor Advisory
https://github.com/bcdannyboy/CVE-2023-44487 Third Party Advisory
https://github.com/caddyserver/caddy/issues/5877 Issue Tracking Vendor Advisory
https://github.com/caddyserver/caddy/releases/tag/v2.7.5 Release Notes Third Party Advisory
https://github.com/dotnet/announcements/issues/277 Mitigation Vendor Advisory
https://github.com/dotnet/core/blob/e4613450ea0da7fd2fc6b61dfb2c1c1dec1ce9ec/release-notes/6.0/6.0.23/6.0.23.md?plain=1#L73 Product Release Notes Vendor Advisory
https://github.com/eclipse/jetty.project/issues/10679 Issue Tracking Vendor Advisory
https://github.com/envoyproxy/envoy/pull/30055 Patch Vendor Advisory
https://github.com/etcd-io/etcd/issues/16740 Issue Tracking Patch Vendor Advisory
https://github.com/facebook/proxygen/pull/466 Patch Vendor Advisory
https://github.com/golang/go/issues/63417 Issue Tracking Vendor Advisory
https://github.com/grpc/grpc-go/pull/6703 Patch Vendor Advisory
https://github.com/h2o/h2o/pull/3291 Patch Third Party Advisory
https://github.com/h2o/h2o/security/advisories/GHSA-2m7v-gc89-fjqf Vendor Advisory
https://github.com/haproxy/haproxy/issues/2312 Issue Tracking Vendor Advisory
https://github.com/icing/mod_h2/blob/0a864782af0a942aa2ad4ed960a6b32cd35bcf0a/mod_http2/README.md?plain=1#L239-L244 Product Vendor Advisory
https://github.com/junkurihara/rust-rpxy/issues/97 Issue Tracking Vendor Advisory
https://github.com/kazu-yamamoto/http2/commit/f61d41a502bd0f60eb24e1ce14edc7b6df6722a1 Patch Third Party Advisory
https://github.com/kazu-yamamoto/http2/issues/93 Issue Tracking Third Party Advisory
https://github.com/kubernetes/kubernetes/pull/121120 Patch Vendor Advisory
https://github.com/line/armeria/pull/5232 Issue Tracking Patch Vendor Advisory
https://github.com/linkerd/website/pull/1695/commits/4b9c6836471bc8270ab48aae6fd2181bc73fd632 Vendor Advisory
https://github.com/micrictor/http2-rst-stream Exploit Third Party Advisory
https://github.com/microsoft/CBL-Mariner/pull/6381 Patch Vendor Advisory
https://github.com/netty/netty/commit/58f75f665aa81a8cbcf6ffa74820042a285c5e61 Patch Vendor Advisory
https://github.com/nghttp2/nghttp2/pull/1961 Patch Vendor Advisory
https://github.com/nghttp2/nghttp2/releases/tag/v1.57.0 Release Notes Third Party Advisory
https://github.com/ninenines/cowboy/issues/1615 Issue Tracking Vendor Advisory
https://github.com/nodejs/node/pull/50121 Vendor Advisory
https://github.com/openresty/openresty/issues/930 Issue Tracking Vendor Advisory
https://github.com/opensearch-project/data-prepper/issues/3474 Issue Tracking Patch Vendor Advisory
https://github.com/oqtane/oqtane.framework/discussions/3367 Issue Tracking Vendor Advisory
https://github.com/projectcontour/contour/pull/5826 Issue Tracking Patch Vendor Advisory
https://github.com/tempesta-tech/tempesta/issues/1986 Issue Tracking Vendor Advisory
https://github.com/varnishcache/varnish-cache/issues/3996 Issue Tracking Vendor Advisory
https://groups.google.com/g/golang-announce/c/iNNxDTCjZvo Mailing List Vendor Advisory
https://istio.io/latest/news/security/istio-security-2023-004/ Vendor Advisory
https://linkerd.io/2023/10/12/linkerd-cve-2023-44487/ Vendor Advisory
https://lists.apache.org/thread/5py8h42mxfsn8l1wy6o41xwhsjlsd87q Mailing List Vendor Advisory
https://lists.debian.org/debian-lts-announce/2023/10/msg00020.html Mailing List Third Party Advisory
https://lists.debian.org/debian-lts-announce/2023/10/msg00023.html Mailing List Third Party Advisory
https://lists.debian.org/debian-lts-announce/2023/10/msg00024.html Mailing List Third Party Advisory
https://lists.debian.org/debian-lts-announce/2023/10/msg00045.html Third Party Advisory
https://lists.debian.org/debian-lts-announce/2023/10/msg00047.html Third Party Advisory
https://lists.debian.org/debian-lts-announce/2023/11/msg00001.html Mailing List Third Party Advisory
https://lists.debian.org/debian-lts-announce/2023/11/msg00012.html Mailing List Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2MBEPPC36UBVOZZNAXFHKLFGSLCMN5LI/ Mailing List Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3N4NJ7FR4X4FPZUGNTQAPSTVB2HB2Y4A/ Mailing List Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BFQD3KUEMFBHPAPBGLWQC34L4OWL5HAZ/ Mailing List Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CLB4TW7KALB3EEQWNWCN7OUIWWVWWCG2/ Mailing List Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/E72T67UPDRXHIDLO3OROR25YAMN4GGW5/ Mailing List Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FNA62Q767CFAFHBCDKYNPBMZWB7TWYVU/ Mailing List Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HT7T2R4MQKLIF4ODV4BDLPARWFPCJ5CZ/ Mailing List Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JIZSEFC3YKCGABA2BZW6ZJRMDZJMB7PJ/ Mailing List Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JMEXY22BFG5Q64HQCM5CK2Q7KDKVV4TY/ Mailing List Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KSEGD2IWKNUO3DWY4KQGUQM5BISRWHQE/ Mailing List Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LKYHSZQFDNR7RSA7LHVLLIAQMVYCUGBG/ Mailing List Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LNMZJCDHGLJJLXO4OXWJMTVQRNWOC7UL/ Mailing List Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VHUHTSXLXGXS7JYKBXTA3VINUPHTNGVU/ Mailing List Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VSRDIV77HNKUSM7SJC5BKE5JSHLHU2NK/ Mailing List Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WE2I52RHNNU42PX6NZ2RBUHSFFJ2LVZX/ Mailing List Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WLPRQ5TWUQQXYWBJM7ECYDAIL2YVKIUH/ Mailing List Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X6QXN4ORIVF6XBW4WWFE7VNPVC74S45Y/ Mailing List Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XFOIBB4YFICHDM7IBOP7PWXW3FX4HLL2/ Mailing List Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZB43REMKRQR62NJEI7I5NQ4FSXNLBKRT/ Mailing List Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZKQSIKIAT5TJ3WSLU3RDBQ35YX4GY4V3/ Mailing List Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZLU6U2R2IC2K64NDPNMV55AUAO65MAF4/ Mailing List Third Party Advisory
https://lists.w3.org/Archives/Public/ietf-http-wg/2023OctDec/0025.html Mailing List Third Party Advisory
https://mailman.nginx.org/pipermail/nginx-devel/2023-October/S36Q5HBXR7CAIMPLLPRSSSYR4PCMWILK.html Mailing List Patch Third Party Advisory
https://martinthomson.github.io/h2-stream-limits/draft-thomson-httpbis-h2-stream-limits.html Third Party Advisory
https://msrc.microsoft.com/blog/2023/10/microsoft-response-to-distributed-denial-of-service-ddos-attacks-against-http/2/ Patch Vendor Advisory
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-44487 Mitigation Patch Vendor Advisory
https://my.f5.com/manage/s/article/K000137106 Vendor Advisory
https://netty.io/news/2023/10/10/4-1-100-Final.html Release Notes Vendor Advisory
https://news.ycombinator.com/item?id=37830987 Issue Tracking Third Party Advisory
https://news.ycombinator.com/item?id=37830998 Issue Tracking Press/Media Coverage
https://news.ycombinator.com/item?id=37831062 Issue Tracking Third Party Advisory
https://news.ycombinator.com/item?id=37837043 Issue Tracking
https://openssf.org/blog/2023/10/10/http-2-rapid-reset-vulnerability-highlights-need-for-rapid-response/ Third Party Advisory
https://seanmonstar.com/post/730794151136935936/hyper-http2-rapid-reset-unaffected Third Party Advisory
https://security.gentoo.org/glsa/202311-09 Third Party Advisory
https://security.netapp.com/advisory/ntap-20231016-0001/ Third Party Advisory
https://security.netapp.com/advisory/ntap-20240426-0007/ Third Party Advisory
https://security.netapp.com/advisory/ntap-20240621-0006/ Third Party Advisory
https://security.netapp.com/advisory/ntap-20240621-0007/ Third Party Advisory
https://security.paloaltonetworks.com/CVE-2023-44487 Vendor Advisory
https://tomcat.apache.org/security-10.html#Fixed_in_Apache_Tomcat_10.1.14 Release Notes Vendor Advisory
https://ubuntu.com/security/CVE-2023-44487 Vendor Advisory
https://www.bleepingcomputer.com/news/security/new-http-2-rapid-reset-zero-day-attack-breaks-ddos-records/ Third Party Advisory
https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487 Third Party Advisory US Government Resource
https://www.darkreading.com/cloud/internet-wide-zero-day-bug-fuels-largest-ever-ddos-event Press/Media Coverage Third Party Advisory
https://www.debian.org/security/2023/dsa-5521 Vendor Advisory
https://www.debian.org/security/2023/dsa-5522 Vendor Advisory
https://www.debian.org/security/2023/dsa-5540 Third Party Advisory
https://www.debian.org/security/2023/dsa-5549 Third Party Advisory
https://www.debian.org/security/2023/dsa-5558 Third Party Advisory
https://www.debian.org/security/2023/dsa-5570 Third Party Advisory
https://www.haproxy.com/blog/haproxy-is-not-affected-by-the-http-2-rapid-reset-attack-cve-2023-44487 Vendor Advisory
https://www.netlify.com/blog/netlify-successfully-mitigates-cve-2023-44487/ Vendor Advisory
https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/ Mitigation Vendor Advisory
https://www.openwall.com/lists/oss-security/2023/10/10/6 Mailing List Third Party Advisory
https://www.phoronix.com/news/HTTP2-Rapid-Reset-Attack Press/Media Coverage
https://www.theregister.com/2023/10/10/http2_rapid_reset_zeroday/ Press/Media Coverage Third Party Advisory
http://www.openwall.com/lists/oss-security/2023/10/13/4 Mailing List Third Party Advisory
http://www.openwall.com/lists/oss-security/2023/10/13/9 Mailing List Third Party Advisory
http://www.openwall.com/lists/oss-security/2023/10/18/4 Mailing List Third Party Advisory
http://www.openwall.com/lists/oss-security/2023/10/18/8 Mailing List Third Party Advisory
http://www.openwall.com/lists/oss-security/2023/10/19/6 Mailing List Third Party Advisory
http://www.openwall.com/lists/oss-security/2023/10/20/8 Mailing List
https://access.redhat.com/security/cve/cve-2023-44487 Vendor Advisory
https://arstechnica.com/security/2023/10/how-ddosers-used-the-http-2-protocol-to-deliver-attacks-of-unprecedented-size/ Press/Media Coverage Third Party Advisory
https://aws.amazon.com/security/security-bulletins/AWS-2023-011/ Third Party Advisory
https://blog.cloudflare.com/technical-breakdown-http2-rapid-reset-ddos-attack/ Technical Description Vendor Advisory
https://blog.cloudflare.com/zero-day-rapid-reset-http2-record-breaking-ddos-attack/ Vendor Advisory
https://blog.litespeedtech.com/2023/10/11/rapid-reset-http-2-vulnerablilty/ Vendor Advisory
https://blog.qualys.com/vulnerabilities-threat-research/2023/10/10/cve-2023-44487-http-2-rapid-reset-attack Press/Media Coverage Third Party Advisory
https://blog.vespa.ai/cve-2023-44487/ Vendor Advisory
https://bugzilla.proxmox.com/show_bug.cgi?id=4988 Issue Tracking Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=2242803 Issue Tracking Vendor Advisory
https://bugzilla.suse.com/show_bug.cgi?id=1216123 Issue Tracking Vendor Advisory
https://cgit.freebsd.org/ports/commit/?id=c64c329c2c1752f46b73e3e6ce9f4329be6629f9 Mailing List Patch Vendor Advisory
https://cloud.google.com/blog/products/identity-security/google-cloud-mitigated-largest-ddos-attack-peaking-above-398-million-rps/ Technical Description Vendor Advisory
https://cloud.google.com/blog/products/identity-security/how-it-works-the-novel-http2-rapid-reset-ddos-attack Technical Description Vendor Advisory
https://community.traefik.io/t/is-traefik-vulnerable-to-cve-2023-44487/20125 Vendor Advisory
https://discuss.hashicorp.com/t/hcsec-2023-32-vault-consul-and-boundary-affected-by-http-2-rapid-reset-denial-of-service-vulnerability-cve-2023-44487/59715 Third Party Advisory
https://edg.io/lp/blog/resets-leaks-ddos-and-the-tale-of-a-hidden-cve Technical Description Third Party Advisory
https://forums.swift.org/t/swift-nio-http2-security-update-cve-2023-44487-http-2-dos/67764 Vendor Advisory
https://gist.github.com/adulau/7c2bfb8e9cdbe4b35a5e131c66a0c088 Third Party Advisory
https://github.com/Azure/AKS/issues/3947 Issue Tracking Vendor Advisory
https://github.com/Kong/kong/discussions/11741 Issue Tracking Vendor Advisory
https://github.com/advisories/GHSA-qppj-fm5r-hxr3 Vendor Advisory
https://github.com/advisories/GHSA-vx74-f528-fxqg Mitigation Patch Vendor Advisory
https://github.com/advisories/GHSA-xpw8-rcwv-8f8p Patch Vendor Advisory
https://github.com/akka/akka-http/issues/4323 Issue Tracking Vendor Advisory
https://github.com/alibaba/tengine/issues/1872 Issue Tracking Vendor Advisory
https://github.com/apache/apisix/issues/10320 Issue Tracking Vendor Advisory
https://github.com/apache/httpd-site/pull/10 Issue Tracking Vendor Advisory
https://github.com/apache/httpd/blob/afcdbeebbff4b0c50ea26cdd16e178c0d1f24152/modules/http2/h2_mplx.c#L1101-L1113 Product Third Party Advisory
https://github.com/apache/tomcat/tree/main/java/org/apache/coyote/http2 Product Third Party Advisory
https://github.com/apache/trafficserver/pull/10564 Patch Vendor Advisory
https://github.com/arkrwn/PoC/tree/main/CVE-2023-44487 Vendor Advisory
https://github.com/bcdannyboy/CVE-2023-44487 Third Party Advisory
https://github.com/caddyserver/caddy/issues/5877 Issue Tracking Vendor Advisory
https://github.com/caddyserver/caddy/releases/tag/v2.7.5 Release Notes Third Party Advisory
https://github.com/dotnet/announcements/issues/277 Mitigation Vendor Advisory
https://github.com/dotnet/core/blob/e4613450ea0da7fd2fc6b61dfb2c1c1dec1ce9ec/release-notes/6.0/6.0.23/6.0.23.md?plain=1#L73 Product Release Notes Vendor Advisory
https://github.com/eclipse/jetty.project/issues/10679 Issue Tracking Vendor Advisory
https://github.com/envoyproxy/envoy/pull/30055 Patch Vendor Advisory
https://github.com/etcd-io/etcd/issues/16740 Issue Tracking Patch Vendor Advisory
https://github.com/facebook/proxygen/pull/466 Patch Vendor Advisory
https://github.com/golang/go/issues/63417 Issue Tracking Vendor Advisory
https://github.com/grpc/grpc-go/pull/6703 Patch Vendor Advisory
https://github.com/h2o/h2o/pull/3291 Patch Third Party Advisory
https://github.com/h2o/h2o/security/advisories/GHSA-2m7v-gc89-fjqf Vendor Advisory
https://github.com/haproxy/haproxy/issues/2312 Issue Tracking Vendor Advisory
https://github.com/icing/mod_h2/blob/0a864782af0a942aa2ad4ed960a6b32cd35bcf0a/mod_http2/README.md?plain=1#L239-L244 Product Vendor Advisory
https://github.com/junkurihara/rust-rpxy/issues/97 Issue Tracking Vendor Advisory
https://github.com/kazu-yamamoto/http2/commit/f61d41a502bd0f60eb24e1ce14edc7b6df6722a1 Patch Third Party Advisory
https://github.com/kazu-yamamoto/http2/issues/93 Issue Tracking Third Party Advisory
https://github.com/kubernetes/kubernetes/pull/121120 Patch Vendor Advisory
https://github.com/line/armeria/pull/5232 Issue Tracking Patch Vendor Advisory
https://github.com/linkerd/website/pull/1695/commits/4b9c6836471bc8270ab48aae6fd2181bc73fd632 Vendor Advisory
https://github.com/micrictor/http2-rst-stream Exploit Third Party Advisory
https://github.com/microsoft/CBL-Mariner/pull/6381 Patch Vendor Advisory
https://github.com/netty/netty/commit/58f75f665aa81a8cbcf6ffa74820042a285c5e61 Patch Vendor Advisory
https://github.com/nghttp2/nghttp2/pull/1961 Patch Vendor Advisory
https://github.com/nghttp2/nghttp2/releases/tag/v1.57.0 Release Notes Third Party Advisory
https://github.com/ninenines/cowboy/issues/1615 Issue Tracking Vendor Advisory
https://github.com/nodejs/node/pull/50121 Vendor Advisory
https://github.com/openresty/openresty/issues/930 Issue Tracking Vendor Advisory
https://github.com/opensearch-project/data-prepper/issues/3474 Issue Tracking Patch Vendor Advisory
https://github.com/oqtane/oqtane.framework/discussions/3367 Issue Tracking Vendor Advisory
https://github.com/projectcontour/contour/pull/5826 Issue Tracking Patch Vendor Advisory
https://github.com/tempesta-tech/tempesta/issues/1986 Issue Tracking Vendor Advisory
https://github.com/varnishcache/varnish-cache/issues/3996 Issue Tracking Vendor Advisory
https://groups.google.com/g/golang-announce/c/iNNxDTCjZvo Mailing List Vendor Advisory
https://istio.io/latest/news/security/istio-security-2023-004/ Vendor Advisory
https://linkerd.io/2023/10/12/linkerd-cve-2023-44487/ Vendor Advisory
https://lists.apache.org/thread/5py8h42mxfsn8l1wy6o41xwhsjlsd87q Mailing List Vendor Advisory
https://lists.debian.org/debian-lts-announce/2023/10/msg00020.html Mailing List Third Party Advisory
https://lists.debian.org/debian-lts-announce/2023/10/msg00023.html Mailing List Third Party Advisory
https://lists.debian.org/debian-lts-announce/2023/10/msg00024.html Mailing List Third Party Advisory
https://lists.debian.org/debian-lts-announce/2023/10/msg00045.html Third Party Advisory
https://lists.debian.org/debian-lts-announce/2023/10/msg00047.html Third Party Advisory
https://lists.debian.org/debian-lts-announce/2023/11/msg00001.html Mailing List Third Party Advisory
https://lists.debian.org/debian-lts-announce/2023/11/msg00012.html Mailing List Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2MBEPPC36UBVOZZNAXFHKLFGSLCMN5LI/ Mailing List Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3N4NJ7FR4X4FPZUGNTQAPSTVB2HB2Y4A/ Mailing List Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BFQD3KUEMFBHPAPBGLWQC34L4OWL5HAZ/ Mailing List Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CLB4TW7KALB3EEQWNWCN7OUIWWVWWCG2/ Mailing List Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/E72T67UPDRXHIDLO3OROR25YAMN4GGW5/ Mailing List Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FNA62Q767CFAFHBCDKYNPBMZWB7TWYVU/ Mailing List Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HT7T2R4MQKLIF4ODV4BDLPARWFPCJ5CZ/ Mailing List Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JIZSEFC3YKCGABA2BZW6ZJRMDZJMB7PJ/ Mailing List Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JMEXY22BFG5Q64HQCM5CK2Q7KDKVV4TY/ Mailing List Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KSEGD2IWKNUO3DWY4KQGUQM5BISRWHQE/ Mailing List Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LKYHSZQFDNR7RSA7LHVLLIAQMVYCUGBG/ Mailing List Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LNMZJCDHGLJJLXO4OXWJMTVQRNWOC7UL/ Mailing List Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VHUHTSXLXGXS7JYKBXTA3VINUPHTNGVU/ Mailing List Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VSRDIV77HNKUSM7SJC5BKE5JSHLHU2NK/ Mailing List Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WE2I52RHNNU42PX6NZ2RBUHSFFJ2LVZX/ Mailing List Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WLPRQ5TWUQQXYWBJM7ECYDAIL2YVKIUH/ Mailing List Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X6QXN4ORIVF6XBW4WWFE7VNPVC74S45Y/ Mailing List Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XFOIBB4YFICHDM7IBOP7PWXW3FX4HLL2/ Mailing List Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZB43REMKRQR62NJEI7I5NQ4FSXNLBKRT/ Mailing List Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZKQSIKIAT5TJ3WSLU3RDBQ35YX4GY4V3/ Mailing List Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZLU6U2R2IC2K64NDPNMV55AUAO65MAF4/ Mailing List Third Party Advisory
https://lists.w3.org/Archives/Public/ietf-http-wg/2023OctDec/0025.html Mailing List Third Party Advisory
https://mailman.nginx.org/pipermail/nginx-devel/2023-October/S36Q5HBXR7CAIMPLLPRSSSYR4PCMWILK.html Mailing List Patch Third Party Advisory
https://martinthomson.github.io/h2-stream-limits/draft-thomson-httpbis-h2-stream-limits.html Third Party Advisory
https://msrc.microsoft.com/blog/2023/10/microsoft-response-to-distributed-denial-of-service-ddos-attacks-against-http/2/ Patch Vendor Advisory
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-44487 Mitigation Patch Vendor Advisory
https://my.f5.com/manage/s/article/K000137106 Vendor Advisory
https://netty.io/news/2023/10/10/4-1-100-Final.html Release Notes Vendor Advisory
https://news.ycombinator.com/item?id=37830987 Issue Tracking Third Party Advisory
https://news.ycombinator.com/item?id=37830998 Issue Tracking Press/Media Coverage
https://news.ycombinator.com/item?id=37831062 Issue Tracking Third Party Advisory
https://news.ycombinator.com/item?id=37837043 Issue Tracking
https://openssf.org/blog/2023/10/10/http-2-rapid-reset-vulnerability-highlights-need-for-rapid-response/ Third Party Advisory
https://seanmonstar.com/post/730794151136935936/hyper-http2-rapid-reset-unaffected Third Party Advisory
https://security.gentoo.org/glsa/202311-09 Third Party Advisory
https://security.netapp.com/advisory/ntap-20231016-0001/ Third Party Advisory
https://security.netapp.com/advisory/ntap-20240426-0007/ Third Party Advisory
https://security.netapp.com/advisory/ntap-20240621-0006/ Third Party Advisory
https://security.netapp.com/advisory/ntap-20240621-0007/ Third Party Advisory
https://security.paloaltonetworks.com/CVE-2023-44487 Vendor Advisory
https://tomcat.apache.org/security-10.html#Fixed_in_Apache_Tomcat_10.1.14 Release Notes Vendor Advisory
https://ubuntu.com/security/CVE-2023-44487 Vendor Advisory
https://www.bleepingcomputer.com/news/security/new-http-2-rapid-reset-zero-day-attack-breaks-ddos-records/ Third Party Advisory
https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487 Third Party Advisory US Government Resource
https://www.darkreading.com/cloud/internet-wide-zero-day-bug-fuels-largest-ever-ddos-event Press/Media Coverage Third Party Advisory
https://www.debian.org/security/2023/dsa-5521 Vendor Advisory
https://www.debian.org/security/2023/dsa-5522 Vendor Advisory
https://www.debian.org/security/2023/dsa-5540 Third Party Advisory
https://www.debian.org/security/2023/dsa-5549 Third Party Advisory
https://www.debian.org/security/2023/dsa-5558 Third Party Advisory
https://www.debian.org/security/2023/dsa-5570 Third Party Advisory
https://www.haproxy.com/blog/haproxy-is-not-affected-by-the-http-2-rapid-reset-attack-cve-2023-44487 Vendor Advisory
https://www.netlify.com/blog/netlify-successfully-mitigates-cve-2023-44487/ Vendor Advisory
https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/ Mitigation Vendor Advisory
https://www.openwall.com/lists/oss-security/2023/10/10/6 Mailing List Third Party Advisory
https://www.phoronix.com/news/HTTP2-Rapid-Reset-Attack Press/Media Coverage
https://www.theregister.com/2023/10/10/http2_rapid_reset_zeroday/ Press/Media Coverage Third Party Advisory
https://www.vicarius.io/vsociety/posts/rapid-reset-cve-2023-44487-dos-in-http2-understanding-the-root-cause
Configurations

