CVE-2023-44487

EUVD-2023-2795
The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CISA-ADPADP
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 99%
Affected Products (NVD)
VendorProductVersion
ietfhttp
2.0
nghttp2nghttp2
𝑥
< 1.57.0
nettynetty
𝑥
< 4.1.100
envoyproxyenvoy
1.24.10
envoyproxyenvoy
1.25.9
envoyproxyenvoy
1.26.4
envoyproxyenvoy
1.27.0
eclipsejetty
𝑥
< 9.4.53
eclipsejetty
10.0.0 ≤
𝑥
< 10.0.17
eclipsejetty
11.0.0 ≤
𝑥
< 11.0.17
eclipsejetty
12.0.0 ≤
𝑥
< 12.0.2
caddyservercaddy
𝑥
< 2.7.5
golanggo
𝑥
< 1.20.10
golanggo
1.21.0 ≤
𝑥
< 1.21.3
golanghttp2
𝑥
< 0.17.0
golangnetworking
𝑥
< 0.17.0
f5big-ip_access_policy_manager
13.1.0 ≤
𝑥
≤ 13.1.5
f5big-ip_access_policy_manager
14.1.0 ≤
𝑥
≤ 14.1.5
f5big-ip_access_policy_manager
15.1.0 ≤
𝑥
≤ 15.1.10
f5big-ip_access_policy_manager
16.1.0 ≤
𝑥
≤ 16.1.4
f5big-ip_access_policy_manager
17.1.0
f5big-ip_advanced_firewall_manager
13.1.0 ≤
𝑥
≤ 13.1.5
f5big-ip_advanced_firewall_manager
14.1.0 ≤
𝑥
≤ 14.1.5
f5big-ip_advanced_firewall_manager
15.1.0 ≤
𝑥
≤ 15.1.10
f5big-ip_advanced_firewall_manager
16.1.0 ≤
𝑥
≤ 16.1.4
f5big-ip_advanced_firewall_manager
17.1.0
f5big-ip_advanced_web_application_firewall
13.1.0 ≤
𝑥
≤ 13.1.5
f5big-ip_advanced_web_application_firewall
14.1.0 ≤
𝑥
≤ 14.1.5
f5big-ip_advanced_web_application_firewall
15.1.0 ≤
𝑥
≤ 15.1.10
f5big-ip_advanced_web_application_firewall
16.1.0 ≤
𝑥
≤ 16.1.4
f5big-ip_advanced_web_application_firewall
17.1.0
f5big-ip_analytics
13.1.0 ≤
𝑥
≤ 13.1.5
f5big-ip_analytics
14.1.0 ≤
𝑥
≤ 14.1.5
f5big-ip_analytics
15.1.0 ≤
𝑥
≤ 15.1.10
f5big-ip_analytics
16.1.0 ≤
𝑥
≤ 16.1.4
f5big-ip_analytics
17.1.0
f5big-ip_application_acceleration_manager
13.1.0 ≤
𝑥
≤ 13.1.5
f5big-ip_application_acceleration_manager
14.1.0 ≤
𝑥
≤ 14.1.5
f5big-ip_application_acceleration_manager
15.1.0 ≤
𝑥
≤ 15.1.10
f5big-ip_application_acceleration_manager
16.1.0 ≤
𝑥
≤ 16.1.4
f5big-ip_application_acceleration_manager
17.1.0
f5big-ip_application_security_manager
13.1.0 ≤
𝑥
≤ 13.1.5
f5big-ip_application_security_manager
14.1.0 ≤
𝑥
≤ 14.1.5
f5big-ip_application_security_manager
15.1.0 ≤
𝑥
≤ 15.1.10
f5big-ip_application_security_manager
16.1.0 ≤
𝑥
≤ 16.1.4
f5big-ip_application_security_manager
17.1.0
f5big-ip_application_visibility_and_reporting
13.1.0 ≤
𝑥
≤ 13.1.5
f5big-ip_application_visibility_and_reporting
14.1.0 ≤
𝑥
≤ 14.1.5
f5big-ip_application_visibility_and_reporting
15.1.0 ≤
𝑥
≤ 15.1.10
f5big-ip_application_visibility_and_reporting
16.1.0 ≤
𝑥
≤ 16.1.4
f5big-ip_application_visibility_and_reporting
17.1.0
f5big-ip_carrier-grade_nat
13.1.0 ≤
𝑥
≤ 13.1.5
f5big-ip_carrier-grade_nat
14.1.0 ≤
𝑥
≤ 14.1.5
f5big-ip_carrier-grade_nat
15.1.0 ≤
𝑥
≤ 15.1.10
f5big-ip_carrier-grade_nat
16.1.0 ≤
𝑥
≤ 16.1.4
f5big-ip_carrier-grade_nat
17.1.0
f5big-ip_ddos_hybrid_defender
13.1.0 ≤
𝑥
≤ 13.1.5
f5big-ip_ddos_hybrid_defender
14.1.0 ≤
𝑥
≤ 14.1.5
f5big-ip_ddos_hybrid_defender
15.1.0 ≤
𝑥
≤ 15.1.10
f5big-ip_ddos_hybrid_defender
16.1.0 ≤
𝑥
≤ 16.1.4
f5big-ip_ddos_hybrid_defender
17.1.0
f5big-ip_domain_name_system
13.1.0 ≤
𝑥
≤ 13.1.5
f5big-ip_domain_name_system
14.1.0 ≤
𝑥
≤ 14.1.5
f5big-ip_domain_name_system
15.1.0 ≤
𝑥
≤ 15.1.10
f5big-ip_domain_name_system
16.1.0 ≤
𝑥
≤ 16.1.4
f5big-ip_domain_name_system
17.1.0
f5big-ip_fraud_protection_service
13.1.0 ≤
𝑥
≤ 13.1.5
f5big-ip_fraud_protection_service
14.1.0 ≤
𝑥
≤ 14.1.5
f5big-ip_fraud_protection_service
15.1.0 ≤
𝑥
≤ 15.1.10
f5big-ip_fraud_protection_service
16.1.0 ≤
𝑥
≤ 16.1.4
f5big-ip_fraud_protection_service
17.1.0
f5big-ip_global_traffic_manager
13.1.0 ≤
𝑥
≤ 13.1.5
f5big-ip_global_traffic_manager
14.1.0 ≤
𝑥
≤ 14.1.5
f5big-ip_global_traffic_manager
15.1.0 ≤
𝑥
≤ 15.1.10
f5big-ip_global_traffic_manager
16.1.0 ≤
𝑥
≤ 16.1.4
f5big-ip_global_traffic_manager
17.1.0
f5big-ip_link_controller
13.1.0 ≤
𝑥
≤ 13.1.5
f5big-ip_link_controller
14.1.0 ≤
𝑥
≤ 14.1.5
f5big-ip_link_controller
15.1.0 ≤
𝑥
≤ 15.1.10
f5big-ip_link_controller
16.1.0 ≤
𝑥
≤ 16.1.4
f5big-ip_link_controller
17.1.0
f5big-ip_local_traffic_manager
13.1.0 ≤
𝑥
≤ 13.1.5
f5big-ip_local_traffic_manager
14.1.0 ≤
𝑥
≤ 14.1.5
f5big-ip_local_traffic_manager
15.1.0 ≤
𝑥
≤ 15.1.10
f5big-ip_local_traffic_manager
16.1.0 ≤
𝑥
≤ 16.1.4
f5big-ip_local_traffic_manager
17.1.0
f5big-ip_next
20.0.1
f5big-ip_next_service_proxy_for_kubernetes
1.5.0 ≤
𝑥
≤ 1.8.2
f5big-ip_policy_enforcement_manager
13.1.0 ≤
𝑥
≤ 13.1.5
f5big-ip_policy_enforcement_manager
14.1.0 ≤
𝑥
≤ 14.1.5
f5big-ip_policy_enforcement_manager
15.1.0 ≤
𝑥
≤ 15.1.10
f5big-ip_policy_enforcement_manager
16.1.0 ≤
𝑥
≤ 16.1.4
