VDB

DEBIAN-CVE-2023-44487

DEBIAN-CVE-2023-44487 PUBLISHED CVSS 7.5 HIGH

The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.

Risk Scores

CVSS 3.1
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Affected Products

VendorProductVersions
Debian:11haproxy0, 0, 0
Debian:14jetty90, 0, 0
Debian:11varnish7.6.0-1, 7.5.0-3, 6.5.2-1
Debian:13nginx0, 0, 0
Debian:14netty0, 0, 0
Debian:11tomcat9*, 9.0.43-2~deb11u1, 9.0.43-1
Debian:13tomcat100, 0, 0
Debian:13tomcat90, 0, 0
Debian:11netty0, *, 1:4.1.48-4+deb11u1
Debian:12tomcat90, 0, 0
Debian:11h2o2.2.5+dfsg2-6, 2.2.5+dfsg2-11, 2.2.5+dfsg2-10
Debian:13netty0, 0, 0
Debian:13grpc1.59.5-1, 1.59.5-1, 1.51.1-9
Debian:14nginx0, 0, 0
Debian:12nginx1.28.0-3, 1.28.0-4, 1.28.0-5
Debian:14tomcat90, 0, 0
Debian:14tomcat100, 0, 0
Debian:13varnish0, 0, 0
Debian:11dnsdist1.8.3-3, 1.8.2-1, 1.7.2-2
Debian:11grpc1.30.2-4, 1.30.2-4, 1.30.2-4

…and 23 more

Timeline

  • Oct 10, 2023 CVE Published
  • Apr 28, 2026 CVE Updated
Open in Interactive Console →
$ Console Community · 100/wk Open console ›