Configuration 1 (hide)

cpe:2.3:a:ietf:http:2.0:*:*:*:*:*:*:*

Configuration 2 (hide)

cpe:2.3:a:nghttp2:nghttp2:*:*:*:*:*:*:*:*

Configuration 3 (hide)

cpe:2.3:a:netty:netty:*:*:*:*:*:*:*:*

Configuration 4 (hide)

OR cpe:2.3:a:envoyproxy:envoy:1.24.10:*:*:*:*:*:*:*
cpe:2.3:a:envoyproxy:envoy:1.25.9:*:*:*:*:*:*:*
cpe:2.3:a:envoyproxy:envoy:1.26.4:*:*:*:*:*:*:*
cpe:2.3:a:envoyproxy:envoy:1.27.0:*:*:*:*:*:*:*

Configuration 5 (hide)

OR cpe:2.3:a:eclipse:jetty:*:*:*:*:*:*:*:*
cpe:2.3:a:eclipse:jetty:*:*:*:*:*:*:*:*
cpe:2.3:a:eclipse:jetty:*:*:*:*:*:*:*:*
cpe:2.3:a:eclipse:jetty:*:*:*:*:*:*:*:*

Configuration 6 (hide)

cpe:2.3:a:caddyserver:caddy:*:*:*:*:*:*:*:*

Configuration 7 (hide)

OR cpe:2.3:a:golang:go:*:*:*:*:*:*:*:*
cpe:2.3:a:golang:go:*:*:*:*:*:*:*:*
cpe:2.3:a:golang:http2:*:*:*:*:*:go:*:*
cpe:2.3:a:golang:networking:*:*:*:*:*:go:*:*

Configuration 8 (hide)