f5big-ip_policy_enforcement_manager
17.1.0
f5big-ip_ssl_orchestrator
13.1.0 ≤
𝑥
≤ 13.1.5
f5big-ip_ssl_orchestrator
14.1.0 ≤
𝑥
≤ 14.1.5
f5big-ip_ssl_orchestrator
15.1.0 ≤
𝑥
≤ 15.1.10
f5big-ip_ssl_orchestrator
16.1.0 ≤
𝑥
≤ 16.1.4
f5big-ip_ssl_orchestrator
17.1.0
f5big-ip_webaccelerator
13.1.0 ≤
𝑥
≤ 13.1.5
f5big-ip_webaccelerator
14.1.0 ≤
𝑥
≤ 14.1.5
f5big-ip_webaccelerator
15.1.0 ≤
𝑥
≤ 15.1.10
f5big-ip_webaccelerator
16.1.0 ≤
𝑥
≤ 16.1.4
f5big-ip_webaccelerator
17.1.0
f5big-ip_websafe
13.1.0 ≤
𝑥
≤ 13.1.5
f5big-ip_websafe
14.1.0 ≤
𝑥
≤ 14.1.5
f5big-ip_websafe
15.1.0 ≤
𝑥
≤ 15.1.10
f5big-ip_websafe
16.1.0 ≤
𝑥
≤ 16.1.4
f5big-ip_websafe
17.1.0
f5nginx
1.9.5 ≤
𝑥
≤ 1.25.2
f5nginx_ingress_controller
2.0.0 ≤
𝑥
≤ 2.4.2
f5nginx_ingress_controller
3.0.0 ≤
𝑥
≤ 3.3.0
f5nginx_plus
r25 ≤
𝑥
< r29
apachetomcat
8.5.0 ≤
𝑥
≤ 8.5.93
apachetomcat
9.0.0 ≤
𝑥
≤ 9.0.80
apachetomcat
10.1.0 ≤
𝑥
≤ 10.1.13
apachetomcat
11.0.0:milestone1
apachetomcat
11.0.0:milestone10
apachetomcat
11.0.0:milestone11
apachetomcat
11.0.0:milestone2
apachetomcat
11.0.0:milestone3
apachetomcat
11.0.0:milestone4
apachetomcat
11.0.0:milestone5
apachetomcat
11.0.0:milestone6
apachetomcat
11.0.0:milestone7
apachetomcat
11.0.0:milestone8
apachetomcat
11.0.0:milestone9
appleswiftnio_http\/2
𝑥
< 1.28.0
grpcgrpc
𝑥
< 1.56.3
grpcgrpc
𝑥
≤ 1.59.2
grpcgrpc
1.58.0 ≤
𝑥
< 1.58.3
grpcgrpc
1.57.0
microsoft.net
6.0.0 ≤
𝑥
< 6.0.23
microsoft.net
7.0.0 ≤
𝑥
< 7.0.12
microsoftasp.net_core
6.0.0 ≤
𝑥
< 6.0.23
microsoftasp.net_core
7.0.0 ≤
𝑥
< 7.0.12
microsoftazure_kubernetes_service
𝑥
< 2023-10-08
microsoftvisual_studio_2022
17.0 ≤
𝑥
< 17.2.20
microsoftvisual_studio_2022
17.4 ≤
𝑥
< 17.4.12
microsoftvisual_studio_2022
17.6 ≤
𝑥
< 17.6.8
microsoftvisual_studio_2022
17.7 ≤
𝑥
< 17.7.5
microsoftwindows_10_1607
𝑥
< 10.0.14393.6351
microsoftwindows_10_1607
𝑥
< 10.0.14393.6351
microsoftwindows_10_1809
𝑥
< 10.0.17763.4974
microsoftwindows_10_21h2
𝑥
< 10.0.19044.3570
microsoftwindows_10_22h2
𝑥
< 10.0.19045.3570
microsoftwindows_11_21h2
𝑥
< 10.0.22000.2538
microsoftwindows_11_22h2
𝑥
< 10.0.22621.2428
microsoftwindows_server_2016
-
microsoftwindows_server_2019
-
microsoftwindows_server_2022
-
nodejsnode.js
18.0.0 ≤
𝑥
< 18.18.2
nodejsnode.js
20.0.0 ≤
𝑥
< 20.8.1
microsoftcbl-mariner
𝑥
< 2023-10-11
denah2o
𝑥
< 2023-10-10
facebookproxygen
𝑥
< 2023.10.16.00
apacheapisix
𝑥
< 3.6.1
apachetraffic_server
8.0.0 ≤
𝑥
< 8.1.9
apachetraffic_server
9.0.0 ≤
𝑥
< 9.2.3
amazonopensearch_data_prepper
𝑥
< 2.5.0
debiandebian_linux
10.0
debiandebian_linux
11.0
debiandebian_linux
12.0
kazu-yamamotohttp2
𝑥
< 4.2.2
istioistio
𝑥
< 1.17.6
istioistio
1.18.0 ≤
𝑥
< 1.18.3
istioistio
1.19.0 ≤
𝑥
< 1.19.1
varnish_cache_projectvarnish_cache
𝑥
< 2023-10-10
traefiktraefik
𝑥
< 2.10.5
traefiktraefik
3.0.0:beta1
traefiktraefik
3.0.0:beta2
traefiktraefik
3.0.0:beta3
projectcontourcontour
𝑥
< 2023-10-11
linkerdlinkerd
2.12.0 ≤
𝑥
≤ 2.12.5
linkerdlinkerd
2.13.0
linkerdlinkerd
2.13.1
linkerdlinkerd
2.14.0
linkerdlinkerd
2.14.1
linecorparmeria
𝑥
< 1.26.0
redhat3scale_api_management_platform
2.0
redhatadvanced_cluster_management_for_kubernetes
2.0
redhatadvanced_cluster_security
3.0
redhatadvanced_cluster_security
4.0
redhatansible_automation_platform
2.0
redhatbuild_of_optaplanner
8.0
redhatbuild_of_quarkus
-
redhatceph_storage
5.0
redhatcert-manager_operator_for_red_hat_openshift
-
redhatcertification_for_red_hat_enterprise_linux
8.0
redhatcertification_for_red_hat_enterprise_linux
9.0
redhatcost_management
-
redhatcryostat
2.0
redhatdecision_manager
7.0
redhatfence_agents_remediation_operator
-
redhatintegration_camel_for_spring_boot
-
redhatintegration_camel_k
-
redhatintegration_service_registry
-
redhatjboss_a-mq_streams
-
redhatjboss_core_services
-
redhatjboss_data_grid
7.0.0
redhatjboss_enterprise_application_platform
6.0.0
redhatjboss_enterprise_application_platform
7.0.0
redhatjboss_fuse
6.0.0
redhatjboss_fuse
7.0.0
redhatlogging_subsystem_for_red_hat_openshift
-
redhatmachine_deletion_remediation_operator
-
redhatmigration_toolkit_for_applications
6.0
redhatmigration_toolkit_for_containers
-
redhatmigration_toolkit_for_virtualization
-
redhatnetwork_observability_operator
-
redhatnode_healthcheck_operator
-
redhatnode_maintenance_operator
-
redhatopenshift
-
redhatopenshift_api_for_data_protection
-
redhatopenshift_container_platform
4.0
redhatopenshift_container_platform_assisted_installer
-
redhatopenshift_data_science
-
redhatopenshift_dev_spaces
-
redhatopenshift_developer_tools_and_services
-
