VDB
AZL-42750
AZL-42750
PUBLISHED
CVSS 7.5 HIGH
The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.
Risk Scores
CVSS 3.1
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Azure Linux:3 | ig | 0 |
Exploit Intelligence
- HTTP/2 attack simulation & defense lab - Slowloris, Rapid Reset (CVE-2023-44487), HPACK Bomb attacks with 5 layered defenses. Built in pure Python with raw sockets and h2 library. (github-poc-repo)
- HTTP/2 attack simulation & defense lab - Slowloris, Rapid Reset (CVE-2023-44487), HPACK Bomb attacks with 5 layered defenses. Built in pure Python with raw sockets and h2 library. (github-poc)
- Educational environment for LTAT.04.022 Homework 4. (github-poc-repo)
- Educational environment for LTAT.04.022 Homework 4. (github-poc)
- TYuan0816/cve-2023-44487 (github-poc-repo)
- sn130hk/CVE-2023-44487 (github-poc-repo)
- RapidResetClient (github-poc-repo)
- POC for CVE-2023-44487 (github-poc-repo)
- Demo for detection and mitigation of HTTP/2 Rapid Reset vulnerability (CVE-2023-44487) (github-poc-repo)
- A comprehensive Python testing tool for CVE-2023-44487, the HTTP/2 Rapid Reset vulnerability. This enhanced version provides granular control over testing parameters, multiple attack patterns, and advanced monitoring capabilities. (github-poc-repo)
…and 62 more exploits
Timeline
- Oct 10, 2023 CVE Published
- Apr 21, 2026 CVE Updated