OR cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*
cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*
cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*
cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*
cpe:2.3:a:f5:big-ip_access_policy_manager:17.1.0:*:*:*:*:*:*:*
cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*
cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*
cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*
cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*
cpe:2.3:a:f5:big-ip_advanced_firewall_manager:17.1.0:*:*:*:*:*:*:*
cpe:2.3:a:f5:big-ip_advanced_web_application_firewall:*:*:*:*:*:*:*:*
cpe:2.3:a:f5:big-ip_advanced_web_application_firewall:*:*:*:*:*:*:*:*
cpe:2.3:a:f5:big-ip_advanced_web_application_firewall:*:*:*:*:*:*:*:*
cpe:2.3:a:f5:big-ip_advanced_web_application_firewall:*:*:*:*:*:*:*:*
cpe:2.3:a:f5:big-ip_advanced_web_application_firewall:17.1.0:*:*:*:*:*:*:*
cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*
cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*
cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*
cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*
cpe:2.3:a:f5:big-ip_analytics:17.1.0:*:*:*:*:*:*:*
cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*
cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*
cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*
cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*
cpe:2.3:a:f5:big-ip_application_acceleration_manager:17.1.0:*:*:*:*:*:*:*
cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*
cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*
cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*
cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*
cpe:2.3:a:f5:big-ip_application_security_manager:17.1.0:*:*:*:*:*:*:*
cpe:2.3:a:f5:big-ip_application_visibility_and_reporting:*:*:*:*:*:*:*:*
cpe:2.3:a:f5:big-ip_application_visibility_and_reporting:*:*:*:*:*:*:*:*
cpe:2.3:a:f5:big-ip_application_visibility_and_reporting:*:*:*:*:*:*:*:*
cpe:2.3:a:f5:big-ip_application_visibility_and_reporting:*:*:*:*:*:*:*:*
cpe:2.3:a:f5:big-ip_application_visibility_and_reporting:17.1.0:*:*:*:*:*:*:*
cpe:2.3:a:f5:big-ip_carrier-grade_nat:*:*:*:*:*:*:*:*
cpe:2.3:a:f5:big-ip_carrier-grade_nat:*:*:*:*:*:*:*:*
cpe:2.3:a:f5:big-ip_carrier-grade_nat:*:*:*:*:*:*:*:*
cpe:2.3:a:f5:big-ip_carrier-grade_nat:*:*:*:*:*:*:*:*
cpe:2.3:a:f5:big-ip_carrier-grade_nat:17.1.0:*:*:*:*:*:*:*
cpe:2.3:a:f5:big-ip_ddos_hybrid_defender:*:*:*:*:*:*:*:*
cpe:2.3:a:f5:big-ip_ddos_hybrid_defender:*:*:*:*:*:*:*:*
cpe:2.3:a:f5:big-ip_ddos_hybrid_defender:*:*:*:*:*:*:*:*
cpe:2.3:a:f5:big-ip_ddos_hybrid_defender:*:*:*:*:*:*:*:*
cpe:2.3:a:f5:big-ip_ddos_hybrid_defender:17.1.0:*:*:*:*:*:*:*
cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*
cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*
cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*
cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*
cpe:2.3:a:f5:big-ip_domain_name_system:17.1.0:*:*:*:*:*:*:*
cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:*
cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:*
cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:*
cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:*
cpe:2.3:a:f5:big-ip_fraud_protection_service:17.1.0:*:*:*:*:*:*:*
cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*
cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*
cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*
cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*
cpe:2.3:a:f5:big-ip_global_traffic_manager:17.1.0:*:*:*:*:*:*:*
cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*
cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*
cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*
cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*
cpe:2.3:a:f5:big-ip_link_controller:17.1.0:*:*:*:*:*:*:*
cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*
cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*
cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*
cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*
cpe:2.3:a:f5:big-ip_local_traffic_manager:17.1.0:*:*:*:*:*:*:*
cpe:2.3:a:f5:big-ip_next:20.0.1:*:*:*:*:*:*:*
cpe:2.3:a:f5:big-ip_next_service_proxy_for_kubernetes:*:*:*:*:*:*:*:*
cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*
cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*
cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*
cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*
cpe:2.3:a:f5:big-ip_policy_enforcement_manager:17.1.0:*:*:*:*:*:*:*
cpe:2.3:a:f5:big-ip_ssl_orchestrator:*:*:*:*:*:*:*:*
cpe:2.3:a:f5:big-ip_ssl_orchestrator:*:*:*:*:*:*:*:*
cpe:2.3:a:f5:big-ip_ssl_orchestrator:*:*:*:*:*:*:*:*
cpe:2.3:a:f5:big-ip_ssl_orchestrator:*:*:*:*:*:*:*:*
cpe:2.3:a:f5:big-ip_ssl_orchestrator:17.1.0:*:*:*:*:*:*:*
cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:*
cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:*
cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:*
cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:*
cpe:2.3:a:f5:big-ip_webaccelerator:17.1.0:*:*:*:*:*:*:*
cpe:2.3:a:f5:big-ip_websafe:*:*:*:*:*:*:*:*
cpe:2.3:a:f5:big-ip_websafe:*:*:*:*:*:*:*:*
cpe:2.3:a:f5:big-ip_websafe:*:*:*:*:*:*:*:*
cpe:2.3:a:f5:big-ip_websafe:*:*:*:*:*:*:*:*
cpe:2.3:a:f5:big-ip_websafe:17.1.0:*:*:*:*:*:*:*
cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*
cpe:2.3:a:f5:nginx_ingress_controller:*:*:*:*:*:*:*:*
cpe:2.3:a:f5:nginx_ingress_controller:*:*:*:*:*:*:*:*
cpe:2.3:a:f5:nginx_plus:*:*:*:*:*:*:*:*
cpe:2.3:a:f5:nginx_plus:r29:-:*:*:*:*:*:*
cpe:2.3:a:f5:nginx_plus:r30:-:*:*:*:*:*:*

Configuration 9 (hide)

OR cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:11.0.0:milestone1:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:11.0.0:milestone10:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:11.0.0:milestone11:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:11.0.0:milestone2:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:11.0.0:milestone3:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:11.0.0:milestone4:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:11.0.0:milestone5:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:11.0.0:milestone6:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:11.0.0:milestone7:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:11.0.0:milestone8:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:11.0.0:milestone9:*:*:*:*:*:*

Configuration 10 (hide)

cpe:2.3:a:apple:swiftnio_http\/2:*:*:*:*:*:swift:*:*

Configuration 11 (hide)

OR cpe:2.3:a:grpc:grpc:*:*:*:*:*:go:*:*
cpe:2.3:a:grpc:grpc:*:*:*:*:*:-:*:*
cpe:2.3:a:grpc:grpc:*:*:*:*:*:go:*:*
cpe:2.3:a:grpc:grpc:1.57.0:-:*:*:*:go:*:*

Configuration 12 (hide)

OR cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:asp.net_core:*:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:asp.net_core:*:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:azure_kubernetes_service:*:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x64:*
cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x86:*
cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_11_21h2:*:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2022:-:*:*:*:*:*:*:*

Configuration 13 (hide)

OR cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:*
cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*

Configuration 14 (hide)

cpe:2.3:a:microsoft:cbl-mariner:*:*:*:*:*:*:*:*

Configuration 15 (hide)

cpe:2.3:a:dena:h2o:*:*:*:*:*:*:*:*

Configuration 16 (hide)

cpe:2.3:a:facebook:proxygen:*:*:*:*:*:*:*:*

Configuration 17 (hide)

OR cpe:2.3:a:apache:apisix:*:*:*:*:*:*:*:*
cpe:2.3:a:apache:traffic_server:*:*:*:*:*:*:*:*
cpe:2.3:a:apache:traffic_server:*:*:*:*:*:*:*:*

Configuration 18 (hide)

cpe:2.3:a:amazon:opensearch_data_prepper:*:*:*:*:*:*:*:*

Configuration 19 (hide)

OR cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:12.0:*:*:*:*:*:*:*

Configuration 20 (hide)

cpe:2.3:a:kazu-yamamoto:http2:*:*:*:*:*:*:*:*

Configuration 21 (hide)

OR cpe:2.3:a:istio:istio:*:*:*:*:*:*:*:*
cpe:2.3:a:istio:istio:*:*:*:*:*:*:*:*
cpe:2.3:a:istio:istio:*:*:*:*:*:*:*:*

Configuration 22 (hide)

cpe:2.3:a:varnish_cache_project:varnish_cache:*:*:*:*:*:*:*:*

Configuration 23 (hide)

OR cpe:2.3:a:traefik:traefik:*:*:*:*:*:*:*:*
cpe:2.3:a:traefik:traefik:3.0.0:beta1:*:*:*:*:*:*
cpe:2.3:a:traefik:traefik:3.0.0:beta2:*:*:*:*:*:*
cpe:2.3:a:traefik:traefik:3.0.0:beta3:*:*:*:*:*:*

Configuration 24 (hide)

cpe:2.3:a:projectcontour:contour:*:*:*:*:*:kubernetes:*:*

Configuration 25 (hide)

OR cpe:2.3:a:linkerd:linkerd:*:*:*:*:stable:kubernetes:*:*
cpe:2.3:a:linkerd:linkerd:2.13.0:*:*:*:stable:kubernetes:*:*
cpe:2.3:a:linkerd:linkerd:2.13.1:*:*:*:stable:kubernetes:*:*
cpe:2.3:a:linkerd:linkerd:2.14.0:*:*:*:stable:kubernetes:*:*
cpe:2.3:a:linkerd:linkerd:2.14.1:*:*:*:stable:kubernetes:*:*

Configuration 26 (hide)

cpe:2.3:a:linecorp:armeria:*:*:*:*:*:*:*:*

Configuration 27 (hide)

OR cpe:2.3:a:redhat:3scale_api_management_platform:2.0:*:*:*:*:*:*:*
cpe:2.3:a:redhat:advanced_cluster_management_for_kubernetes:2.0:*:*:*:*:*:*:*
cpe:2.3:a:redhat:advanced_cluster_security:3.0:*:*:*:*:*:*:*
cpe:2.3:a:redhat:advanced_cluster_security:4.0:*:*:*:*:*:*:*
cpe:2.3:a:redhat:ansible_automation_platform:2.0:*:*:*:*:*:*:*
cpe:2.3:a:redhat:build_of_optaplanner:8.0:*:*:*:*:*:*:*
cpe:2.3:a:redhat:build_of_quarkus:-:*:*:*:*:*:*:*
cpe:2.3:a:redhat:ceph_storage:5.0:*:*:*:*:*:*:*
cpe:2.3:a:redhat:cert-manager_operator_for_red_hat_openshift:-:*:*:*:*:*:*:*
cpe:2.3:a:redhat:certification_for_red_hat_enterprise_linux:8.0:*:*:*:*:*:*:*
cpe:2.3:a:redhat:certification_for_red_hat_enterprise_linux:9.0:*:*:*:*:*:*:*
cpe:2.3:a:redhat:cost_management:-:*:*:*:*:*:*:*
cpe:2.3:a:redhat:cryostat:2.0:*:*:*:*:*:*:*
cpe:2.3:a:redhat:decision_manager:7.0:*:*:*:*:*:*:*
cpe:2.3:a:redhat:fence_agents_remediation_operator:-:*:*:*:*:*:*:*
cpe:2.3:a:redhat:integration_camel_for_spring_boot:-:*:*:*:*:*:*:*
cpe:2.3:a:redhat:integration_camel_k:-:*:*:*:*:*:*:*
cpe:2.3:a:redhat:integration_service_registry:-:*:*:*:*:*:*:*
cpe:2.3:a:redhat:jboss_a-mq:7:*:*:*:*:*:*:*
cpe:2.3:a:redhat:jboss_a-mq_streams:-:*:*:*:*:*:*:*
cpe:2.3:a:redhat:jboss_core_services:-:*:*:*:*:*:*:*
cpe:2.3:a:redhat:jboss_data_grid:7.0.0:*:*:*:*:*:*:*
cpe:2.3:a:redhat:jboss_enterprise_application_platform:6.0.0:*:*:*:*:*:*:*
cpe:2.3:a:redhat:jboss_enterprise_application_platform:7.0.0:*:*:*:*:*:*:*
cpe:2.3:a:redhat:jboss_fuse:6.0.0:*:*:*:*:*:*:*
cpe:2.3:a:redhat:jboss_fuse:7.0.0:*:*:*:*:*:*:*
cpe:2.3:a:redhat:logging_subsystem_for_red_hat_openshift:-:*:*:*:*:*:*:*
cpe:2.3:a:redhat:machine_deletion_remediation_operator:-:*:*:*:*:*:*:*
cpe:2.3:a:redhat:migration_toolkit_for_applications:6.0:*:*:*:*:*:*:*
cpe:2.3:a:redhat:migration_toolkit_for_containers:-:*:*:*:*:*:*:*
cpe:2.3:a:redhat:migration_toolkit_for_virtualization:-:*:*:*:*:*:*:*
cpe:2.3:a:redhat:network_observability_operator:-:*:*:*:*:*:*:*
cpe:2.3:a:redhat:node_healthcheck_operator:-:*:*:*:*:*:*:*
cpe:2.3:a:redhat:node_maintenance_operator:-:*:*:*:*:*:*:*
cpe:2.3:a:redhat:openshift:-:*:*:*:*:aws:*:*
cpe:2.3:a:redhat:openshift_api_for_data_protection:-:*:*:*:*:*:*:*
cpe:2.3:a:redhat:openshift_container_platform:4.0:*:*:*:*:*:*:*
cpe:2.3:a:redhat:openshift_container_platform_assisted_installer:-:*:*:*:*:*:*:*
cpe:2.3:a:redhat:openshift_data_science:-:*:*:*:*:*:*:*
cpe:2.3:a:redhat:openshift_dev_spaces:-:*:*:*:*:*:*:*
cpe:2.3:a:redhat:openshift_developer_tools_and_services:-:*:*:*:*:*:*:*
cpe:2.3:a:redhat:openshift_distributed_tracing:-:*:*:*:*:*:*:*
cpe:2.3:a:redhat:openshift_gitops:-:*:*:*:*:*:*:*
cpe:2.3:a:redhat:openshift_pipelines:-:*:*:*:*:*:*:*
cpe:2.3:a:redhat:openshift_sandboxed_containers:-:*:*:*:*:*:*:*
cpe:2.3:a:redhat:openshift_secondary_scheduler_operator:-:*:*:*:*:*:*:*
cpe:2.3:a:redhat:openshift_serverless:-:*:*:*:*:*:*:*
cpe:2.3:a:redhat:openshift_service_mesh:2.0:*:*:*:*:*:*:*
cpe:2.3:a:redhat:openshift_virtualization:4:*:*:*:*:*:*:*
cpe:2.3:a:redhat:openstack_platform:16.1:*:*:*:*:*:*:*
cpe:2.3:a:redhat:openstack_platform:16.2:*:*:*:*:*:*:*
cpe:2.3:a:redhat:openstack_platform:17.1:*:*:*:*:*:*:*
cpe:2.3:a:redhat:process_automation:7.0:*:*:*:*:*:*:*
cpe:2.3:a:redhat:quay:3.0.0:*:*:*:*:*:*:*
cpe:2.3:a:redhat:run_once_duration_override_operator:-:*:*:*:*:*:*:*
cpe:2.3:a:redhat:satellite:6.0:*:*:*:*:*:*:*
cpe:2.3:a:redhat:self_node_remediation_operator:-:*:*:*:*:*:*:*
cpe:2.3:a:redhat:service_interconnect:1.0:*:*:*:*:*:*:*
cpe:2.3:a:redhat:single_sign-on:7.0:*:*:*:*:*:*:*
cpe:2.3:a:redhat:support_for_spring_boot:-:*:*:*:*:*:*:*
cpe:2.3:a:redhat:web_terminal:-:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*