redhatopenshift_distributed_tracing
-
redhatopenshift_gitops
-
redhatopenshift_pipelines
-
redhatopenshift_sandboxed_containers
-
redhatopenshift_secondary_scheduler_operator
-
redhatopenshift_serverless
-
redhatopenshift_service_mesh
2.0
redhatopenstack_platform
16.1
redhatopenstack_platform
16.2
redhatopenstack_platform
17.1
redhatprocess_automation
7.0
redhatquay
3.0.0
redhatrun_once_duration_override_operator
-
redhatsatellite
6.0
redhatself_node_remediation_operator
-
redhatservice_interconnect
1.0
redhatsingle_sign-on
7.0
redhatsupport_for_spring_boot
-
redhatweb_terminal
-
redhatenterprise_linux
6.0
redhatenterprise_linux
8.0
redhatenterprise_linux
9.0
redhatservice_telemetry_framework
1.5
netappastra_control_center
-
netapponcommand_insight
-
akkahttp_server
𝑥
< 10.5.3
konghqkong_gateway
𝑥
< 3.4.2
jenkinsjenkins
𝑥
≤ 2.414.2
jenkinsjenkins
𝑥
≤ 2.427
apachesolr
𝑥
< 9.4.0
openrestyopenresty
𝑥
< 1.21.4.3
ciscobusiness_process_automation
𝑥
< 3.2.003.009
ciscoconnected_mobile_experiences
𝑥
< 11.1
ciscocrosswork_data_gateway
𝑥
< 4.1.3
ciscocrosswork_data_gateway
5.0.0 ≤
𝑥
< 5.0.2
ciscocrosswork_situation_manager
-
ciscocrosswork_zero_touch_provisioning
𝑥
< 6.0.0
ciscodata_center_network_manager
-
ciscoenterprise_chat_and_email
-
ciscofirepower_threat_defense
𝑥
< 7.4.2
ciscoiot_field_network_director
𝑥
< 4.11.0
ciscoprime_access_registrar
𝑥
< 9.3.3
ciscoprime_cable_provisioning
𝑥
< 7.2.1
ciscoprime_infrastructure
𝑥
< 3.10.4
ciscoprime_network_registrar
𝑥
< 11.2
ciscosecure_dynamic_attributes_connector
𝑥
< 2.2.0
ciscosecure_malware_analytics
𝑥
< 2.19.2
ciscoultra_cloud_core_-_policy_control_function
𝑥
< 2024.01.0
ciscoultra_cloud_core_-_policy_control_function
2024.01.0
ciscoultra_cloud_core_-_serving_gateway_function
𝑥
< 2024.02.0
ciscoultra_cloud_core_-_session_management_function
𝑥
< 2024.02.0
ciscounified_attendant_console_advanced
-
ciscounified_contact_center_domain_manager
-
ciscounified_contact_center_enterprise
-
ciscounified_contact_center_enterprise_-_live_data_server
𝑥
< 12.6.2
ciscounified_contact_center_management_portal
-
ciscofog_director
𝑥
< 1.22
ciscoios_xe
𝑥
< 17.15.1
ciscoios_xr
𝑥
< 7.11.2
ciscosecure_web_appliance_firmware
𝑥
< 15.1.0
cisconx-os
𝑥
< 10.2\(7\)
cisconx-os
10.3\(1\) ≤
𝑥
< 10.3\(5\)
cisconx-os
10.4\(1\) ≤
𝑥
< 10.4\(2\)
cisconx-os
𝑥
< 10.2\(7\)
cisconx-os
10.3\(1\) ≤
𝑥
< 10.3\(5\)
cisconx-os
10.4\(1\) ≤
𝑥
< 10.4\(2\)
𝑥
= Vulnerable software versions
Windows Releases
Platform
Version
Windows 10
1607 (x64, x86)
KB5031362
1809 (arm64, x64, x86)
KB5031361
21H2 (arm64, x64, x86)
KB5031356
22H2 (arm64, x64, x86)
KB5031356
Windows 11
21H2 (arm64, x64)
KB5031358
22H2 (arm64, x64)
KB5031354
Windows Server 2016
Server Core
KB5031362
Standard
KB5031362
Windows Server 2019
Server Core
KB5031361
Standard
KB5031361
Windows Server 2022
Server Core
KB5031364
Standard
KB5031364
Debian logo
Debian Releases
Debian Product
Codename
dnsdist
bookworm
ignored
bullseye
ignored
buster
not-affected
sid
1.9.8-1
fixed
trixie
1.9.8-1
fixed
grpc
bookworm
ignored
bullseye
ignored
buster
not-affected
sid
vulnerable
trixie
vulnerable
h2o
bookworm
ignored
bullseye
ignored
buster
not-affected
sid
2.2.5+dfsg2-11
fixed
trixie
2.2.5+dfsg2-9
fixed
haproxy
bookworm
2.6.12-1+deb12u1
ignored
bookworm (security)
2.6.12-1+deb12u1
fixed
bullseye
2.2.9-2+deb11u6
ignored
bullseye (security)
2.2.9-2+deb11u6
fixed
buster
not-affected
sid
3.0.7-1
fixed
trixie
3.0.7-1
fixed
jetty9
bookworm
9.4.50-4+deb12u3
ignored
bookworm (security)
9.4.50-4+deb12u3
fixed
bullseye
9.4.50-4+deb11u2
ignored
bullseye (security)
9.4.50-4+deb11u2
fixed
buster
not-affected
sid
9.4.56-1
fixed
trixie
9.4.56-1
fixed
netty
bookworm
1:4.1.48-7+deb12u1
ignored
bookworm (security)
1:4.1.48-7+deb12u1
fixed
bullseye
1:4.1.48-4+deb11u2
ignored
bullseye (security)
1:4.1.48-4+deb11u2
fixed
buster
not-affected
sid
1:4.1.48-10
fixed
trixie
1:4.1.48-10
fixed
nghttp2
bookworm
1.52.0-1+deb12u2
ignored
bookworm (security)
1.52.0-1+deb12u1
fixed
bullseye
1.43.0-1+deb11u1
ignored
bullseye (security)
1.43.0-1+deb11u2
fixed
buster
not-affected
sid
1.64.0-1
fixed
trixie
1.64.0-1
fixed
nginx
bookworm
ignored
bullseye
ignored
bullseye (security)
unimportant
buster
not-affected
sid
1.26.0-3
fixed
trixie
1.26.0-3
fixed
tomcat10
bookworm
10.1.6-1+deb12u2
ignored
bookworm (security)
10.1.6-1+deb12u2
fixed
bullseye
ignored
buster
not-affected
sid
10.1.34-1
fixed
trixie
10.1.34-1
fixed
tomcat9
bookworm
9.0.70-2
ignored
bullseye
9.0.43-2~deb11u10