Configuration 28 (hide)

AND
cpe:2.3:a:redhat:service_telemetry_framework:1.5:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*

Configuration 29 (hide)

OR cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*

Configuration 30 (hide)

OR cpe:2.3:a:netapp:astra_control_center:-:*:*:*:*:*:*:*
cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*

Configuration 31 (hide)

cpe:2.3:a:akka:http_server:*:*:*:*:*:*:*:*

Configuration 32 (hide)

cpe:2.3:a:konghq:kong_gateway:*:*:*:*:enterprise:*:*:*

Configuration 33 (hide)

OR cpe:2.3:a:jenkins:jenkins:*:*:*:*:lts:*:*:*
cpe:2.3:a:jenkins:jenkins:*:*:*:*:-:*:*:*

Configuration 34 (hide)

cpe:2.3:a:apache:solr:*:*:*:*:*:*:*:*

Configuration 35 (hide)

cpe:2.3:a:openresty:openresty:*:*:*:*:*:*:*:*

Configuration 36 (hide)

OR cpe:2.3:a:cisco:connected_mobile_experiences:*:*:*:*:*:*:*:*
cpe:2.3:a:cisco:crosswork_data_gateway:*:*:*:*:*:*:*:*
cpe:2.3:a:cisco:crosswork_data_gateway:5.0:*:*:*:*:*:*:*
cpe:2.3:a:cisco:crosswork_zero_touch_provisioning:*:*:*:*:*:*:*:*
cpe:2.3:a:cisco:data_center_network_manager:-:*:*:*:*:*:*:*
cpe:2.3:a:cisco:enterprise_chat_and_email:-:*:*:*:*:*:*:*
cpe:2.3:a:cisco:expressway:*:*:*:*:*:*:*:*
cpe:2.3:a:cisco:firepower_threat_defense:*:*:*:*:*:*:*:*
cpe:2.3:a:cisco:iot_field_network_director:*:*:*:*:*:*:*:*
cpe:2.3:a:cisco:prime_access_registrar:*:*:*:*:*:*:*:*
cpe:2.3:a:cisco:prime_cable_provisioning:*:*:*:*:*:*:*:*
cpe:2.3:a:cisco:prime_infrastructure:*:*:*:*:*:*:*:*
cpe:2.3:a:cisco:prime_network_registrar:*:*:*:*:*:*:*:*
cpe:2.3:a:cisco:secure_dynamic_attributes_connector:*:*:*:*:*:*:*:*
cpe:2.3:a:cisco:secure_malware_analytics:*:*:*:*:*:*:*:*
cpe:2.3:a:cisco:telepresence_video_communication_server:*:*:*:*:*:*:*:*
cpe:2.3:a:cisco:ultra_cloud_core_-_policy_control_function:*:*:*:*:*:*:*:*
cpe:2.3:a:cisco:ultra_cloud_core_-_policy_control_function:2024.01.0:*:*:*:*:*:*:*
cpe:2.3:a:cisco:ultra_cloud_core_-_serving_gateway_function:*:*:*:*:*:*:*:*
cpe:2.3:a:cisco:ultra_cloud_core_-_session_management_function:*:*:*:*:*:*:*:*
cpe:2.3:a:cisco:unified_attendant_console_advanced:-:*:*:*:*:*:*:*
cpe:2.3:a:cisco:unified_contact_center_domain_manager:-:*:*:*:*:*:*:*
cpe:2.3:a:cisco:unified_contact_center_enterprise:-:*:*:*:*:*:*:*
cpe:2.3:a:cisco:unified_contact_center_enterprise_-_live_data_server:*:*:*:*:*:*:*:*
cpe:2.3:a:cisco:unified_contact_center_management_portal:-:*:*:*:*:*:*:*
cpe:2.3:o:cisco:fog_director:*:*:*:*:*:*:*:*
cpe:2.3:o:cisco:ios_xe:*:*:*:*:*:*:*:*
cpe:2.3:o:cisco:ios_xr:*:*:*:*:*:*:*:*

Configuration 37 (hide)

AND
cpe:2.3:o:cisco:secure_web_appliance_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:cisco:secure_web_appliance:-:*:*:*:*:*:*:*

Configuration 38 (hide)

AND
OR cpe:2.3:o:cisco:nx-os:*:*:*:*:*:*:*:*
cpe:2.3:o:cisco:nx-os:*:*:*:*:*:*:*:*
OR cpe:2.3:h:cisco:nexus_3016:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:nexus_3016q:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:nexus_3048:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:nexus_3064:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:nexus_3064-32t:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:nexus_3064-t:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:nexus_3064-x:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:nexus_3064t:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:nexus_3064x:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:nexus_3100:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:nexus_3100-v:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:nexus_3100-z:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:nexus_3100v:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:nexus_31108pc-v:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:nexus_31108pv-v:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:nexus_31108tc-v:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:nexus_31128pq:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:nexus_3132c-z:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:nexus_3132q:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:nexus_3132q-v:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:nexus_3132q-x:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:nexus_3132q-x\/3132q-xl:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:nexus_3132q-xl:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:nexus_3164q:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:nexus_3172:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:nexus_3172pq:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:nexus_3172pq-xl:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:nexus_3172pq\/pq-xl:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:nexus_3172tq:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:nexus_3172tq-32t:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:nexus_3172tq-xl:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:nexus_3200:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:nexus_3232:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:nexus_3232c:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:nexus_3232c_:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:nexus_3264c-e:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:nexus_3264q:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:nexus_3400:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:nexus_3408-s:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:nexus_34180yc:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:nexus_34200yc-sm:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:nexus_3432d-s:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:nexus_3464c:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:nexus_3500:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:nexus_3524:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:nexus_3524-x:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:nexus_3524-x\/xl:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:nexus_3524-xl:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:nexus_3548:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:nexus_3548-x:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:nexus_3548-x\/xl:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:nexus_3548-xl:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:nexus_3600:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:nexus_36180yc-r:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:nexus_3636c-r:-:*:*:*:*:*:*:*

Configuration 39 (hide)

AND
OR cpe:2.3:o:cisco:nx-os:*:*:*:*:*:*:*:*
cpe:2.3:o:cisco:nx-os:*:*:*:*:*:*:*:*
OR cpe:2.3:h:cisco:nexus_9000v:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:nexus_9200:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:nexus_9200yc:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:nexus_92160yc-x:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:nexus_92160yc_switch:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:nexus_9221c:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:nexus_92300yc:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:nexus_92300yc_switch:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:nexus_92304qc:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:nexus_92304qc_switch:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:nexus_9232e:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:nexus_92348gc-x:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:nexus_9236c:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:nexus_9236c_switch:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:nexus_9272q:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:nexus_9272q_switch:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:nexus_9300:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:nexus_93108tc-ex:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:nexus_93108tc-ex-24:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:nexus_93108tc-ex_switch:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:nexus_93108tc-fx:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:nexus_93108tc-fx-24:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:nexus_93108tc-fx3h:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:nexus_93108tc-fx3p:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:nexus_93120tx:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:nexus_93120tx_switch:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:nexus_93128:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:nexus_93128tx:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:nexus_93128tx_switch:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:nexus_9316d-gx:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:nexus_93180lc-ex:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:nexus_93180lc-ex_switch:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:nexus_93180tc-ex:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:nexus_93180yc-ex:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:nexus_93180yc-ex-24:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:nexus_93180yc-ex_switch:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:nexus_93180yc-fx:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:nexus_93180yc-fx-24:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:nexus_93180yc-fx3:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:nexus_93180yc-fx3h:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:nexus_93180yc-fx3s:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:nexus_93216tc-fx2:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:nexus_93240tc-fx2:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:nexus_93240yc-fx2:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:nexus_9332c:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:nexus_9332d-gx2b:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:nexus_9332d-h2r:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:nexus_9332pq:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:nexus_9332pq_switch:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:nexus_93360yc-fx2:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:nexus_9336c-fx2:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:nexus_9336c-fx2-e:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:nexus_9336pq:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:nexus_9336pq_aci:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:nexus_9336pq_aci_spine:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:nexus_9336pq_aci_spine_switch:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:nexus_9348d-gx2a:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:nexus_9348gc-fx3:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:nexus_9348gc-fxp:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:nexus_93600cd-gx:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:nexus_9364c:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:nexus_9364c-gx:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:nexus_9364d-gx2a:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:nexus_9372px:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:nexus_9372px-e:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:nexus_9372px-e_switch:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:nexus_9372px_switch:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:nexus_9372tx:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:nexus_9372tx-e:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:nexus_9372tx-e_switch:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:nexus_9372tx_switch:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:nexus_9396px:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:nexus_9396px_switch:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:nexus_9396tx:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:nexus_9396tx_switch:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:nexus_9408:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:nexus_9432pq:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:nexus_9500:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:nexus_9500_16-slot:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:nexus_9500_4-slot:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:nexus_9500_8-slot:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:nexus_9500_supervisor_a:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:nexus_9500_supervisor_a\+:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:nexus_9500_supervisor_b:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:nexus_9500_supervisor_b\+:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:nexus_9500r:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:nexus_9504:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:nexus_9504_switch:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:nexus_9508:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:nexus_9508_switch:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:nexus_9516:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:nexus_9516_switch:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:nexus_9536pq:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:nexus_9636pq:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:nexus_9716d-gx:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:nexus_9736pq:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:nexus_9800:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:nexus_9804:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:nexus_9808:-:*:*:*:*:*:*:*