ignored
bullseye (security)
9.0.43-2~deb11u10
fixed
buster
not-affected
sid
9.0.95-1
fixed
trixie
9.0.95-1
fixed
trafficserver
bookworm
9.2.5+ds-0+deb12u1
ignored
bookworm (security)
9.2.5+ds-0+deb12u1
fixed
bullseye
8.1.10+ds-1~deb11u1
ignored
bullseye (security)
8.1.11+ds-0+deb11u1
fixed
buster
not-affected
sid
9.2.5+ds-1
fixed
varnish
bookworm
ignored
bullseye
ignored
bullseye (security)
vulnerable
buster
not-affected
sid
7.6.1-2
fixed
trixie
7.6.1-2
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
dotnet6
bionic
dne
focal
dne
jammy
Fixed 6.0.123-0ubuntu1~22.04.1
released
lunar
Fixed 6.0.123-0ubuntu1~23.04.1
released
mantic
Fixed 6.0.123-0ubuntu1
released
noble
dne
oracular
dne
trusty
dne
xenial
dne
dotnet7
bionic
dne
focal
dne
jammy
Fixed 7.0.112-0ubuntu1~22.04.1
released
lunar
Fixed 7.0.112-0ubuntu1~23.04.1
released
mantic
Fixed 7.0.112-0ubuntu1
released
noble
dne
oracular
dne
trusty
dne
xenial
dne
dotnet8
bionic
dne
focal
dne
jammy
not-affected
lunar
dne
mantic
Fixed 8.0.100-8.0.0~rc2-0ubuntu1
released
noble
Fixed 8.0.100-8.0.0-0ubuntu1
released
oracular
Fixed 8.0.100-8.0.0-0ubuntu1
released
trusty
dne
xenial
dne
h2o
bionic
needs-triage
focal
needs-triage
jammy
needs-triage
lunar
ignored
mantic
ignored
noble
not-affected
oracular
needs-triage
trusty
dne
xenial
dne
haproxy
bionic
Fixed 1.8.8-1ubuntu0.13+esm3
released
focal
not-affected
jammy
not-affected
lunar
not-affected
mantic
not-affected
noble
not-affected
oracular
not-affected
trusty
ignored
xenial
not-affected
netty
bionic
not-affected
focal
Fixed 1:4.1.45-1ubuntu0.2
released
jammy
Fixed 1:4.1.48-4+deb11u2build0.22.04.1
released
kinetic
ignored
lunar
ignored
mantic
ignored
noble
not-affected
oracular
not-affected
trusty
not-affected
xenial
not-affected
nghttp2
bionic
Fixed 1.30.0-1ubuntu1+esm2
released
focal
Fixed 1.40.0-1ubuntu0.2
released
jammy
Fixed 1.43.0-1ubuntu0.1
released
lunar
Fixed 1.52.0-1ubuntu0.1
released
mantic
Fixed 1.55.1-1ubuntu0.1
released
noble
not-affected
oracular
not-affected
trusty
ignored
xenial
Fixed 1.7.1-1ubuntu0.1~esm2
released
nginx
bionic
not-affected
focal
not-affected
jammy
not-affected
lunar
not-affected
mantic
not-affected
noble
not-affected
oracular
not-affected
trusty
not-affected
xenial
not-affected
nodejs
bionic
needs-triage
focal
needs-triage
jammy
needs-triage
lunar
ignored
mantic
ignored
noble
needs-triage
oracular
needs-triage
trusty
ignored
xenial
needs-triage
tomcat10
bionic
ignored
focal
dne
jammy
dne
lunar
ignored
mantic
ignored
noble
needs-triage
oracular
not-affected
trusty
ignored
xenial
ignored
tomcat8
bionic
needs-triage
focal
dne
jammy
dne
lunar
dne
mantic
dne
noble
dne
oracular
dne
trusty
dne
xenial
needs-triage
tomcat9
bionic
needs-triage
focal
needs-triage
jammy
needs-triage
lunar
ignored
mantic
ignored
noble
needs-triage
oracular
needs-triage
trusty
ignored
xenial
ignored
trafficserver
bionic
needs-triage
focal
needs-triage
jammy
needs-triage
lunar
ignored
mantic
ignored
noble
needs-triage
oracular
needs-triage
trusty
ignored
xenial
needs-triage
Common Weakness Enumeration
References
http://www.openwall.com/lists/oss-security/2023/10/10/6
http://www.openwall.com/lists/oss-security/2023/10/10/7
http://www.openwall.com/lists/oss-security/2023/10/13/4
http://www.openwall.com/lists/oss-security/2023/10/13/9
http://www.openwall.com/lists/oss-security/2023/10/18/4
http://www.openwall.com/lists/oss-security/2023/10/18/8
http://www.openwall.com/lists/oss-security/2023/10/19/6
http://www.openwall.com/lists/oss-security/2023/10/20/8
https://access.redhat.com/security/cve/cve-2023-44487
https://arstechnica.com/security/2023/10/how-ddosers-used-the-http-2-protocol-to-deliver-attacks-of-unprecedented-size/
https://aws.amazon.com/security/security-bulletins/AWS-2023-011/
https://blog.cloudflare.com/technical-breakdown-http2-rapid-reset-ddos-attack/
https://blog.cloudflare.com/zero-day-rapid-reset-http2-record-breaking-ddos-attack/
https://blog.litespeedtech.com/2023/10/11/rapid-reset-http-2-vulnerablilty/
https://blog.qualys.com/vulnerabilities-threat-research/2023/10/10/cve-2023-44487-http-2-rapid-reset-attack
https://blog.vespa.ai/cve-2023-44487/
https://bugzilla.proxmox.com/show_bug.cgi?id=4988
https://bugzilla.redhat.com/show_bug.cgi?id=2242803
https://bugzilla.suse.com/show_bug.cgi?id=1216123
https://cgit.freebsd.org/ports/commit/?id=c64c329c2c1752f46b73e3e6ce9f4329be6629f9
https://cloud.google.com/blog/products/identity-security/google-cloud-mitigated-largest-ddos-attack-peaking-above-398-million-rps/