History

21 Nov 2024, 08:25

Type Values Removed Values Added
References
  • () https://www.vicarius.io/vsociety/posts/rapid-reset-cve-2023-44487-dos-in-http2-understanding-the-root-cause -
References () http://www.openwall.com/lists/oss-security/2023/10/13/4 - Mailing List, Third Party Advisory () http://www.openwall.com/lists/oss-security/2023/10/13/4 - Mailing List, Third Party Advisory
References () http://www.openwall.com/lists/oss-security/2023/10/13/9 - Mailing List, Third Party Advisory () http://www.openwall.com/lists/oss-security/2023/10/13/9 - Mailing List, Third Party Advisory
References () http://www.openwall.com/lists/oss-security/2023/10/18/4 - Mailing List, Third Party Advisory () http://www.openwall.com/lists/oss-security/2023/10/18/4 - Mailing List, Third Party Advisory
References () http://www.openwall.com/lists/oss-security/2023/10/18/8 - Mailing List, Third Party Advisory () http://www.openwall.com/lists/oss-security/2023/10/18/8 - Mailing List, Third Party Advisory
References () http://www.openwall.com/lists/oss-security/2023/10/19/6 - Mailing List, Third Party Advisory () http://www.openwall.com/lists/oss-security/2023/10/19/6 - Mailing List, Third Party Advisory
References () http://www.openwall.com/lists/oss-security/2023/10/20/8 - Mailing List () http://www.openwall.com/lists/oss-security/2023/10/20/8 - Mailing List
References () https://access.redhat.com/security/cve/cve-2023-44487 - Vendor Advisory () https://access.redhat.com/security/cve/cve-2023-44487 - Vendor Advisory
References () https://arstechnica.com/security/2023/10/how-ddosers-used-the-http-2-protocol-to-deliver-attacks-of-unprecedented-size/ - Press/Media Coverage, Third Party Advisory () https://arstechnica.com/security/2023/10/how-ddosers-used-the-http-2-protocol-to-deliver-attacks-of-unprecedented-size/ - Press/Media Coverage, Third Party Advisory
References () https://aws.amazon.com/security/security-bulletins/AWS-2023-011/ - Third Party Advisory () https://aws.amazon.com/security/security-bulletins/AWS-2023-011/ - Third Party Advisory
References () https://blog.cloudflare.com/technical-breakdown-http2-rapid-reset-ddos-attack/ - Technical Description, Vendor Advisory () https://blog.cloudflare.com/technical-breakdown-http2-rapid-reset-ddos-attack/ - Technical Description, Vendor Advisory
References () https://blog.cloudflare.com/zero-day-rapid-reset-http2-record-breaking-ddos-attack/ - Vendor Advisory () https://blog.cloudflare.com/zero-day-rapid-reset-http2-record-breaking-ddos-attack/ - Vendor Advisory
References () https://blog.litespeedtech.com/2023/10/11/rapid-reset-http-2-vulnerablilty/ - Vendor Advisory () https://blog.litespeedtech.com/2023/10/11/rapid-reset-http-2-vulnerablilty/ - Vendor Advisory
References () https://blog.qualys.com/vulnerabilities-threat-research/2023/10/10/cve-2023-44487-http-2-rapid-reset-attack - Press/Media Coverage, Third Party Advisory () https://blog.qualys.com/vulnerabilities-threat-research/2023/10/10/cve-2023-44487-http-2-rapid-reset-attack - Press/Media Coverage, Third Party Advisory
References () https://blog.vespa.ai/cve-2023-44487/ - Vendor Advisory () https://blog.vespa.ai/cve-2023-44487/ - Vendor Advisory
References () https://bugzilla.proxmox.com/show_bug.cgi?id=4988 - Issue Tracking, Third Party Advisory () https://bugzilla.proxmox.com/show_bug.cgi?id=4988 - Issue Tracking, Third Party Advisory
References () https://bugzilla.redhat.com/show_bug.cgi?id=2242803 - Issue Tracking, Vendor Advisory () https://bugzilla.redhat.com/show_bug.cgi?id=2242803 - Issue Tracking, Vendor Advisory
References () https://bugzilla.suse.com/show_bug.cgi?id=1216123 - Issue Tracking, Vendor Advisory () https://bugzilla.suse.com/show_bug.cgi?id=1216123 - Issue Tracking, Vendor Advisory
References () https://cgit.freebsd.org/ports/commit/?id=c64c329c2c1752f46b73e3e6ce9f4329be6629f9 - Mailing List, Patch, Vendor Advisory () https://cgit.freebsd.org/ports/commit/?id=c64c329c2c1752f46b73e3e6ce9f4329be6629f9 - Mailing List, Patch, Vendor Advisory
References () https://cloud.google.com/blog/products/identity-security/google-cloud-mitigated-largest-ddos-attack-peaking-above-398-million-rps/ - Technical Description, Vendor Advisory () https://cloud.google.com/blog/products/identity-security/google-cloud-mitigated-largest-ddos-attack-peaking-above-398-million-rps/ - Technical Description, Vendor Advisory
References () https://cloud.google.com/blog/products/identity-security/how-it-works-the-novel-http2-rapid-reset-ddos-attack - Technical Description, Vendor Advisory () https://cloud.google.com/blog/products/identity-security/how-it-works-the-novel-http2-rapid-reset-ddos-attack - Technical Description, Vendor Advisory
References () https://community.traefik.io/t/is-traefik-vulnerable-to-cve-2023-44487/20125 - Vendor Advisory () https://community.traefik.io/t/is-traefik-vulnerable-to-cve-2023-44487/20125 - Vendor Advisory
References () https://discuss.hashicorp.com/t/hcsec-2023-32-vault-consul-and-boundary-affected-by-http-2-rapid-reset-denial-of-service-vulnerability-cve-2023-44487/59715 - Third Party Advisory () https://discuss.hashicorp.com/t/hcsec-2023-32-vault-consul-and-boundary-affected-by-http-2-rapid-reset-denial-of-service-vulnerability-cve-2023-44487/59715 - Third Party Advisory
References () https://edg.io/lp/blog/resets-leaks-ddos-and-the-tale-of-a-hidden-cve - Technical Description, Third Party Advisory () https://edg.io/lp/blog/resets-leaks-ddos-and-the-tale-of-a-hidden-cve - Technical Description, Third Party Advisory
References () https://forums.swift.org/t/swift-nio-http2-security-update-cve-2023-44487-http-2-dos/67764 - Vendor Advisory () https://forums.swift.org/t/swift-nio-http2-security-update-cve-2023-44487-http-2-dos/67764 - Vendor Advisory
References () https://gist.github.com/adulau/7c2bfb8e9cdbe4b35a5e131c66a0c088 - Third Party Advisory () https://gist.github.com/adulau/7c2bfb8e9cdbe4b35a5e131c66a0c088 - Third Party Advisory
References () https://github.com/Azure/AKS/issues/3947 - Issue Tracking, Vendor Advisory () https://github.com/Azure/AKS/issues/3947 - Issue Tracking, Vendor Advisory
References () https://github.com/Kong/kong/discussions/11741 - Issue Tracking, Vendor Advisory () https://github.com/Kong/kong/discussions/11741 - Issue Tracking, Vendor Advisory
References () https://github.com/advisories/GHSA-qppj-fm5r-hxr3 - Vendor Advisory () https://github.com/advisories/GHSA-qppj-fm5r-hxr3 - Vendor Advisory
References () https://github.com/advisories/GHSA-vx74-f528-fxqg - Mitigation, Patch, Vendor Advisory () https://github.com/advisories/GHSA-vx74-f528-fxqg - Mitigation, Patch, Vendor Advisory
References () https://github.com/advisories/GHSA-xpw8-rcwv-8f8p - Patch, Vendor Advisory () https://github.com/advisories/GHSA-xpw8-rcwv-8f8p - Patch, Vendor Advisory
References () https://github.com/akka/akka-http/issues/4323 - Issue Tracking, Vendor Advisory () https://github.com/akka/akka-http/issues/4323 - Issue Tracking, Vendor Advisory
References () https://github.com/alibaba/tengine/issues/1872 - Issue Tracking, Vendor Advisory () https://github.com/alibaba/tengine/issues/1872 - Issue Tracking, Vendor Advisory
References () https://github.com/apache/apisix/issues/10320 - Issue Tracking, Vendor Advisory () https://github.com/apache/apisix/issues/10320 - Issue Tracking, Vendor Advisory
References () https://github.com/apache/httpd-site/pull/10 - Issue Tracking, Vendor Advisory () https://github.com/apache/httpd-site/pull/10 - Issue Tracking, Vendor Advisory
References () https://github.com/apache/httpd/blob/afcdbeebbff4b0c50ea26cdd16e178c0d1f24152/modules/http2/h2_mplx.c#L1101-L1113 - Product, Third Party Advisory () https://github.com/apache/httpd/blob/afcdbeebbff4b0c50ea26cdd16e178c0d1f24152/modules/http2/h2_mplx.c#L1101-L1113 - Product, Third Party Advisory
References () https://github.com/apache/tomcat/tree/main/java/org/apache/coyote/http2 - Product, Third Party Advisory () https://github.com/apache/tomcat/tree/main/java/org/apache/coyote/http2 - Product, Third Party Advisory
References () https://github.com/apache/trafficserver/pull/10564 - Patch, Vendor Advisory () https://github.com/apache/trafficserver/pull/10564 - Patch, Vendor Advisory
References () https://github.com/arkrwn/PoC/tree/main/CVE-2023-44487 - Vendor Advisory () https://github.com/arkrwn/PoC/tree/main/CVE-2023-44487 - Vendor Advisory
References () https://github.com/bcdannyboy/CVE-2023-44487 - Third Party Advisory () https://github.com/bcdannyboy/CVE-2023-44487 - Third Party Advisory
References () https://github.com/caddyserver/caddy/issues/5877 - Issue Tracking, Vendor Advisory () https://github.com/caddyserver/caddy/issues/5877 - Issue Tracking, Vendor Advisory
References () https://github.com/caddyserver/caddy/releases/tag/v2.7.5 - Release Notes, Third Party Advisory () https://github.com/caddyserver/caddy/releases/tag/v2.7.5 - Release Notes, Third Party Advisory
References () https://github.com/dotnet/announcements/issues/277 - Mitigation, Vendor Advisory () https://github.com/dotnet/announcements/issues/277 - Mitigation, Vendor Advisory
References () https://github.com/dotnet/core/blob/e4613450ea0da7fd2fc6b61dfb2c1c1dec1ce9ec/release-notes/6.0/6.0.23/6.0.23.md?plain=1#L73 - Product, Release Notes, Vendor Advisory () https://github.com/dotnet/core/blob/e4613450ea0da7fd2fc6b61dfb2c1c1dec1ce9ec/release-notes/6.0/6.0.23/6.0.23.md?plain=1#L73 - Product, Release Notes, Vendor Advisory
References () https://github.com/eclipse/jetty.project/issues/10679 - Issue Tracking, Vendor Advisory () https://github.com/eclipse/jetty.project/issues/10679 - Issue Tracking, Vendor Advisory
References () https://github.com/envoyproxy/envoy/pull/30055 - Patch, Vendor Advisory () https://github.com/envoyproxy/envoy/pull/30055 - Patch, Vendor Advisory
References () https://github.com/etcd-io/etcd/issues/16740 - Issue Tracking, Patch, Vendor Advisory () https://github.com/etcd-io/etcd/issues/16740 - Issue Tracking, Patch, Vendor Advisory
References () https://github.com/facebook/proxygen/pull/466 - Patch, Vendor Advisory () https://github.com/facebook/proxygen/pull/466 - Patch, Vendor Advisory
References () https://github.com/golang/go/issues/63417 - Issue Tracking, Vendor Advisory () https://github.com/golang/go/issues/63417 - Issue Tracking, Vendor Advisory
References () https://github.com/grpc/grpc-go/pull/6703 - Patch, Vendor Advisory () https://github.com/grpc/grpc-go/pull/6703 - Patch, Vendor Advisory
References () https://github.com/h2o/h2o/pull/3291 - Patch, Third Party Advisory () https://github.com/h2o/h2o/pull/3291 - Patch, Third Party Advisory
References () https://github.com/h2o/h2o/security/advisories/GHSA-2m7v-gc89-fjqf - Vendor Advisory () https://github.com/h2o/h2o/security/advisories/GHSA-2m7v-gc89-fjqf - Vendor Advisory
References () https://github.com/haproxy/haproxy/issues/2312 - Issue Tracking, Vendor Advisory () https://github.com/haproxy/haproxy/issues/2312 - Issue Tracking, Vendor Advisory
References () https://github.com/icing/mod_h2/blob/0a864782af0a942aa2ad4ed960a6b32cd35bcf0a/mod_http2/README.md?plain=1#L239-L244 - Product, Vendor Advisory () https://github.com/icing/mod_h2/blob/0a864782af0a942aa2ad4ed960a6b32cd35bcf0a/mod_http2/README.md?plain=1#L239-L244 - Product, Vendor Advisory
References () https://github.com/junkurihara/rust-rpxy/issues/97 - Issue Tracking, Vendor Advisory () https://github.com/junkurihara/rust-rpxy/issues/97 - Issue Tracking, Vendor Advisory
References () https://github.com/kazu-yamamoto/http2/commit/f61d41a502bd0f60eb24e1ce14edc7b6df6722a1 - Patch, Third Party Advisory () https://github.com/kazu-yamamoto/http2/commit/f61d41a502bd0f60eb24e1ce14edc7b6df6722a1 - Patch, Third Party Advisory
References () https://github.com/kazu-yamamoto/http2/issues/93 - Issue Tracking, Third Party Advisory () https://github.com/kazu-yamamoto/http2/issues/93 - Issue Tracking, Third Party Advisory
References () https://github.com/kubernetes/kubernetes/pull/121120 - Patch, Vendor Advisory () https://github.com/kubernetes/kubernetes/pull/121120 - Patch, Vendor Advisory
References () https://github.com/line/armeria/pull/5232 - Issue Tracking, Patch, Vendor Advisory () https://github.com/line/armeria/pull/5232 - Issue Tracking, Patch, Vendor Advisory
References () https://github.com/linkerd/website/pull/1695/commits/4b9c6836471bc8270ab48aae6fd2181bc73fd632 - Vendor Advisory () https://github.com/linkerd/website/pull/1695/commits/4b9c6836471bc8270ab48aae6fd2181bc73fd632 - Vendor Advisory
References () https://github.com/micrictor/http2-rst-stream - Exploit, Third Party Advisory () https://github.com/micrictor/http2-rst-stream - Exploit, Third Party Advisory
References () https://github.com/microsoft/CBL-Mariner/pull/6381 - Patch, Vendor Advisory () https://github.com/microsoft/CBL-Mariner/pull/6381 - Patch, Vendor Advisory
References () https://github.com/netty/netty/commit/58f75f665aa81a8cbcf6ffa74820042a285c5e61 - Patch, Vendor Advisory () https://github.com/netty/netty/commit/58f75f665aa81a8cbcf6ffa74820042a285c5e61 - Patch, Vendor Advisory
References () https://github.com/nghttp2/nghttp2/pull/1961 - Patch, Vendor Advisory () https://github.com/nghttp2/nghttp2/pull/1961 - Patch, Vendor Advisory
References () https://github.com/nghttp2/nghttp2/releases/tag/v1.57.0 - Release Notes, Third Party Advisory () https://github.com/nghttp2/nghttp2/releases/tag/v1.57.0 - Release Notes, Third Party Advisory
References () https://github.com/ninenines/cowboy/issues/1615 - Issue Tracking, Vendor Advisory () https://github.com/ninenines/cowboy/issues/1615 - Issue Tracking, Vendor Advisory
References () https://github.com/nodejs/node/pull/50121 - Vendor Advisory () https://github.com/nodejs/node/pull/50121 - Vendor Advisory
References () https://github.com/openresty/openresty/issues/930 - Issue Tracking, Vendor Advisory () https://github.com/openresty/openresty/issues/930 - Issue Tracking, Vendor Advisory
References () https://github.com/opensearch-project/data-prepper/issues/3474 - Issue Tracking, Patch, Vendor Advisory () https://github.com/opensearch-project/data-prepper/issues/3474 - Issue Tracking, Patch, Vendor Advisory
References () https://github.com/oqtane/oqtane.framework/discussions/3367 - Issue Tracking, Vendor Advisory () https://github.com/oqtane/oqtane.framework/discussions/3367 - Issue Tracking, Vendor Advisory
References () https://github.com/projectcontour/contour/pull/5826 - Issue Tracking, Patch, Vendor Advisory () https://github.com/projectcontour/contour/pull/5826 - Issue Tracking, Patch, Vendor Advisory
References () https://github.com/tempesta-tech/tempesta/issues/1986 - Issue Tracking, Vendor Advisory () https://github.com/tempesta-tech/tempesta/issues/1986 - Issue Tracking, Vendor Advisory
References () https://github.com/varnishcache/varnish-cache/issues/3996 - Issue Tracking, Vendor Advisory () https://github.com/varnishcache/varnish-cache/issues/3996 - Issue Tracking, Vendor Advisory