https://cloud.google.com/blog/products/identity-security/how-it-works-the-novel-http2-rapid-reset-ddos-attack
https://community.traefik.io/t/is-traefik-vulnerable-to-cve-2023-44487/20125
https://discuss.hashicorp.com/t/hcsec-2023-32-vault-consul-and-boundary-affected-by-http-2-rapid-reset-denial-of-service-vulnerability-cve-2023-44487/59715
https://edg.io/lp/blog/resets-leaks-ddos-and-the-tale-of-a-hidden-cve
https://forums.swift.org/t/swift-nio-http2-security-update-cve-2023-44487-http-2-dos/67764
https://gist.github.com/adulau/7c2bfb8e9cdbe4b35a5e131c66a0c088
https://github.com/Azure/AKS/issues/3947
https://github.com/Kong/kong/discussions/11741
https://github.com/advisories/GHSA-qppj-fm5r-hxr3
https://github.com/advisories/GHSA-vx74-f528-fxqg
https://github.com/advisories/GHSA-xpw8-rcwv-8f8p
https://github.com/akka/akka-http/issues/4323
https://github.com/alibaba/tengine/issues/1872
https://github.com/apache/apisix/issues/10320
https://github.com/apache/httpd-site/pull/10
https://github.com/apache/httpd/blob/afcdbeebbff4b0c50ea26cdd16e178c0d1f24152/modules/http2/h2_mplx.c#L1101-L1113
https://github.com/apache/tomcat/tree/main/java/org/apache/coyote/http2
https://github.com/apache/trafficserver/pull/10564
https://github.com/arkrwn/PoC/tree/main/CVE-2023-44487
https://github.com/bcdannyboy/CVE-2023-44487
https://github.com/caddyserver/caddy/issues/5877
https://github.com/caddyserver/caddy/releases/tag/v2.7.5
https://github.com/dotnet/announcements/issues/277
https://github.com/dotnet/core/blob/e4613450ea0da7fd2fc6b61dfb2c1c1dec1ce9ec/release-notes/6.0/6.0.23/6.0.23.md?plain=1#L73
https://github.com/eclipse/jetty.project/issues/10679
https://github.com/envoyproxy/envoy/pull/30055
https://github.com/etcd-io/etcd/issues/16740
https://github.com/facebook/proxygen/pull/466
https://github.com/golang/go/issues/63417
https://github.com/grpc/grpc-go/pull/6703
https://github.com/grpc/grpc/releases/tag/v1.59.2
https://github.com/h2o/h2o/pull/3291
https://github.com/h2o/h2o/security/advisories/GHSA-2m7v-gc89-fjqf
https://github.com/haproxy/haproxy/issues/2312
https://github.com/icing/mod_h2/blob/0a864782af0a942aa2ad4ed960a6b32cd35bcf0a/mod_http2/README.md?plain=1#L239-L244
https://github.com/junkurihara/rust-rpxy/issues/97
https://github.com/kazu-yamamoto/http2/commit/f61d41a502bd0f60eb24e1ce14edc7b6df6722a1
https://github.com/kazu-yamamoto/http2/issues/93
https://github.com/kubernetes/kubernetes/pull/121120
https://github.com/line/armeria/pull/5232
https://github.com/linkerd/website/pull/1695/commits/4b9c6836471bc8270ab48aae6fd2181bc73fd632
https://github.com/micrictor/http2-rst-stream
https://github.com/microsoft/CBL-Mariner/pull/6381
https://github.com/netty/netty/commit/58f75f665aa81a8cbcf6ffa74820042a285c5e61
https://github.com/nghttp2/nghttp2/pull/1961
https://github.com/nghttp2/nghttp2/releases/tag/v1.57.0
https://github.com/ninenines/cowboy/issues/1615
https://github.com/nodejs/node/pull/50121
https://github.com/openresty/openresty/issues/930
https://github.com/opensearch-project/data-prepper/issues/3474
https://github.com/oqtane/oqtane.framework/discussions/3367
https://github.com/projectcontour/contour/pull/5826
https://github.com/tempesta-tech/tempesta/issues/1986
https://github.com/varnishcache/varnish-cache/issues/3996
https://groups.google.com/g/golang-announce/c/iNNxDTCjZvo
https://istio.io/latest/news/security/istio-security-2023-004/
https://linkerd.io/2023/10/12/linkerd-cve-2023-44487/
https://lists.apache.org/thread/5py8h42mxfsn8l1wy6o41xwhsjlsd87q
https://lists.debian.org/debian-lts-announce/2023/10/msg00020.html
https://lists.debian.org/debian-lts-announce/2023/10/msg00023.html
https://lists.debian.org/debian-lts-announce/2023/10/msg00024.html
https://lists.debian.org/debian-lts-announce/2023/10/msg00045.html
https://lists.debian.org/debian-lts-announce/2023/10/msg00047.html
https://lists.debian.org/debian-lts-announce/2023/11/msg00001.html
https://lists.debian.org/debian-lts-announce/2023/11/msg00012.html
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2MBEPPC36UBVOZZNAXFHKLFGSLCMN5LI/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3N4NJ7FR4X4FPZUGNTQAPSTVB2HB2Y4A/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BFQD3KUEMFBHPAPBGLWQC34L4OWL5HAZ/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CLB4TW7KALB3EEQWNWCN7OUIWWVWWCG2/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/E72T67UPDRXHIDLO3OROR25YAMN4GGW5/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FNA62Q767CFAFHBCDKYNPBMZWB7TWYVU/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HT7T2R4MQKLIF4ODV4BDLPARWFPCJ5CZ/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JIZSEFC3YKCGABA2BZW6ZJRMDZJMB7PJ/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JMEXY22BFG5Q64HQCM5CK2Q7KDKVV4TY/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KSEGD2IWKNUO3DWY4KQGUQM5BISRWHQE/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LKYHSZQFDNR7RSA7LHVLLIAQMVYCUGBG/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LNMZJCDHGLJJLXO4OXWJMTVQRNWOC7UL/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VHUHTSXLXGXS7JYKBXTA3VINUPHTNGVU/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VSRDIV77HNKUSM7SJC5BKE5JSHLHU2NK/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WE2I52RHNNU42PX6NZ2RBUHSFFJ2LVZX/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WLPRQ5TWUQQXYWBJM7ECYDAIL2YVKIUH/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/X6QXN4ORIVF6XBW4WWFE7VNPVC74S45Y/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XFOIBB4YFICHDM7IBOP7PWXW3FX4HLL2/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZB43REMKRQR62NJEI7I5NQ4FSXNLBKRT/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZKQSIKIAT5TJ3WSLU3RDBQ35YX4GY4V3/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZLU6U2R2IC2K64NDPNMV55AUAO65MAF4/
https://lists.w3.org/Archives/Public/ietf-http-wg/2023OctDec/0025.html
https://mailman.nginx.org/pipermail/nginx-devel/2023-October/S36Q5HBXR7CAIMPLLPRSSSYR4PCMWILK.html
https://martinthomson.github.io/h2-stream-limits/draft-thomson-httpbis-h2-stream-limits.html
https://msrc.microsoft.com/blog/2023/10/microsoft-response-to-distributed-denial-of-service-ddos-attacks-against-http/2/
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-44487
https://my.f5.com/manage/s/article/K000137106
https://netty.io/news/2023/10/10/4-1-100-Final.html
https://news.ycombinator.com/item?id=37830987
https://news.ycombinator.com/item?id=37830998
https://news.ycombinator.com/item?id=37831062
https://news.ycombinator.com/item?id=37837043
https://openssf.org/blog/2023/10/10/http-2-rapid-reset-vulnerability-highlights-need-for-rapid-response/
https://seanmonstar.com/post/730794151136935936/hyper-http2-rapid-reset-unaffected
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-http2-reset-d8Kf32vZ
https://security.gentoo.org/glsa/202311-09
https://security.netapp.com/advisory/ntap-20231016-0001/
https://security.netapp.com/advisory/ntap-20240426-0007/
https://security.netapp.com/advisory/ntap-20240621-0006/
https://security.netapp.com/advisory/ntap-20240621-0007/
https://security.paloaltonetworks.com/CVE-2023-44487
https://tomcat.apache.org/security-10.html#Fixed_in_Apache_Tomcat_10.1.14
https://ubuntu.com/security/CVE-2023-44487
https://www.bleepingcomputer.com/news/security/new-http-2-rapid-reset-zero-day-attack-breaks-ddos-records/
https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487
https://www.darkreading.com/cloud/internet-wide-zero-day-bug-fuels-largest-ever-ddos-event
https://www.debian.org/security/2023/dsa-5521
https://www.debian.org/security/2023/dsa-5522
https://www.debian.org/security/2023/dsa-5540
https://www.debian.org/security/2023/dsa-5549
https://www.debian.org/security/2023/dsa-5558
https://www.debian.org/security/2023/dsa-5570
https://www.haproxy.com/blog/haproxy-is-not-affected-by-the-http-2-rapid-reset-attack-cve-2023-44487
https://www.netlify.com/blog/netlify-successfully-mitigates-cve-2023-44487/
https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/
https://www.openwall.com/lists/oss-security/2023/10/10/6
https://www.phoronix.com/news/HTTP2-Rapid-Reset-Attack
https://www.theregister.com/2023/10/10/http2_rapid_reset_zeroday/
http://www.openwall.com/lists/oss-security/2023/10/13/4
http://www.openwall.com/lists/oss-security/2023/10/13/9
http://www.openwall.com/lists/oss-security/2023/10/18/4
http://www.openwall.com/lists/oss-security/2023/10/18/8
http://www.openwall.com/lists/oss-security/2023/10/19/6
http://www.openwall.com/lists/oss-security/2023/10/20/8
http://www.openwall.com/lists/oss-security/2025/08/13/6
https://access.redhat.com/security/cve/cve-2023-44487
https://arstechnica.com/security/2023/10/how-ddosers-used-the-http-2-protocol-to-deliver-attacks-of-unprecedented-size/
https://aws.amazon.com/security/security-bulletins/AWS-2023-011/
https://blog.cloudflare.com/technical-breakdown-http2-rapid-reset-ddos-attack/