References () https://groups.google.com/g/golang-announce/c/iNNxDTCjZvo - Mailing List, Vendor Advisory () https://groups.google.com/g/golang-announce/c/iNNxDTCjZvo - Mailing List, Vendor Advisory
References () https://istio.io/latest/news/security/istio-security-2023-004/ - Vendor Advisory () https://istio.io/latest/news/security/istio-security-2023-004/ - Vendor Advisory
References () https://linkerd.io/2023/10/12/linkerd-cve-2023-44487/ - Vendor Advisory () https://linkerd.io/2023/10/12/linkerd-cve-2023-44487/ - Vendor Advisory
References () https://lists.apache.org/thread/5py8h42mxfsn8l1wy6o41xwhsjlsd87q - Mailing List, Vendor Advisory () https://lists.apache.org/thread/5py8h42mxfsn8l1wy6o41xwhsjlsd87q - Mailing List, Vendor Advisory
References () https://lists.debian.org/debian-lts-announce/2023/10/msg00020.html - Mailing List, Third Party Advisory () https://lists.debian.org/debian-lts-announce/2023/10/msg00020.html - Mailing List, Third Party Advisory
References () https://lists.debian.org/debian-lts-announce/2023/10/msg00023.html - Mailing List, Third Party Advisory () https://lists.debian.org/debian-lts-announce/2023/10/msg00023.html - Mailing List, Third Party Advisory
References () https://lists.debian.org/debian-lts-announce/2023/10/msg00024.html - Mailing List, Third Party Advisory () https://lists.debian.org/debian-lts-announce/2023/10/msg00024.html - Mailing List, Third Party Advisory
References () https://lists.debian.org/debian-lts-announce/2023/10/msg00045.html - Third Party Advisory () https://lists.debian.org/debian-lts-announce/2023/10/msg00045.html - Third Party Advisory
References () https://lists.debian.org/debian-lts-announce/2023/10/msg00047.html - Third Party Advisory () https://lists.debian.org/debian-lts-announce/2023/10/msg00047.html - Third Party Advisory
References () https://lists.debian.org/debian-lts-announce/2023/11/msg00001.html - Mailing List, Third Party Advisory () https://lists.debian.org/debian-lts-announce/2023/11/msg00001.html - Mailing List, Third Party Advisory
References () https://lists.debian.org/debian-lts-announce/2023/11/msg00012.html - Mailing List, Third Party Advisory () https://lists.debian.org/debian-lts-announce/2023/11/msg00012.html - Mailing List, Third Party Advisory
References () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2MBEPPC36UBVOZZNAXFHKLFGSLCMN5LI/ - Mailing List, Third Party Advisory () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2MBEPPC36UBVOZZNAXFHKLFGSLCMN5LI/ - Mailing List, Third Party Advisory
References () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3N4NJ7FR4X4FPZUGNTQAPSTVB2HB2Y4A/ - Mailing List, Third Party Advisory () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3N4NJ7FR4X4FPZUGNTQAPSTVB2HB2Y4A/ - Mailing List, Third Party Advisory
References () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BFQD3KUEMFBHPAPBGLWQC34L4OWL5HAZ/ - Mailing List, Third Party Advisory () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BFQD3KUEMFBHPAPBGLWQC34L4OWL5HAZ/ - Mailing List, Third Party Advisory
References () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CLB4TW7KALB3EEQWNWCN7OUIWWVWWCG2/ - Mailing List, Third Party Advisory () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CLB4TW7KALB3EEQWNWCN7OUIWWVWWCG2/ - Mailing List, Third Party Advisory
References () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/E72T67UPDRXHIDLO3OROR25YAMN4GGW5/ - Mailing List, Third Party Advisory () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/E72T67UPDRXHIDLO3OROR25YAMN4GGW5/ - Mailing List, Third Party Advisory
References () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FNA62Q767CFAFHBCDKYNPBMZWB7TWYVU/ - Mailing List, Third Party Advisory () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FNA62Q767CFAFHBCDKYNPBMZWB7TWYVU/ - Mailing List, Third Party Advisory
References () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HT7T2R4MQKLIF4ODV4BDLPARWFPCJ5CZ/ - Mailing List, Third Party Advisory () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HT7T2R4MQKLIF4ODV4BDLPARWFPCJ5CZ/ - Mailing List, Third Party Advisory
References () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JIZSEFC3YKCGABA2BZW6ZJRMDZJMB7PJ/ - Mailing List, Third Party Advisory () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JIZSEFC3YKCGABA2BZW6ZJRMDZJMB7PJ/ - Mailing List, Third Party Advisory
References () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JMEXY22BFG5Q64HQCM5CK2Q7KDKVV4TY/ - Mailing List, Third Party Advisory () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JMEXY22BFG5Q64HQCM5CK2Q7KDKVV4TY/ - Mailing List, Third Party Advisory
References () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KSEGD2IWKNUO3DWY4KQGUQM5BISRWHQE/ - Mailing List, Third Party Advisory () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KSEGD2IWKNUO3DWY4KQGUQM5BISRWHQE/ - Mailing List, Third Party Advisory
References () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LKYHSZQFDNR7RSA7LHVLLIAQMVYCUGBG/ - Mailing List, Third Party Advisory () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LKYHSZQFDNR7RSA7LHVLLIAQMVYCUGBG/ - Mailing List, Third Party Advisory
References () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LNMZJCDHGLJJLXO4OXWJMTVQRNWOC7UL/ - Mailing List, Third Party Advisory () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LNMZJCDHGLJJLXO4OXWJMTVQRNWOC7UL/ - Mailing List, Third Party Advisory
References () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VHUHTSXLXGXS7JYKBXTA3VINUPHTNGVU/ - Mailing List, Third Party Advisory () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VHUHTSXLXGXS7JYKBXTA3VINUPHTNGVU/ - Mailing List, Third Party Advisory
References () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VSRDIV77HNKUSM7SJC5BKE5JSHLHU2NK/ - Mailing List, Third Party Advisory () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VSRDIV77HNKUSM7SJC5BKE5JSHLHU2NK/ - Mailing List, Third Party Advisory
References () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WE2I52RHNNU42PX6NZ2RBUHSFFJ2LVZX/ - Mailing List, Third Party Advisory () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WE2I52RHNNU42PX6NZ2RBUHSFFJ2LVZX/ - Mailing List, Third Party Advisory
References () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WLPRQ5TWUQQXYWBJM7ECYDAIL2YVKIUH/ - Mailing List, Third Party Advisory () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WLPRQ5TWUQQXYWBJM7ECYDAIL2YVKIUH/ - Mailing List, Third Party Advisory
References () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X6QXN4ORIVF6XBW4WWFE7VNPVC74S45Y/ - Mailing List, Third Party Advisory () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X6QXN4ORIVF6XBW4WWFE7VNPVC74S45Y/ - Mailing List, Third Party Advisory
References () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XFOIBB4YFICHDM7IBOP7PWXW3FX4HLL2/ - Mailing List, Third Party Advisory () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XFOIBB4YFICHDM7IBOP7PWXW3FX4HLL2/ - Mailing List, Third Party Advisory
References () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZB43REMKRQR62NJEI7I5NQ4FSXNLBKRT/ - Mailing List, Third Party Advisory () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZB43REMKRQR62NJEI7I5NQ4FSXNLBKRT/ - Mailing List, Third Party Advisory
References () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZKQSIKIAT5TJ3WSLU3RDBQ35YX4GY4V3/ - Mailing List, Third Party Advisory () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZKQSIKIAT5TJ3WSLU3RDBQ35YX4GY4V3/ - Mailing List, Third Party Advisory
References () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZLU6U2R2IC2K64NDPNMV55AUAO65MAF4/ - Mailing List, Third Party Advisory () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZLU6U2R2IC2K64NDPNMV55AUAO65MAF4/ - Mailing List, Third Party Advisory
References () https://lists.w3.org/Archives/Public/ietf-http-wg/2023OctDec/0025.html - Mailing List, Third Party Advisory () https://lists.w3.org/Archives/Public/ietf-http-wg/2023OctDec/0025.html - Mailing List, Third Party Advisory
References () https://mailman.nginx.org/pipermail/nginx-devel/2023-October/S36Q5HBXR7CAIMPLLPRSSSYR4PCMWILK.html - Mailing List, Patch, Third Party Advisory () https://mailman.nginx.org/pipermail/nginx-devel/2023-October/S36Q5HBXR7CAIMPLLPRSSSYR4PCMWILK.html - Mailing List, Patch, Third Party Advisory
References () https://martinthomson.github.io/h2-stream-limits/draft-thomson-httpbis-h2-stream-limits.html - Third Party Advisory () https://martinthomson.github.io/h2-stream-limits/draft-thomson-httpbis-h2-stream-limits.html - Third Party Advisory
References () https://msrc.microsoft.com/blog/2023/10/microsoft-response-to-distributed-denial-of-service-ddos-attacks-against-http/2/ - Patch, Vendor Advisory () https://msrc.microsoft.com/blog/2023/10/microsoft-response-to-distributed-denial-of-service-ddos-attacks-against-http/2/ - Patch, Vendor Advisory
References () https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-44487 - Mitigation, Patch, Vendor Advisory () https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-44487 - Mitigation, Patch, Vendor Advisory
References () https://my.f5.com/manage/s/article/K000137106 - Vendor Advisory () https://my.f5.com/manage/s/article/K000137106 - Vendor Advisory
References () https://netty.io/news/2023/10/10/4-1-100-Final.html - Release Notes, Vendor Advisory () https://netty.io/news/2023/10/10/4-1-100-Final.html - Release Notes, Vendor Advisory
References () https://news.ycombinator.com/item?id=37830987 - Issue Tracking, Third Party Advisory () https://news.ycombinator.com/item?id=37830987 - Issue Tracking, Third Party Advisory
References () https://news.ycombinator.com/item?id=37830998 - Issue Tracking, Press/Media Coverage () https://news.ycombinator.com/item?id=37830998 - Issue Tracking, Press/Media Coverage
References () https://news.ycombinator.com/item?id=37831062 - Issue Tracking, Third Party Advisory () https://news.ycombinator.com/item?id=37831062 - Issue Tracking, Third Party Advisory
References () https://news.ycombinator.com/item?id=37837043 - Issue Tracking () https://news.ycombinator.com/item?id=37837043 - Issue Tracking
References () https://openssf.org/blog/2023/10/10/http-2-rapid-reset-vulnerability-highlights-need-for-rapid-response/ - Third Party Advisory () https://openssf.org/blog/2023/10/10/http-2-rapid-reset-vulnerability-highlights-need-for-rapid-response/ - Third Party Advisory
References () https://seanmonstar.com/post/730794151136935936/hyper-http2-rapid-reset-unaffected - Third Party Advisory () https://seanmonstar.com/post/730794151136935936/hyper-http2-rapid-reset-unaffected - Third Party Advisory
References () https://security.gentoo.org/glsa/202311-09 - Third Party Advisory () https://security.gentoo.org/glsa/202311-09 - Third Party Advisory
References () https://security.netapp.com/advisory/ntap-20231016-0001/ - Third Party Advisory () https://security.netapp.com/advisory/ntap-20231016-0001/ - Third Party Advisory
References () https://security.netapp.com/advisory/ntap-20240426-0007/ - Third Party Advisory () https://security.netapp.com/advisory/ntap-20240426-0007/ - Third Party Advisory
References () https://security.netapp.com/advisory/ntap-20240621-0006/ - Third Party Advisory () https://security.netapp.com/advisory/ntap-20240621-0006/ - Third Party Advisory
References () https://security.netapp.com/advisory/ntap-20240621-0007/ - Third Party Advisory () https://security.netapp.com/advisory/ntap-20240621-0007/ - Third Party Advisory
References () https://security.paloaltonetworks.com/CVE-2023-44487 - Vendor Advisory () https://security.paloaltonetworks.com/CVE-2023-44487 - Vendor Advisory
References () https://tomcat.apache.org/security-10.html#Fixed_in_Apache_Tomcat_10.1.14 - Release Notes, Vendor Advisory () https://tomcat.apache.org/security-10.html#Fixed_in_Apache_Tomcat_10.1.14 - Release Notes, Vendor Advisory
References () https://ubuntu.com/security/CVE-2023-44487 - Vendor Advisory () https://ubuntu.com/security/CVE-2023-44487 - Vendor Advisory
References () https://www.bleepingcomputer.com/news/security/new-http-2-rapid-reset-zero-day-attack-breaks-ddos-records/ - Third Party Advisory () https://www.bleepingcomputer.com/news/security/new-http-2-rapid-reset-zero-day-attack-breaks-ddos-records/ - Third Party Advisory
References () https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487 - Third Party Advisory, US Government Resource () https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487 - Third Party Advisory, US Government Resource
References () https://www.darkreading.com/cloud/internet-wide-zero-day-bug-fuels-largest-ever-ddos-event - Press/Media Coverage, Third Party Advisory () https://www.darkreading.com/cloud/internet-wide-zero-day-bug-fuels-largest-ever-ddos-event - Press/Media Coverage, Third Party Advisory
References () https://www.debian.org/security/2023/dsa-5521 - Vendor Advisory () https://www.debian.org/security/2023/dsa-5521 - Vendor Advisory
References () https://www.debian.org/security/2023/dsa-5522 - Vendor Advisory () https://www.debian.org/security/2023/dsa-5522 - Vendor Advisory
References () https://www.debian.org/security/2023/dsa-5540 - Third Party Advisory () https://www.debian.org/security/2023/dsa-5540 - Third Party Advisory
References () https://www.debian.org/security/2023/dsa-5549 - Third Party Advisory () https://www.debian.org/security/2023/dsa-5549 - Third Party Advisory
References () https://www.debian.org/security/2023/dsa-5558 - Third Party Advisory () https://www.debian.org/security/2023/dsa-5558 - Third Party Advisory
References () https://www.debian.org/security/2023/dsa-5570 - Third Party Advisory () https://www.debian.org/security/2023/dsa-5570 - Third Party Advisory
References () https://www.haproxy.com/blog/haproxy-is-not-affected-by-the-http-2-rapid-reset-attack-cve-2023-44487 - Vendor Advisory () https://www.haproxy.com/blog/haproxy-is-not-affected-by-the-http-2-rapid-reset-attack-cve-2023-44487 - Vendor Advisory
References () https://www.netlify.com/blog/netlify-successfully-mitigates-cve-2023-44487/ - Vendor Advisory () https://www.netlify.com/blog/netlify-successfully-mitigates-cve-2023-44487/ - Vendor Advisory
References () https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/ - Mitigation, Vendor Advisory () https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/ - Mitigation, Vendor Advisory
References () https://www.openwall.com/lists/oss-security/2023/10/10/6 - Mailing List, Third Party Advisory () https://www.openwall.com/lists/oss-security/2023/10/10/6 - Mailing List, Third Party Advisory
References () https://www.phoronix.com/news/HTTP2-Rapid-Reset-Attack - Press/Media Coverage () https://www.phoronix.com/news/HTTP2-Rapid-Reset-Attack - Press/Media Coverage
References () https://www.theregister.com/2023/10/10/http2_rapid_reset_zeroday/ - Press/Media Coverage, Third Party Advisory () https://www.theregister.com/2023/10/10/http2_rapid_reset_zeroday/ - Press/Media Coverage, Third Party Advisory

14 Aug 2024, 19:57

Type Values Removed Values Added
CWE NVD-CWE-noinfo

27 Jun 2024, 18:34

Type Values Removed Values Added
CPE cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*
First Time Netapp oncommand Insight
References () https://aws.amazon.com/security/security-bulletins/AWS-2023-011/ - Vendor Advisory () https://aws.amazon.com/security/security-bulletins/AWS-2023-011/ - Third Party Advisory
References () https://security.netapp.com/advisory/ntap-20240426-0007/ - () https://security.netapp.com/advisory/ntap-20240426-0007/ - Third Party Advisory
References () https://security.netapp.com/advisory/ntap-20240621-0006/ - () https://security.netapp.com/advisory/ntap-20240621-0006/ - Third Party Advisory
References () https://security.netapp.com/advisory/ntap-20240621-0007/ - () https://security.netapp.com/advisory/ntap-20240621-0007/ - Third Party Advisory

21 Jun 2024, 19:15

Type Values Removed Values Added
References
  • () https://security.netapp.com/advisory/ntap-20240621-0006/ -
  • () https://security.netapp.com/advisory/ntap-20240621-0007/ -

26 Apr 2024, 09:15

Type Values Removed Values Added
References
  • () https://security.netapp.com/advisory/ntap-20240426-0007/ -

20 Dec 2023, 17:55

Type Values Removed Values Added
References () https://www.debian.org/security/2023/dsa-5570 - () https://www.debian.org/security/2023/dsa-5570 - Third Party Advisory
CPE cpe:2.3:a:openresty:openresty:*:*:*:*:*:*:*:*

02 Dec 2023, 01:15

Type Values Removed Values Added
References
  • () https://www.debian.org/security/2023/dsa-5570 -

01 Dec 2023, 14:22

Type Values Removed Values Added
CPE cpe:2.3:a:grpc:grpc:*:*:*:*:*:-:*:*
References (MISC) https://cgit.freebsd.org/ports/commit/?id=c64c329c2c1752f46b73e3e6ce9f4329be6629f9 - Mailing List, Patch (MISC) https://cgit.freebsd.org/ports/commit/?id=c64c329c2c1752f46b73e3e6ce9f4329be6629f9 - Mailing List, Patch, Vendor Advisory
References (MISC) https://www.darkreading.com/cloud/internet-wide-zero-day-bug-fuels-largest-ever-ddos-event - Press/Media Coverage (MISC) https://www.darkreading.com/cloud/internet-wide-zero-day-bug-fuels-largest-ever-ddos-event - Press/Media Coverage, Third Party Advisory
References (MISC) https://github.com/nghttp2/nghttp2/releases/tag/v1.57.0 - Release Notes (MISC) https://github.com/nghttp2/nghttp2/releases/tag/v1.57.0 - Release Notes, Third Party Advisory
References (MISC) https://github.com/apache/httpd/blob/afcdbeebbff4b0c50ea26cdd16e178c0d1f24152/modules/http2/h2_mplx.c#L1101-L1113 - Product (MISC) https://github.com/apache/httpd/blob/afcdbeebbff4b0c50ea26cdd16e178c0d1f24152/modules/http2/h2_mplx.c#L1101-L1113 - Product, Third Party Advisory
References () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VHUHTSXLXGXS7JYKBXTA3VINUPHTNGVU/ - () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VHUHTSXLXGXS7JYKBXTA3VINUPHTNGVU/ - Mailing List, Third Party Advisory
References (MLIST) https://lists.debian.org/debian-lts-announce/2023/10/msg00020.html - Mailing List (MLIST) https://lists.debian.org/debian-lts-announce/2023/10/msg00020.html - Mailing List, Third Party Advisory
References () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LNMZJCDHGLJJLXO4OXWJMTVQRNWOC7UL/ - () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LNMZJCDHGLJJLXO4OXWJMTVQRNWOC7UL/ - Mailing List, Third Party Advisory
References (MISC) https://github.com/kazu-yamamoto/http2/issues/93 - Issue Tracking (MISC) https://github.com/kazu-yamamoto/http2/issues/93 - Issue Tracking, Third Party Advisory
References (DEBIAN) https://www.debian.org/security/2023/dsa-5540 - (DEBIAN) https://www.debian.org/security/2023/dsa-5540 - Third Party Advisory
References () https://www.debian.org/security/2023/dsa-5558 - () https://www.debian.org/security/2023/dsa-5558 - Third Party Advisory
References () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KSEGD2IWKNUO3DWY4KQGUQM5BISRWHQE/ - () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KSEGD2IWKNUO3DWY4KQGUQM5BISRWHQE/ - Mailing List, Third Party Advisory
References () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FNA62Q767CFAFHBCDKYNPBMZWB7TWYVU/ - () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FNA62Q767CFAFHBCDKYNPBMZWB7TWYVU/ - Mailing List, Third Party Advisory
References (MISC) https://github.com/caddyserver/caddy/releases/tag/v2.7.5 - Release Notes (MISC) https://github.com/caddyserver/caddy/releases/tag/v2.7.5 - Release Notes, Third Party Advisory
References (MLIST) https://lists.debian.org/debian-lts-announce/2023/11/msg00001.html - (MLIST) https://lists.debian.org/debian-lts-announce/2023/11/msg00001.html - Mailing List, Third Party Advisory
References () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZLU6U2R2IC2K64NDPNMV55AUAO65MAF4/ - () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZLU6U2R2IC2K64NDPNMV55AUAO65MAF4/ - Mailing List, Third Party Advisory
References (DEBIAN) https://www.debian.org/security/2023/dsa-5549 - (DEBIAN) https://www.debian.org/security/2023/dsa-5549 - Third Party Advisory
References () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2MBEPPC36UBVOZZNAXFHKLFGSLCMN5LI/ - () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2MBEPPC36UBVOZZNAXFHKLFGSLCMN5LI/ - Mailing List, Third Party Advisory
References () https://lists.debian.org/debian-lts-announce/2023/11/msg00012.html - () https://lists.debian.org/debian-lts-announce/2023/11/msg00012.html - Mailing List, Third Party Advisory
References (MLIST) https://lists.debian.org/debian-lts-announce/2023/10/msg00047.html - (MLIST) https://lists.debian.org/debian-lts-announce/2023/10/msg00047.html - Third Party Advisory
References () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LKYHSZQFDNR7RSA7LHVLLIAQMVYCUGBG/ - () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LKYHSZQFDNR7RSA7LHVLLIAQMVYCUGBG/ - Mailing List, Third Party Advisory
References () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JMEXY22BFG5Q64HQCM5CK2Q7KDKVV4TY/ - () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JMEXY22BFG5Q64HQCM5CK2Q7KDKVV4TY/ - Mailing List, Third Party Advisory
References (MISC) https://www.theregister.com/2023/10/10/http2_rapid_reset_zeroday/ - Press/Media Coverage (MISC) https://www.theregister.com/2023/10/10/http2_rapid_reset_zeroday/ - Press/Media Coverage, Third Party Advisory
References () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XFOIBB4YFICHDM7IBOP7PWXW3FX4HLL2/ - () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XFOIBB4YFICHDM7IBOP7PWXW3FX4HLL2/ - Mailing List, Third Party Advisory
References () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZKQSIKIAT5TJ3WSLU3RDBQ35YX4GY4V3/ - () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZKQSIKIAT5TJ3WSLU3RDBQ35YX4GY4V3/ - Mailing List, Third Party Advisory
References (MLIST) https://lists.debian.org/debian-lts-announce/2023/10/msg00045.html - (MLIST) https://lists.debian.org/debian-lts-announce/2023/10/msg00045.html - Third Party Advisory
References () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3N4NJ7FR4X4FPZUGNTQAPSTVB2HB2Y4A/ - () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3N4NJ7FR4X4FPZUGNTQAPSTVB2HB2Y4A/ - Mailing List, Third Party Advisory
References () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BFQD3KUEMFBHPAPBGLWQC34L4OWL5HAZ/ - () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BFQD3KUEMFBHPAPBGLWQC34L4OWL5HAZ/ - Mailing List, Third Party Advisory
References () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZB43REMKRQR62NJEI7I5NQ4FSXNLBKRT/ - () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZB43REMKRQR62NJEI7I5NQ4FSXNLBKRT/ - Mailing List, Third Party Advisory
References (MISC) https://github.com/apache/tomcat/tree/main/java/org/apache/coyote/http2 - Product (MISC) https://github.com/apache/tomcat/tree/main/java/org/apache/coyote/http2 - Product, Third Party Advisory
References (MISC) https://blog.qualys.com/vulnerabilities-threat-research/2023/10/10/cve-2023-44487-http-2-rapid-reset-attack - Press/Media Coverage (MISC) https://blog.qualys.com/vulnerabilities-threat-research/2023/10/10/cve-2023-44487-http-2-rapid-reset-attack - Press/Media Coverage, Third Party Advisory
References () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WLPRQ5TWUQQXYWBJM7ECYDAIL2YVKIUH/ - () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WLPRQ5TWUQQXYWBJM7ECYDAIL2YVKIUH/ - Mailing List, Third Party Advisory
References (MISC) https://github.com/h2o/h2o/pull/3291 - Patch (MISC) https://github.com/h2o/h2o/pull/3291 - Patch, Third Party Advisory
References () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JIZSEFC3YKCGABA2BZW6ZJRMDZJMB7PJ/ - () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JIZSEFC3YKCGABA2BZW6ZJRMDZJMB7PJ/ - Mailing List, Third Party Advisory
References (MISC) https://discuss.hashicorp.com/t/hcsec-2023-32-vault-consul-and-boundary-affected-by-http-2-rapid-reset-denial-of-service-vulnerability-cve-2023-44487/59715 - (MISC) https://discuss.hashicorp.com/t/hcsec-2023-32-vault-consul-and-boundary-affected-by-http-2-rapid-reset-denial-of-service-vulnerability-cve-2023-44487/59715 - Third Party Advisory
References () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X6QXN4ORIVF6XBW4WWFE7VNPVC74S45Y/ - () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X6QXN4ORIVF6XBW4WWFE7VNPVC74S45Y/ - Mailing List, Third Party Advisory
References (MISC) https://groups.google.com/g/golang-announce/c/iNNxDTCjZvo - Vendor Advisory (MISC) https://groups.google.com/g/golang-announce/c/iNNxDTCjZvo - Mailing List, Vendor Advisory
References (MISC) https://bugzilla.proxmox.com/show_bug.cgi?id=4988 - Issue Tracking (MISC) https://bugzilla.proxmox.com/show_bug.cgi?id=4988 - Issue Tracking, Third Party Advisory
References (MISC) https://mailman.nginx.org/pipermail/nginx-devel/2023-October/S36Q5HBXR7CAIMPLLPRSSSYR4PCMWILK.html - Mailing List, Patch (MISC) https://mailman.nginx.org/pipermail/nginx-devel/2023-October/S36Q5HBXR7CAIMPLLPRSSSYR4PCMWILK.html - Mailing List, Patch, Third Party Advisory
References () https://security.gentoo.org/glsa/202311-09 - () https://security.gentoo.org/glsa/202311-09 - Third Party Advisory
References () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/E72T67UPDRXHIDLO3OROR25YAMN4GGW5/ - () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/E72T67UPDRXHIDLO3OROR25YAMN4GGW5/ - Mailing List, Third Party Advisory
References () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WE2I52RHNNU42PX6NZ2RBUHSFFJ2LVZX/ - () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WE2I52RHNNU42PX6NZ2RBUHSFFJ2LVZX/ - Mailing List, Third Party Advisory
References (MISC) https://github.com/kazu-yamamoto/http2/commit/f61d41a502bd0f60eb24e1ce14edc7b6df6722a1 - Patch (MISC) https://github.com/kazu-yamamoto/http2/commit/f61d41a502bd0f60eb24e1ce14edc7b6df6722a1 - Patch, Third Party Advisory
References () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CLB4TW7KALB3EEQWNWCN7OUIWWVWWCG2/ - () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CLB4TW7KALB3EEQWNWCN7OUIWWVWWCG2/ - Mailing List, Third Party Advisory
References () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VSRDIV77HNKUSM7SJC5BKE5JSHLHU2NK/ - () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VSRDIV77HNKUSM7SJC5BKE5JSHLHU2NK/ - Mailing List, Third Party Advisory
References () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HT7T2R4MQKLIF4ODV4BDLPARWFPCJ5CZ/ - () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HT7T2R4MQKLIF4ODV4BDLPARWFPCJ5CZ/ - Mailing List, Third Party Advisory
References (MISC) https://lists.w3.org/Archives/Public/ietf-http-wg/2023OctDec/0025.html - Mailing List (MISC) https://lists.w3.org/Archives/Public/ietf-http-wg/2023OctDec/0025.html - Mailing List, Third Party Advisory