https://blog.cloudflare.com/zero-day-rapid-reset-http2-record-breaking-ddos-attack/
https://blog.litespeedtech.com/2023/10/11/rapid-reset-http-2-vulnerablilty/
https://blog.qualys.com/vulnerabilities-threat-research/2023/10/10/cve-2023-44487-http-2-rapid-reset-attack
https://blog.vespa.ai/cve-2023-44487/
https://bugzilla.proxmox.com/show_bug.cgi?id=4988
https://bugzilla.redhat.com/show_bug.cgi?id=2242803
https://bugzilla.suse.com/show_bug.cgi?id=1216123
https://cgit.freebsd.org/ports/commit/?id=c64c329c2c1752f46b73e3e6ce9f4329be6629f9
https://cloud.google.com/blog/products/identity-security/google-cloud-mitigated-largest-ddos-attack-peaking-above-398-million-rps/
https://cloud.google.com/blog/products/identity-security/how-it-works-the-novel-http2-rapid-reset-ddos-attack
https://community.traefik.io/t/is-traefik-vulnerable-to-cve-2023-44487/20125
https://discuss.hashicorp.com/t/hcsec-2023-32-vault-consul-and-boundary-affected-by-http-2-rapid-reset-denial-of-service-vulnerability-cve-2023-44487/59715
https://edg.io/lp/blog/resets-leaks-ddos-and-the-tale-of-a-hidden-cve
https://forums.swift.org/t/swift-nio-http2-security-update-cve-2023-44487-http-2-dos/67764
https://gist.github.com/adulau/7c2bfb8e9cdbe4b35a5e131c66a0c088
https://github.com/Azure/AKS/issues/3947
https://github.com/Kong/kong/discussions/11741
https://github.com/advisories/GHSA-qppj-fm5r-hxr3
https://github.com/advisories/GHSA-vx74-f528-fxqg
https://github.com/advisories/GHSA-xpw8-rcwv-8f8p
https://github.com/akka/akka-http/issues/4323
https://github.com/alibaba/tengine/issues/1872
https://github.com/apache/apisix/issues/10320
https://github.com/apache/httpd-site/pull/10
https://github.com/apache/httpd/blob/afcdbeebbff4b0c50ea26cdd16e178c0d1f24152/modules/http2/h2_mplx.c#L1101-L1113
https://github.com/apache/tomcat/tree/main/java/org/apache/coyote/http2
https://github.com/apache/trafficserver/pull/10564
https://github.com/arkrwn/PoC/tree/main/CVE-2023-44487
https://github.com/bcdannyboy/CVE-2023-44487
https://github.com/caddyserver/caddy/issues/5877
https://github.com/caddyserver/caddy/releases/tag/v2.7.5
https://github.com/dotnet/announcements/issues/277
https://github.com/dotnet/core/blob/e4613450ea0da7fd2fc6b61dfb2c1c1dec1ce9ec/release-notes/6.0/6.0.23/6.0.23.md?plain=1#L73
https://github.com/eclipse/jetty.project/issues/10679
https://github.com/envoyproxy/envoy/pull/30055
https://github.com/etcd-io/etcd/issues/16740
https://github.com/facebook/proxygen/pull/466
https://github.com/golang/go/issues/63417
https://github.com/grpc/grpc-go/pull/6703
https://github.com/h2o/h2o/pull/3291
https://github.com/h2o/h2o/security/advisories/GHSA-2m7v-gc89-fjqf
https://github.com/haproxy/haproxy/issues/2312
https://github.com/icing/mod_h2/blob/0a864782af0a942aa2ad4ed960a6b32cd35bcf0a/mod_http2/README.md?plain=1#L239-L244
https://github.com/junkurihara/rust-rpxy/issues/97
https://github.com/kazu-yamamoto/http2/commit/f61d41a502bd0f60eb24e1ce14edc7b6df6722a1
https://github.com/kazu-yamamoto/http2/issues/93
https://github.com/kubernetes/kubernetes/pull/121120
https://github.com/line/armeria/pull/5232
https://github.com/linkerd/website/pull/1695/commits/4b9c6836471bc8270ab48aae6fd2181bc73fd632
https://github.com/micrictor/http2-rst-stream
https://github.com/microsoft/CBL-Mariner/pull/6381
https://github.com/netty/netty/commit/58f75f665aa81a8cbcf6ffa74820042a285c5e61
https://github.com/nghttp2/nghttp2/pull/1961
https://github.com/nghttp2/nghttp2/releases/tag/v1.57.0
https://github.com/ninenines/cowboy/issues/1615
https://github.com/nodejs/node/pull/50121
https://github.com/openresty/openresty/issues/930
https://github.com/opensearch-project/data-prepper/issues/3474
https://github.com/oqtane/oqtane.framework/discussions/3367
https://github.com/projectcontour/contour/pull/5826
https://github.com/tempesta-tech/tempesta/issues/1986
https://github.com/varnishcache/varnish-cache/issues/3996
https://groups.google.com/g/golang-announce/c/iNNxDTCjZvo
https://istio.io/latest/news/security/istio-security-2023-004/
https://linkerd.io/2023/10/12/linkerd-cve-2023-44487/
https://lists.apache.org/thread/5py8h42mxfsn8l1wy6o41xwhsjlsd87q
https://lists.debian.org/debian-lts-announce/2023/10/msg00020.html
https://lists.debian.org/debian-lts-announce/2023/10/msg00023.html
https://lists.debian.org/debian-lts-announce/2023/10/msg00024.html
https://lists.debian.org/debian-lts-announce/2023/10/msg00045.html