25 Nov 2023, 11:15

Type Values Removed Values Added
New CVE

Information

Published : 2023-10-10 14:15

Updated : 2024-11-21 08:25


NVD link : CVE-2023-44487

Mitre link : CVE-2023-44487

CVE.ORG link : CVE-2023-44487


JSON object : View

Products Affected

f5

  • big-ip_global_traffic_manager
  • big-ip_advanced_firewall_manager
  • nginx_ingress_controller
  • big-ip_application_visibility_and_reporting
  • big-ip_analytics
  • big-ip_next_service_proxy_for_kubernetes
  • big-ip_fraud_protection_service
  • big-ip_webaccelerator
  • big-ip_ssl_orchestrator
  • big-ip_local_traffic_manager
  • big-ip_access_policy_manager
  • big-ip_application_security_manager
  • nginx
  • big-ip_next
  • big-ip_ddos_hybrid_defender
  • big-ip_carrier-grade_nat
  • big-ip_domain_name_system
  • big-ip_application_acceleration_manager
  • big-ip_link_controller
  • big-ip_policy_enforcement_manager
  • big-ip_websafe
  • nginx_plus
  • big-ip_advanced_web_application_firewall

redhat

  • advanced_cluster_management_for_kubernetes
  • openshift_distributed_tracing
  • openshift_serverless
  • advanced_cluster_security
  • ceph_storage
  • migration_toolkit_for_containers
  • jboss_fuse
  • cert-manager_operator_for_red_hat_openshift
  • 3scale_api_management_platform
  • node_healthcheck_operator
  • integration_camel_k
  • build_of_quarkus
  • openshift
  • openshift_container_platform
  • fence_agents_remediation_operator
  • openshift_data_science
  • openshift_secondary_scheduler_operator
  • jboss_core_services
  • openshift_api_for_data_protection
  • openshift_container_platform_assisted_installer
  • openshift_gitops
  • enterprise_linux
  • node_maintenance_operator
  • cost_management
  • decision_manager
  • ansible_automation_platform
  • network_observability_operator
  • single_sign-on
  • openshift_virtualization
  • logging_subsystem_for_red_hat_openshift
  • migration_toolkit_for_virtualization
  • build_of_optaplanner
  • jboss_enterprise_application_platform
  • certification_for_red_hat_enterprise_linux
  • process_automation
  • openshift_pipelines
  • openshift_developer_tools_and_services
  • self_node_remediation_operator
  • machine_deletion_remediation_operator
  • satellite
  • jboss_data_grid
  • migration_toolkit_for_applications
  • integration_service_registry
  • support_for_spring_boot
  • run_once_duration_override_operator
  • web_terminal
  • openshift_sandboxed_containers
  • openshift_dev_spaces
  • quay
  • jboss_a-mq
  • cryostat
  • service_interconnect
  • openstack_platform
  • jboss_a-mq_streams
  • service_telemetry_framework
  • integration_camel_for_spring_boot
  • openshift_service_mesh

traefik

  • traefik

cisco

  • nexus_93180yc-fx3s
  • nexus_93240yc-fx2
  • nexus_3548-x\/xl
  • nexus_3132q
  • nexus_9396px_switch
  • nexus_9336c-fx2-e
  • unified_contact_center_domain_manager
  • nexus_9500_8-slot
  • nexus_3464c
  • nexus_93120tx_switch
  • nexus_34200yc-sm
  • nexus_93180yc-fx3h
  • nexus_92300yc
  • nexus_3548-x
  • nexus_9364c-gx
  • nexus_93108tc-fx-24
  • nexus_34180yc
  • nexus_9804
  • nexus_93180lc-ex_switch
  • nexus_3064t
  • nexus_9200
  • nexus_3548
  • unified_contact_center_enterprise
  • fog_director
  • nexus_92348gc-x
  • ultra_cloud_core_-_policy_control_function
  • data_center_network_manager
  • nexus_93180yc-fx3
  • nexus_3172tq
  • ultra_cloud_core_-_serving_gateway_function
  • nexus_93180yc-ex_switch
  • nexus_9500_supervisor_a\+
  • nexus_9372tx-e_switch
  • ultra_cloud_core_-_session_management_function
  • nexus_3200
  • nexus_9272q
  • nexus_3264c-e
  • nexus_3064
  • nexus_9232e
  • nexus_3064-x
  • telepresence_video_communication_server
  • nexus_93180yc-ex-24
  • nexus_93108tc-ex-24
  • nexus_3500
  • nexus_93180tc-ex
  • nexus_9372px_switch
  • nexus_3548-xl
  • nexus_31108tc-v
  • nexus_9221c
  • crosswork_zero_touch_provisioning
  • nexus_93128tx_switch
  • nexus_3064x
  • nexus_9504
  • nexus_9236c
  • nexus_93108tc-ex
  • prime_access_registrar
  • nexus_9336pq_aci
  • nexus_3016q
  • nexus_3164q
  • nexus_3100-v
  • nx-os
  • nexus_3524
  • nexus_9808
  • expressway
  • nexus_3524-x\/xl
  • nexus_31128pq
  • nexus_9372px-e
  • nexus_3064-32t
  • nexus_31108pv-v
  • nexus_3264q
  • nexus_3132q-x\/3132q-xl
  • nexus_3432d-s
  • nexus_9336c-fx2
  • nexus_9336pq
  • nexus_3100-z
  • nexus_9364c
  • secure_web_appliance_firmware
  • nexus_3172pq-xl
  • secure_web_appliance
  • nexus_9332d-h2r
  • nexus_93180yc-fx
  • nexus_9332pq
  • ios_xe
  • nexus_93360yc-fx2
  • nexus_93128tx
  • nexus_93108tc-fx3h
  • nexus_3636c-r
  • nexus_9332d-gx2b
  • nexus_9536pq
  • nexus_9300
  • nexus_93108tc-ex_switch
  • nexus_3100v
  • nexus_93240tc-fx2
  • nexus_9716d-gx
  • nexus_3064-t
  • nexus_9396px
  • nexus_9500_supervisor_b
  • nexus_9372tx_switch
  • secure_malware_analytics
  • nexus_9372tx-e
  • prime_network_registrar
  • secure_dynamic_attributes_connector
  • nexus_9508
  • nexus_9736pq
  • nexus_9504_switch
  • nexus_9272q_switch
  • nexus_93108tc-fx3p
  • nexus_31108pc-v
  • nexus_9372px-e_switch
  • unified_contact_center_enterprise_-_live_data_server
  • nexus_3132q-xl
  • nexus_3232c
  • nexus_9200yc
  • nexus_9348gc-fxp
  • nexus_3172pq\/pq-xl
  • nexus_9500_supervisor_b\+
  • nexus_92160yc_switch
  • nexus_9800
  • nexus_9500_16-slot
  • nexus_9372tx
  • nexus_3600
  • iot_field_network_director
  • nexus_93180yc-fx-24
  • nexus_3132c-z
  • nexus_3232c_
  • nexus_9500_4-slot
  • nexus_3132q-v
  • nexus_9432pq
  • nexus_3132q-x
  • nexus_93180yc-ex
  • nexus_9348gc-fx3
  • nexus_3172
  • nexus_3172pq
  • nexus_3524-xl
  • nexus_9336pq_aci_spine_switch
  • nexus_9408
  • nexus_9000v
  • nexus_3172tq-32t
  • nexus_9336pq_aci_spine
  • nexus_9316d-gx
  • nexus_93108tc-fx
  • connected_mobile_experiences
  • nexus_3408-s
  • nexus_3100
  • nexus_9500r
  • nexus_9348d-gx2a
  • unified_attendant_console_advanced
  • nexus_3524-x
  • nexus_92304qc
  • prime_cable_provisioning
  • nexus_9332c
  • nexus_9508_switch
  • nexus_9372px
  • nexus_3016
  • nexus_92160yc-x
  • nexus_3048
  • nexus_3232
  • nexus_92300yc_switch
  • nexus_9396tx_switch
  • nexus_93120tx
  • prime_infrastructure
  • nexus_93180lc-ex
  • nexus_93128
  • nexus_9500_supervisor_a
  • firepower_threat_defense
  • crosswork_data_gateway
  • unified_contact_center_management_portal
  • nexus_93600cd-gx
  • nexus_9500
  • nexus_3400
  • nexus_92304qc_switch
  • nexus_9516_switch
  • ios_xr
  • enterprise_chat_and_email
  • nexus_36180yc-r
  • nexus_9396tx
  • nexus_3172tq-xl
  • nexus_9636pq
  • nexus_93216tc-fx2
  • nexus_9364d-gx2a
  • nexus_9236c_switch
  • nexus_9332pq_switch
  • nexus_9516

microsoft

  • windows_11_22h2
  • azure_kubernetes_service
  • windows_10_22h2
  • windows_10_1607
  • windows_server_2016
  • windows_server_2022
  • windows_10_21h2
  • visual_studio_2022
  • .net
  • asp.net_core
  • windows_11_21h2
  • windows_10_1809
  • windows_server_2019
  • cbl-mariner

netty

  • netty

caddyserver

  • caddy

golang

  • go
  • networking
  • http2

netapp

  • oncommand_insight
  • astra_control_center

apple

  • swiftnio_http\/2

openresty

  • openresty

projectcontour

  • contour

facebook

  • proxygen

amazon

  • opensearch_data_prepper

apache

  • apisix
  • traffic_server
  • solr
  • tomcat

nodejs

  • node.js

istio

  • istio

konghq

  • kong_gateway

linkerd

  • linkerd

debian

  • debian_linux

varnish_cache_project

  • varnish_cache

dena

  • h2o

jenkins

  • jenkins

eclipse

  • jetty

kazu-yamamoto

  • http2

nghttp2

  • nghttp2

envoyproxy

  • envoy

fedoraproject

  • fedora

akka

  • http_server

ietf

  • http

linecorp

  • armeria

grpc

  • grpc
CWE
NVD-CWE-noinfo CWE-400

Uncontrolled Resource Consumption