https://lists.debian.org/debian-lts-announce/2023/10/msg00047.html
https://lists.debian.org/debian-lts-announce/2023/11/msg00001.html
https://lists.debian.org/debian-lts-announce/2023/11/msg00012.html
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2MBEPPC36UBVOZZNAXFHKLFGSLCMN5LI/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3N4NJ7FR4X4FPZUGNTQAPSTVB2HB2Y4A/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BFQD3KUEMFBHPAPBGLWQC34L4OWL5HAZ/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CLB4TW7KALB3EEQWNWCN7OUIWWVWWCG2/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/E72T67UPDRXHIDLO3OROR25YAMN4GGW5/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FNA62Q767CFAFHBCDKYNPBMZWB7TWYVU/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HT7T2R4MQKLIF4ODV4BDLPARWFPCJ5CZ/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JIZSEFC3YKCGABA2BZW6ZJRMDZJMB7PJ/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JMEXY22BFG5Q64HQCM5CK2Q7KDKVV4TY/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KSEGD2IWKNUO3DWY4KQGUQM5BISRWHQE/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LKYHSZQFDNR7RSA7LHVLLIAQMVYCUGBG/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LNMZJCDHGLJJLXO4OXWJMTVQRNWOC7UL/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VHUHTSXLXGXS7JYKBXTA3VINUPHTNGVU/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VSRDIV77HNKUSM7SJC5BKE5JSHLHU2NK/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WE2I52RHNNU42PX6NZ2RBUHSFFJ2LVZX/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WLPRQ5TWUQQXYWBJM7ECYDAIL2YVKIUH/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X6QXN4ORIVF6XBW4WWFE7VNPVC74S45Y/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XFOIBB4YFICHDM7IBOP7PWXW3FX4HLL2/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZB43REMKRQR62NJEI7I5NQ4FSXNLBKRT/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZKQSIKIAT5TJ3WSLU3RDBQ35YX4GY4V3/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZLU6U2R2IC2K64NDPNMV55AUAO65MAF4/
https://lists.w3.org/Archives/Public/ietf-http-wg/2023OctDec/0025.html
https://mailman.nginx.org/pipermail/nginx-devel/2023-October/S36Q5HBXR7CAIMPLLPRSSSYR4PCMWILK.html
https://martinthomson.github.io/h2-stream-limits/draft-thomson-httpbis-h2-stream-limits.html
https://msrc.microsoft.com/blog/2023/10/microsoft-response-to-distributed-denial-of-service-ddos-attacks-against-http/2/
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-44487
https://my.f5.com/manage/s/article/K000137106
https://netty.io/news/2023/10/10/4-1-100-Final.html
https://news.ycombinator.com/item?id=37830987
https://news.ycombinator.com/item?id=37830998
https://news.ycombinator.com/item?id=37831062
https://news.ycombinator.com/item?id=37837043
https://openssf.org/blog/2023/10/10/http-2-rapid-reset-vulnerability-highlights-need-for-rapid-response/
https://seanmonstar.com/post/730794151136935936/hyper-http2-rapid-reset-unaffected
https://security.gentoo.org/glsa/202311-09
https://security.netapp.com/advisory/ntap-20231016-0001/
https://security.netapp.com/advisory/ntap-20240426-0007/
https://security.netapp.com/advisory/ntap-20240621-0006/
https://security.netapp.com/advisory/ntap-20240621-0007/
https://security.paloaltonetworks.com/CVE-2023-44487
https://tomcat.apache.org/security-10.html#Fixed_in_Apache_Tomcat_10.1.14
https://ubuntu.com/security/CVE-2023-44487
https://www.bleepingcomputer.com/news/security/new-http-2-rapid-reset-zero-day-attack-breaks-ddos-records/
https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487
https://www.darkreading.com/cloud/internet-wide-zero-day-bug-fuels-largest-ever-ddos-event
https://www.debian.org/security/2023/dsa-5521
https://www.debian.org/security/2023/dsa-5522
https://www.debian.org/security/2023/dsa-5540
https://www.debian.org/security/2023/dsa-5549
https://www.debian.org/security/2023/dsa-5558
https://www.debian.org/security/2023/dsa-5570
https://www.haproxy.com/blog/haproxy-is-not-affected-by-the-http-2-rapid-reset-attack-cve-2023-44487
https://www.netlify.com/blog/netlify-successfully-mitigates-cve-2023-44487/
https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/
https://www.openwall.com/lists/oss-security/2023/10/10/6
https://www.phoronix.com/news/HTTP2-Rapid-Reset-Attack
https://www.theregister.com/2023/10/10/http2_rapid_reset_zeroday/
https://www.vicarius.io/vsociety/posts/rapid-reset-cve-2023-44487-dos-in-http2-understanding-the-root-cause
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-44487